Privacy Policy

Introduction

This Privacy Policy outlines how StepOut collects, uses, stores, shares, and protects user information globally. We comply with applicable data protection laws, including but not limited to:

• General Data Protection Regulation (GDPR - EU)
• California Consumer Privacy Act (CCPA - USA)
• Personal Data Protection Act (PDPA - Singapore)
• Privacy Act 1988 (Australia)
• Personal Information Protection Law (PIPL - China)
• Data Protection Act 2018 (UK)
• Law No. 13.709 (LGPD - Brazil)
• Canada’s PIPEDA

In addition to the above, StepOut complies with other global and regional data protection laws.

2.1 Data Collection

We collect personal data including:

• Identification Data: Name, email, phone number, address
• Profile Data: Preferences, profile photos, responses to quizzes
• Communication Data: Chats, support tickets
• Transaction Data: Payment method (via gateway only), transaction IDs
• Location Data: IP-based location or device-based GPS (when enabled)
• Device and Log Data: Browser, OS, and session information

2.2 Legal Basis for Processing (GDPR Article 6)

• Your consent
• Contractual necessity
• Compliance with legal obligations
• Legitimate interests
• Protection of vital interests

2.3 Purpose of Processing

We process your data to:

• Manage your account and provide services
• Facilitate curated experiences
• Send necessary communications (booking, updates)
• Conduct analytics and service improvements
• Enforce terms and policies
• Comply with legal obligations

2.4 Use of Personal Data for Audience Matching and Analytics

We may share limited, hashed personal information (such as your email address or phone number) with third-party platforms like Meta (Facebook) and Google for the purpose of audience matching or lookalike audience creation, subject to your consent.

This helps us deliver relevant content and promotions to users with similar interests. These third parties are not authorized to use your information for any other purpose.

You may opt out of such audience matching activities at any time by emailing us at support@stepout.world or changing your preferences in your account settings.

2.5 Data Sharing and International Transfers

Your data may be shared with:

• Payment processors
• Cloud providers (e.g., AWS, Firebase)
• Analytics tools (e.g., Google Analytics, Mixpanel)
• Law enforcement (as required by applicable laws)

Transfers outside your jurisdiction will be done with appropriate safeguards, such as:

• Standard Contractual Clauses (SCC)
• Binding Corporate Rules (BCR)
• Adequacy Decisions (EU/UK)

2.6 Retention

We retain data only as long as necessary. You may request deletion, and we will comply unless retention is required by law.

2.7 User Rights (by Region)

We honor the following rights:

• Access
• Correction
• Deletion
• Data portability
• Opt-out of data sale (where applicable)
• Objection to processing
• Withdrawal of consent

Users may exercise these rights by contacting: support@stepout.world.

2.8 Consent Mechanisms

We use compliant consent models including:

• Clickwrap Agreements: Explicit checkboxes for Terms and Privacy
• Granular Opt-Ins: For marketing and profiling
• Cookie Consent Banners: With opt-in/opt-out as required per region
• Double Opt-in (Email): Where required

2.9 Children’s Privacy

The Services are not intended for individuals under 18. We do not knowingly collect personal data from minors.

3.0 Data Security

We employ TLS encryption, data access controls, tokenization, and other technical and organizational measures in line with ISO 27001 standards.

Cookie Policy

We use cookies and similar technologies to enhance user experience.

4.1 Types of Cookies

• Strictly Necessary Cookies
• Performance/Analytics Cookies
• Functionality Cookies
• Advertising and Tracking Cookies

4.2 User Choices

Cookie preferences are managed via:

• Consent banners
• Browser settings
• In-app cookie management panel

Do Not Sell or Share My Personal Information

We do not sell personal data in the traditional sense. However, certain types of data sharing may constitute “selling” or “sharing” under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

5.1 California Resident Rights

California residents have the right to:

• Know what data is collected
• Request deletion
• Opt-out of sale/sharing
• Correct inaccurate data
• Limit use of sensitive personal data

To exercise these rights, email us at support@stepout.world with the subject line “CCPA/CPRA Request”.

All policies are reviewed periodically to maintain compliance with evolving legal standards worldwide. Users will be notified of significant changes via email or app notifications.

For legal inquiries or privacy-related questions, please contact: support@stepout.world.