Effective starting: September 2023
Stepsize Ltd (company number 10012522) is registered in England and Wales (“Stepsize”, “us”, “we”, or “our”) and operates https://stepsize.com, https://stepsize.app, https://app.stepsize.com, https://collabgpt.stepsize.com and any associated subdomains (the “Site”), the Layer desktop application (“Layer”), the VSCode Extension https://marketplace.visualstudio.com/items?itemName=Stepsize.tech-debt-tracker (the “Tech Debt Tracker“), the Slack app (the "Slack App"), the Better Git Blame Atom package https://atom.io/packages/better-git-blame (the “Editor Plugin”), and Stepsize AI, Collectively referred to as our “Products” or “Services”.
This policy also explains how we respect your rights towards your personal data processed with us. Should you disagree with this policy, do not access or use our Products or interact with any other aspect of our business.
Where we provide the Services under contract with an organisation (for example your employer) that organisation manages the information processed by the Services.
We collect, store and use your personal data when you directly provide it to us, when you insert it in our Products or when third parties provide it to us, as is further described below.
We collect information about you when you insert it in any of our Products.
When using our Products, we ask you for identification and authentication data such as username, email, full name and the name of your company.
We collect the information you provide us within surveys, emails or in any other correspondence with us.
We collect the information about your preferences in terms of marketing correspondence or other engagement.
We track your visits and other interactions with any of our Products, including browsing our website.
We keep track of certain information about you when you visit and interact with any of our Products. This information includes, for example, the use of different features, links that you click on or how you interact with others in the Product.
Like many site operators, we collect information that your browser, Layer, and your code editor send whenever you use our Products ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Products that you visit, the time and date of your visit, the time spent on those pages and other statistics.
Cookies are files with small amount of data, which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive. Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use our Services. For more information, please read our Cookies Policy.
We gather information about you from tools and services that you or your company use already, such as GitHub, GitLab, Git, Jira or others, to deliver you our Services and enrich your experience over time.
We receive information about you from services that you connect with your Stepsize account. For example, if you log in to Stepsize using your GitHub credentials, we receive your GitHub profile data (username, public email, name, public profile avatar, job search status, company, bio), which we use for identification and to respect your organisation’s access rights. For the same purpose, we also identify you further with other tools and services once you have signed up to Stepsize.
Also, when your organisation agrees to integrate tools such as Jira, GitHub, GitLab or others, we will receive full read access to your data in those tools and will further process it. This processing is essential for the usage of our Products.
Our Products also include customer support, where you can resolve your questions and queries with the Stepsize customer service team. We want to be able to give you a helping hand when a problem arises and collect your feedback to improve your experience continuously. This data will usually include contact information, a summary of the problem you are experiencing, screenshots, etc.
On the same note, we use tools to record your activity on Stepsize such as Fullstory. This brings speed and convenience into resolving customer service queries and efficiency to resolve potential errors.
We use your personal data to operate, maintain and improve our Services. Furthermore, we use it to communicate with you through the Products by service announcements, notifications, security alerts, etc. We also use it to research your needs and interests and to respond to your queries.
If you request any information from us, we will use your personal data such as email address to respond to you. The same applies to customer support and surveys. We also use it to promote our Services and other marketing communications. You are in control of receiving marketing communications and can always opt-out in your account settings.
We use your personal data to comply with applicable laws, lawful request and legal process or where we believe it is necessary to protect our legal rights, interests and the interests of others such as compliance, audit, regulatory and disclosures in case of acquisition, sale or merger of the business.
We may use your personal data as we believe necessary or appropriate regarding safety and security of the Services or other users of the Services. This may include prevention and detection of fraudulent activity, unauthorised, illegal or harmful activity and enforcing our contractual agreement with your organisation.
We might use your personal data for further purposes after you give us consent to do so. For example, if you give us your consent, we might publish your feedback on our website with your name.
We only share your personal data with third parties that help us provide, operate or improve our Services, as outlined below.
We entrust third party companies and individuals to process your personal data on our behalf to provide our Services. This is the case for customer service, database management services, email delivery, analytical insights, Stepsize internal communication services, etc.
We may share your personal data with our professional advisors, such as lawyers, auditors, etc. as we find necessary and adequate for the service they provide us.
We may share your personal data with a third party if we deem it necessary to:
Some features of the Services display some or all of your profile information and the content you have created. For example, whenever you add a line of code to your codebase, we will link your profile information to this code so your colleagues can easily find the author (you) of the code. This applies to tickets, comments, issues, etc.
All your personal data and the content that you create or are linked to is available to your organisation's administrators. These administrators can control some aspects of your account such as removing you from the organisation or restricting your permission level within the organisation.
When the organisation your account is associated with decides that some repositories or any part of your content should be publicly available (for example in case of open-source code), we will make your profile information and the related content visible to the public.
