Privacy Policy

Effective starting: September 2023

Stepsize Ltd (company number 10012522) is registered in England and Wales (“Stepsize”, “us”, “we”, or “our”) and operates,,, and any associated subdomains (the “Site”), the Layer desktop application (“Layer”), the VSCode Extension (the “Tech Debt Tracker“), the Slack app (the "Slack App"), the Better Git Blame Atom package (the “Editor Plugin”), and Stepsize AI, Collectively referred to as our “Products” or “Services”.

Your privacy is important to us and we are committed to communicating a transparent privacy policy outlining how we collect, store, use and share your personal data. This policy should help you understand:

This Privacy Policy covers the information we collect about you when you use any of our Products or otherwise interact with us.

This policy also explains how we respect your rights towards your personal data processed with us. Should you disagree with this policy, do not access or use our Products or interact with any other aspect of our business.

Where we provide the Services under contract with an organisation (for example your employer) that organisation manages the information processed by the Services.

Which personal data we collect, store and use

We collect, store and use your personal data when you directly provide it to us, when you insert it in our Products or when third parties provide it to us, as is further described below.

Personal data you provide to us

We collect information about you when you insert it in any of our Products.

Account information

When using our Products, we ask you for identification and authentication data such as username, email, full name and the name of your company.

Feedback and correspondence data

We collect the information you provide us within surveys, emails or in any other correspondence with us.

Marketing information

We collect the information about your preferences in terms of marketing correspondence or other engagement.

Personal data we collect automatically

We track your visits and other interactions with any of our Products, including browsing our website.

Your use of the Services

We keep track of certain information about you when you visit and interact with any of our Products. This information includes, for example, the use of different features, links that you click on or how you interact with others in the Product.

Log Data

Like many site operators, we collect information that your browser, Layer, and your code editor send whenever you use our Products ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Products that you visit, the time and date of your visit, the time spent on those pages and other statistics.


Cookies are files with small amount of data, which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive. Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use our Services. For more information, please read our Cookies Policy.

Personal data we receive from third parties

We gather information about you from tools and services that you or your company use already, such as GitHub, GitLab, Git, Jira or others, to deliver you our Services and enrich your experience over time.

Data from tools and services linked to your account

We receive information about you from services that you connect with your Stepsize account. For example, if you log in to Stepsize using your GitHub credentials, we receive your GitHub profile data (username, public email, name, public profile avatar, job search status, company, bio), which we use for identification and to respect your organisation’s access rights. For the same purpose, we also identify you further with other tools and services once you have signed up to Stepsize.

Also, when your organisation agrees to integrate tools such as Jira, GitHub, GitLab or others, we will receive full read access to your data in those tools and will further process it. This processing is essential for the usage of our Products.

Data you provide through our support channels

Our Products also include customer support, where you can resolve your questions and queries with the Stepsize customer service team. We want to be able to give you a helping hand when a problem arises and collect your feedback to improve your experience continuously. This data will usually include contact information, a summary of the problem you are experiencing, screenshots, etc.

On the same note, we use tools to record your activity on Stepsize such as Fullstory. This brings speed and convenience into resolving customer service queries and efficiency to resolve potential errors.

How we use your personal data

To provide the Services and improve your experience

We use your personal data to operate, maintain and improve our Services. Furthermore, we use it to communicate with you through the Products by service announcements, notifications, security alerts, etc. We also use it to research your needs and interests and to respond to your queries.

To communicate with you

If you request any information from us, we will use your personal data such as email address to respond to you. The same applies to customer support and surveys. We also use it to promote our Services and other marketing communications. You are in control of receiving marketing communications and can always opt-out in your account settings.

We use your personal data to comply with applicable laws, lawful request and legal process or where we believe it is necessary to protect our legal rights, interests and the interests of others such as compliance, audit, regulatory and disclosures in case of acquisition, sale or merger of the business.

For safety and security

We may use your personal data as we believe necessary or appropriate regarding safety and security of the Services or other users of the Services. This may include prevention and detection of fraudulent activity, unauthorised, illegal or harmful activity and enforcing our contractual agreement with your organisation.

