Privacy Policy | Still Step

1. Introduction

Hi! We're Still Step, and we want to be completely transparent about how we handle your data. We built this app because we understand anxiety firsthand, and we know how important privacy is when it comes to mental health.

Here's our philosophy: We collect only what we actually need to make the app work well for you. No hidden agendas, no selling your data, no sketchy business. Just an anxiety management app that respects your privacy.

This page explains exactly what information we collect, why we need it, and how we protect it. We've tried to make it as straightforward as possible—no confusing legal jargon.

2. What Information We Collect (And Why)

Let's be upfront about what data we collect and, more importantly, why we need it. Everything we collect has a specific purpose—nothing is collected "just because."

📝 What You Directly Share With Us

This is information you choose to give us when using the app:

Account Information (email, name, password)

Why we need it: To create your account, let you log in, and contact you if needed.

Your Journal Entries & Mood Tracking

Why we need it: This is your data to help you track your mental health journey. We store it so you can access it later. You can export or delete it anytime.

Panic Episodes & Anxiety Levels

Why we need it: To show you patterns and progress over time. This stays private and encrypted on our servers.

Community Posts & Messages

Why we need it: To enable you to connect with others who understand. You control what you share.

📍 Location Data (Only If You Enable It)

For exposure therapy tracking: If you're using Still Step to track journeys as part of managing agoraphobia, you can enable location tracking. This helps you see how far you've traveled and measure your progress.

✓ You must explicitly enable this—it's off by default

✓ You can turn it off anytime in your device settings

✓ Location data is only used for YOUR journey tracking, not shared or used for marketing

📊 Analytics & Technical Data

To improve the app and fix bugs, we collect some technical information:

Device Info (iPhone model, iOS version)

Why: To ensure the app works properly on your device and fix compatibility issues.

App Usage (which features you use, how long)

Why: To understand which tools are most helpful and improve the ones that aren't working well. This is aggregated and anonymous.

Crash Reports & Errors

Why: To fix bugs quickly. We never want the app to crash when you need it most.

Important: Analytics data is anonymized and aggregated. We can't identify you personally from this data. We use services like RevenueCat and standard iOS analytics to help us improve the app.

💳 Payment Information

If you subscribe to Still Step Pro, payment is handled by Apple through the App Store. We never see or store your credit card information—Apple handles all of that securely.

We only receive confirmation that you've subscribed (so we can activate Pro features) and when your subscription renews or cancels.

3. How We Actually Use This Information

Now that you know what we collect, here's exactly what we do with it:

🛠️ To Make the App Work

This is the obvious stuff—we need your account info to let you log in, your journal entries to display them back to you, your anxiety tracking to show you progress charts, etc.

Basically: if you put data into the app, we store it so you can access it later. That's it.

📈 To Improve Still Step

We look at anonymized, aggregated usage data to understand things like:

• "80% of users find breathing exercises helpful" → Let's make them easier to access
• "The app crashes on iPhone 12 with iOS 17.2" → Let's fix that bug ASAP
• "Nobody uses this feature" → Maybe we should remove it or improve it

We can't see "Paul's journal entry from Tuesday"—we can only see patterns across all users anonymously.

💬 To Communicate With You

We'll use your email to:

• Respond if you contact support
• Notify you about important app updates or security issues
• Send helpful content (only if you opt in)

Note: We won't spam you. Important updates only, and you can unsubscribe from optional emails anytime.

🔒 For Security & Safety

We monitor for suspicious activity to protect you and our community:

• Detecting and preventing spam in community forums
• Protecting against unauthorized account access
• Ensuring community guidelines are followed

⚠️ What We DON'T Do

❌ We don't read your journal entries (they're encrypted and private)
❌ We don't share your health data with advertisers
❌ We don't track you across other apps or websites
❌ We don't use your data to train AI models
❌ We don't show you ads based on your anxiety level

🔐 Extra Protection for Your Mental Health Data

We know how sensitive mental health information is. Here's exactly how we protect your most private data.

📖

Your Journal Entries

What happens to your journal entries:

✓
Encrypted StorageStored with industry-standard AES-256 encryption on our secure servers
✓
Private AccessOnly you can read them when logged into your account
✓
We Can't Read ThemOur team cannot access your journal entries—encrypted in storage
✓
You're In ControlExport or permanently delete them at any time

💯 OUR GUARANTEE:

We will NEVER share, sell, or provide access to your journal entries to any third party. Not to advertisers, not to researchers, not to anyone. Your words are yours alone.