We may share your personal data with third parties when you give us consent to do so. For example, we may display your feedback on another website or in press. If you provide us with consent, we may link your name alongside it.
The security of your personal data is crucial to us, but unfortunately no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means of protecting your personal data, we cannot guarantee its absolute security. You can learn about our general approach to security and safeguards we implement to protect your personal data in our Information Security PDF.
How long we retain your personal data depends on the type of the data and for which legitimate purpose it was initially collected. We will keep your personal data for as long as necessary to fulfil those purposes, including satisfying any legal, accounting, or reporting requirements.
After such time, we will either delete or anonymise your personal data or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your personal data and isolate it from any further use until deletion or anonymisation is possible.
We retain your account details until you request to delete your account. We delete your account details within 60 days of your deletion request.
We keep your other non-sensitive data to improve the experience of our users. However, we take steps to eliminate the information from directly identifying you or analysing personal characteristics about you, and we only use the information to uncover collective insights about the use of our Services.
If your account is deactivated, disabled or deleted, some of your data and the content you have provided will remain to allow your coworkers or other users to make full use of the Services. For example, we continue to display comments you attached to the code.
We may retain your personal data connected with your activity assigned to the organisation your account is associated with as long as the organisation requests it. For more information, please see Administrators above.
If you gave us consent to receive marketing communication from us, we are going to keep the details about your marketing preferences for a reasonable time.
In case we transfer your personal data out of the EEA to countries not considered by the European Commission to provide an adequate level of personal information protection, we will secure the transfer with one of the following safeguards recognised by the European Commission as providing adequate protection for personal data:
For more details about your personal data being transferred outside the EEA, please contact us.
We recommend that you do not send us or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Products or via other means.
In case you are a citizen of the European Union, we collect and process your personal data only where we have legitimate purposes for doing so under applicable EU laws. We collect and use your personal data only if:
Where we use your personal data because we or third party (e.g., your employer) have a legitimate purpose to do so, you can object to this use anytime. However, in some cases, this could mean that you will no longer be able to use the Services.
*In case you give us consent for processing your personal data for a specific purpose, you can withdraw your consent going forward at any time, but that will not affect any processing that has already taken place.
The Products are not intended for minors under the age of 13. Stepsize does not knowingly or specifically collect information about minors under the age of 13 and believes that children under the age of 16 should get their parents’ or legal guardians’ consent before providing any personal information. If you believe that we have mistakenly or unintentionally collected such data, please notify us at email@example.com so that we may delete the data from our servers.
We may place in our Products, or link to, features that allow you to share your data online (e.g., message boards, communication platforms, email, in file uploads, through social media, etc.) Please keep in mind that whenever you voluntarily share your personal data online, it becomes public and can be collected and used by others. Stepsize has no control over and takes no responsibility for, the use, storage or spread of that publicly-disclosed data. By disclosing your personal data in public, you may be unsolicitedly contacted by other parties.
You are entitled to receive your personal data in a machine-readable format from us if you wish. That enables you to easily transfer your data to another party, or you can ask us to send it directly to the third party of your choice. You can ask for your personal data through any of our support channels (email us at firstname.lastname@example.org or contact us directly on our website). Similarly, you can ask for deletion of your personal data. However, this right is not an absolute right, and in some cases, we will not be able to delete your personal data immediately.
We care about having your personal data accurate and up to date. You can correct or update your data through any of the Products that you are using or contact us through any of our support channels.
You may withdraw your consent anytime by changing your account settings. This will not make any changes or restrictions to your usage of our Products.
If you wish to delete any feedback for which you gave us your consent to post on our webpage or elsewhere, please contact us.
If you wish to stop receiving our marketing emails, you can click on the “unsubscribe” link at the bottom of these emails, and we will end the email marketing correspondence. Nevertheless, you may still receive service-related and other non-marketing emails.
In general we need your personal data to provide you with our Services. In case you wish to restrict such processing or later ask to delete that data, you may not be able to use our Products anymore, and we may close your account.
You can object at any time to our reliance on our legitimate purposes as the basis of our processing of your personal data that impacts your rights.
You can submit these requests by email to email@example.com, through any of our support channels or our postal address provided above. We may ask you to provide us with specific information to verify your identity and process your request.
We may decline your request due to applicable law. If we do so, we will let you know the reason behind it.
You can submit a complaint about our response to your request or our use of your personal data anytime. If you wish to do so, please contact us at firstname.lastname@example.org or submit a complaint to the data protection regulator in your jurisdiction. For the UK, that is the ICO.
If you have any questions, concerns, or complaints regarding the way we collect and handle your personal data, please contact us by email at email@example.com. Because email communications are not always secure, please do not include credit card information or other sensitive information in your emails to us.
Stepsize will take any privacy complaint seriously. Any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.