We might use your personal data for further purposes after you give us consent to do so. For example, if you give us your consent, we might publish your feedback on our website with your name.

How we share your personal data

We only share your personal data with third parties that help us provide, operate or improve our Services, as outlined below.

Service providers

We entrust third party companies and individuals to process your personal data on our behalf to provide our Services. This is the case for customer service, database management services, email delivery, analytical insights, Stepsize internal communication services, etc.

Professional advisors

We may share your personal data with our professional advisors, such as lawyers, auditors, etc. as we find necessary and adequate for the service they provide us.

Compliance with law enforcement or protection of safety and security of our Products

We may share your personal data with a third party if we deem it necessary to:

  • Comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements
  • Enforce our agreements, policies, and the contractual agreement with your organisation
  • Protect our rights, privacy, safety or property and that of you or others
  • Protect, investigate and prevent fraudulent, harmful, unauthorized, unethical or illegal activity

Business Transfers

In case of a business deal, or potential business deal, we may sell, transfer, or otherwise share some or all Stepsize business or assets, together with your personal data. This includes a merger, consolidation, acquisition, reorganisation or sale of assets or in the event of bankruptcy, etc. In those cases, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Other Services users


Some features of the Services display some or all of your profile information and the content you have created. For example, whenever you add a line of code to your codebase, we will link your profile information to this code so your colleagues can easily find the author (you) of the code. This applies to tickets, comments, issues, etc.


All your personal data and the content that you create or are linked to is available to your organisation's administrators. These administrators can control some aspects of your account such as removing you from the organisation or restricting your permission level within the organisation.


When the organisation your account is associated with decides that some repositories or any part of your content should be publicly available (for example in case of open-source code), we will make your profile information and the related content visible to the public.

We may share your personal data with third parties when you give us consent to do so. For example, we may display your feedback on another website or in press. If you provide us with consent, we may link your name alongside it.

How we secure your personal data

The security of your personal data is crucial to us, but unfortunately no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means of protecting your personal data, we cannot guarantee its absolute security. You can learn about our general approach to security and safeguards we implement to protect your personal data in our Information Security PDF.

How long we keep your personal data

How long we retain your personal data depends on the type of the data and for which legitimate purpose it was initially collected. We will keep your personal data for as long as necessary to fulfil those purposes, including satisfying any legal, accounting, or reporting requirements.

After such time, we will either delete or anonymise your personal data or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your personal data and isolate it from any further use until deletion or anonymisation is possible.

Account details

We retain your account details until you request to delete your account. We delete your account details within 60 days of your deletion request.

We keep your other non-sensitive data to improve the experience of our users. However, we take steps to eliminate the information from directly identifying you or analysing personal characteristics about you, and we only use the information to uncover collective insights about the use of our Services.

Content and information you share on the Services

If your account is deactivated, disabled or deleted, some of your data and the content you have provided will remain to allow your coworkers or other users to make full use of the Services. For example, we continue to display comments you attached to the code.

Administered accounts

We may retain your personal data connected with your activity assigned to the organisation your account is associated with as long as the organisation requests it. For more information, please see Administrators above.


If you gave us consent to receive marketing communication from us, we are going to keep the details about your marketing preferences for a reasonable time.

How and when we transfer your data internationally

In case we transfer your personal data out of the EEA to countries not considered by the European Commission to provide an adequate level of personal information protection, we will secure the transfer with one of the following safeguards recognised by the European Commission as providing adequate protection for personal data:

  • Contractual agreements with third parties out of EEA are approved by the European Commission and impose data protection obligations on both sides of the transfer
  • When it comes to transfers to the US, we ensure the third party participates in the EU-US Privacy Shield Framework

For more details about your personal data being transferred outside the EEA, please contact us.

Sensitive personal data

We recommend that you do not send us or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Products or via other means.

When you provide us with sensitive personal data you consent to our processing and use of such data according to this privacy policy. If you do not wish to consent to that, you must not provide us with sensitive personal data.

