Privacy Policy

1. Introduction

At Steeptown ("we," "our," or "us"), we're committed to protecting your privacy. This policy explains how we handle information when you use our platform control plane at steeptown.com (the "Service"). We collect only what we need to manage identity, billing, and access control across the Steepworks platform.

2. Information We Collect

We collect two main types of information:

Personal Information

• Name and email address provided during registration.
• Organization details for team accounts.
• OAuth credentials when signing in via third-party providers.

Usage Information

• Session data and authentication logs.
• Billing and subscription information.
• Domain configuration and verification records.
• Device details, IP address, and browsing metadata for security.

Payment details are handled by Stripe. We do not store full card numbers.

3. How We Use Your Information

We process data to operate the control plane:

• Authenticate users and manage sessions across platform apps.
• Process billing, subscriptions, and entitlements.
• Verify custom domain ownership.
• Issue JWT tokens for downstream services.
• Send account updates and security notifications.
• Maintain platform security and prevent misuse.

We do not use your data for advertising or unrelated profiling.

4. Data Sharing and Disclosure

We never sell or rent your personal information. We may share data with:

• Stripe for payment processing under their privacy policy.
• Resend for transactional email delivery.
• Platform apps you authorize via OAuth, receiving only the data you consent to share.
• Legal authorities when required to comply with laws or protect user safety.

5. Data Security

We use industry-standard safeguards:

• Encryption for data in transit (HTTPS/TLS) and at rest.
• Secure password hashing with bcrypt.
• Short-lived JWT tokens (1 hour expiry).
• httpOnly, secure cookies for sessions.
• Rate limiting on authentication endpoints.

No system is completely secure. Please notify us immediately if you suspect unauthorized activity.

6. Your Rights and Choices

You remain in control of your data:

• Access or export your information via account settings.
• Update or correct account details at any time.
• Delete your account and associated data.
• Revoke OAuth app authorizations.
• Opt out of non-essential emails.

EU/UK (GDPR) and California (CCPA) residents may have additional rights. Contact us to exercise these.

7. Data Retention

We retain information only as long as necessary:

• Active accounts remain until deleted.
• Billing records retained as required by tax law.
• Security logs retained for up to 90 days.

8. International Data Transfers

If you access the Service from outside the United States, your data may be transferred to U.S. servers. We implement appropriate safeguards to ensure your information receives equivalent protection.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised version with a new "Last Updated" date and notify you via email for significant changes.

10. Contact Us

Reach out with privacy questions:

• Email: support@steeptown.com
• Website: steeptown.com