😊

Mood Tracking Data

How we handle your mood logs:

✓
Secure StorageEncrypted and stored securely, linked only to your account
✓
For Your BenefitUsed only to show YOU your patterns and trends
✓
Anonymized Analytics OnlyWe look at anonymized, aggregated patterns (e.g., "Users report improved mood after using breathing exercises") but never your individual data
✓
Never SharedYour specific mood entries are never shared with anyone

📊 ANONYMIZED ANALYTICS EXAMPLE:

✓ What we CAN see:

"1,000 users tracked their mood this week, with an average improvement of 15%"

✗ What we CANNOT see:

"Paul rated his mood as 6/10 on Tuesday at 3pm"

🚨

Panic Episode Tracking

Your panic episode data protection:

✓
Fully EncryptedEncrypted and stored securely in your private account
✓
Completely PrivateIntensity, duration, triggers—all kept completely private
✓
For Your BenefitUsed only to help YOU identify patterns and track improvement
✓
Never SharedThis data is NEVER shared with insurance companies, employers, or anyone else

🔒 CRITICAL PROTECTION:

Your panic episode records contain some of your most vulnerable moments. We treat this data with the highest level of security and confidentiality. It stays between you and the app—period.

🛡️ Technical Details (For the Security-Minded)

Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit

Storage: Secure cloud infrastructure with restricted access

Access Controls: Only you can access your personal mental health data through secure authentication

Deletion: When you delete data, it's permanently removed from our systems (within 90 days including backups)

Backups: Encrypted backups are stored securely for disaster recovery only

Bottom line: Your journal entries, mood logs, and panic episodes are YOUR private information. We encrypt them, we protect them, and we NEVER share them. That's our promise to you.

4. How We Share Your Information

We respect your privacy and prioritize data protection. We may share your information only in the following limited circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Services:

Cloud hosting and storage providers
Payment processors (who handle billing securely)
Analytics and performance monitoring services
Customer support platforms
Email and notification services

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (subpoenas, court orders)
Government or regulatory requests
Investigations of potential violations of our Terms
Protection of rights, property, or safety of Still Step, our users, or others

4.3 Business Transfers

If Still Step is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually with researchers, partners, or the public to advance mental health research and awareness.

5. Data Security

We implement industry-standard security measures to protect your personal information:

End-to-end encryption for sensitive health data
Secure data transmission using SSL/TLS protocols
Regular security audits and vulnerability assessments
Access controls and authentication requirements
Secure cloud storage with reputable providers
Employee training on data protection best practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Important: Please use a strong, unique password and enable two-factor authentication if available. Do not share your login credentials with others.

6. Your Rights and Choices

You have certain rights regarding your personal information:

6.1 Access and Portability

You can access, review, and export your personal data through your account settings or by contacting us.

6.2 Correction and Update

You can update or correct your information at any time through your profile settings.

6.3 Deletion

You can request deletion of your account and personal data. Some information may be retained for legal or legitimate business purposes.

6.4 Opt-Out of Communications

You can opt out of marketing emails by clicking "unsubscribe" in any email or adjusting your notification preferences in the App.

6.5 Do Not Track

Some browsers have a "Do Not Track" feature. Currently, our Services do not respond to Do Not Track signals.

6.6 California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it, and the right to request deletion of your information.

7. Data Retention

We retain your personal information for as long as necessary to:

Provide our Services to you
Comply with legal obligations
Resolve disputes and enforce agreements
Support business operations and analytics

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it by law or for legitimate business purposes.

8. Children's Privacy

Our Services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13.

For users between 13 and 18 years old, we recommend parental guidance and supervision. If we discover that we have collected information from a child under 13 without proper parental consent, we will delete that information promptly.

If you believe we have collected information from a child under 13, please contact us immediately at support@stillstep.com.

9. International Data Transfers

Still Step is based in the United States. If you use our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries.

By using our Services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

We take appropriate safeguards to ensure your information receives adequate protection in accordance with applicable data protection laws.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, apps, or services that are not operated by Still Step. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing your information.

If you connect Still Step with third-party services (such as Apple Health or Google Fit), those connections are governed by the third party's privacy policy and your consent preferences.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify you through the App or via email
Provide a summary of significant changes
Obtain your consent if required by law

Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Still Step Privacy Team

Email: privacy@stillstep.com

Support: support@stillstep.com

We aim to respond to all privacy-related inquiries within 30 days.

13. Additional Information for European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your personal data based on:

Your consent
Performance of our contract with you
Compliance with legal obligations
Our legitimate business interests

13.2 Your GDPR Rights

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at privacy@stillstep.com.

By using Still Step, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein. Thank you for trusting us with your mental health journey.