Legitimate purposes for processing (for EEA users)

In case you are a citizen of the European Union, we collect and process your personal data only where we have legitimate purposes for doing so under applicable EU laws. We collect and use your personal data only if:

  • It is necessary for the usage of the Services, including operating the Services and the business, for safety and security of the Services or for providing customer support.
  • For fulfilment of a legitimate interest and only in the case where it does not override your data protection interests.
  • We have your consent to do so*
  • To comply with a legal obligation

Where we use your personal data because we or third party (e.g., your employer) have a legitimate purpose to do so, you can object to this use anytime. However, in some cases, this could mean that you will no longer be able to use the Services.

*In case you give us consent for processing your personal data for a specific purpose, you can withdraw your consent going forward at any time, but that will not affect any processing that has already taken place.


The Products are not intended for minors under the age of 13. Stepsize does not knowingly or specifically collect information about minors under the age of 13 and believes that children under the age of 16 should get their parents’ or legal guardians’ consent before providing any personal information. If you believe that we have mistakenly or unintentionally collected such data, please notify us at so that we may delete the data from our servers.

Generated Content

We may place in our Products, or link to, features that allow you to share your data online (e.g., message boards, communication platforms, email, in file uploads, through social media, etc.) Please keep in mind that whenever you voluntarily share your personal data online, it becomes public and can be collected and used by others. Stepsize has no control over and takes no responsibility for, the use, storage or spread of that publicly-disclosed data. By disclosing your personal data in public, you may be unsolicitedly contacted by other parties.

Your rights and choices

Access, transfer, update, correct or delete your personal data

You are entitled to receive your personal data in a machine-readable format from us if you wish. That enables you to easily transfer your data to another party, or you can ask us to send it directly to the third party of your choice. You can ask for your personal data through any of our support channels (email us at or contact us directly on our website). Similarly, you can ask for deletion of your personal data. However, this right is not an absolute right, and in some cases, we will not be able to delete your personal data immediately.

We care about having your personal data accurate and up to date. You can correct or update your data through any of the Products that you are using or contact us through any of our support channels.

You may withdraw your consent anytime by changing your account settings. This will not make any changes or restrictions to your usage of our Products.

If you wish to delete any feedback for which you gave us your consent to post on our webpage or elsewhere, please contact us.

If you wish to stop receiving our marketing emails, you can click on the “unsubscribe” link at the bottom of these emails, and we will end the email marketing correspondence. Nevertheless, you may still receive service-related and other non-marketing emails.

Restrict the processing of personal data

In general we need your personal data to provide you with our Services. In case you wish to restrict such processing or later ask to delete that data, you may not be able to use our Products anymore, and we may close your account.

Right to object

You can object at any time to our reliance on our legitimate purposes as the basis of our processing of your personal data that impacts your rights.

You can submit these requests by email to, through any of our support channels or our postal address provided above. We may ask you to provide us with specific information to verify your identity and process your request.

We may decline your request due to applicable law. If we do so, we will let you know the reason behind it.

You can submit a complaint about our response to your request or our use of your personal data anytime. If you wish to do so, please contact us at or submit a complaint to the data protection regulator in your jurisdiction. For the UK, that is the ICO.

Our Products may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. Stepsize has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third party sites or services.

Use for new purposes

Where permitted by law and where the reason is compatible with the purpose for which we collected it, we may use your personal data for purposes not described in this Privacy Policy. In case we want to use your personal data for an unrelated reason, we will notify about these changes and elaborate on the appropriate legal basis.

Changes to this Privacy Policy

Stepsize reserves the right to change this Privacy Policy any time. We encourage you to review this Privacy Policy from time to time to stay informed about our data practices and the ways we protect your privacy. However, you will be notified if any significant changes come in place regarding the processing of your personal data through your email or our Products.

If you disagree with any part of this Privacy Policy or its changes, you will need to stop using our Products and deactivate your account.

Contact us

If you have any questions, concerns, or complaints regarding the way we collect and handle your personal data, please contact us by email at Because email communications are not always secure, please do not include credit card information or other sensitive information in your emails to us.

Stepsize will take any privacy complaint seriously. Any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.