Privacy Policy

Effective Date: January 6, 2025

Steppable Inc. ("Steppable," "we," "us," or "our") is the owner and operator of OneGoat (AI swag studio), where users can create custom products for purchase. This Privacy Policy describes how we collect, use, disclose, store, and protect the information we receive through our platform and related services (collectively, the "Services"). Our Services enable users to design and purchase custom products using AI-powered tools. By accessing or using our Services, you ("you," or "user") agree to the terms of this Privacy Policy.

1. SCOPE AND APPLICABILITY

1.1 Who This Policy Applies To

This Privacy Policy applies to information collected from:

  • Users who visit our website or use our Services;
  • Customers who create and purchase custom products;
  • Individuals who interact with our AI-powered design tools; and
  • Recipients of products ordered through our platform.

1.2 Regulatory Compliance

Steppable complies with all applicable privacy and security laws, including state consumer privacy laws where applicable. We are committed to protecting your personal information and maintaining transparency about our data practices.

2. INFORMATION WE COLLECT

2.1 Account Information

  • Contact details (e.g., name, email address, phone number) when you create an account or make a purchase;
  • Billing and payment details for product purchases, including shipping addresses.

2.2 Product and Design Information

  • Custom designs and images you create or upload;
  • Product preferences and customization choices;
  • Text prompts and interactions with our AI design tools;
  • Order history and product reviews.

2.3 Usage Information

  • How you interact with our Services, including pages visited and features used;
  • Session data related to the AI design tools and customization features.

2.4 Communication Information

  • Messages and feedback you send to our customer support;
  • Survey responses and product reviews.

2.5 Automatically Collected Information

When users interact with our Services, we may automatically collect:

  • Log data: IP address, device information, browser type, pages visited, and timestamps;
  • Cookies and similar technologies: For system administration, analytics, and security purposes.

3. HOW WE USE THE INFORMATION

3.1 Service Delivery

  • To process and fulfill your custom product orders;
  • To provide AI-powered design tools and features;
  • To manage your account and provide customer support;
  • To communicate with print fulfillment partners to produce and ship your orders.

3.2 Communication

  • To respond to inquiries, provide support, and send updates regarding our Services;
  • To notify you about important Service-related information (e.g., order updates, security notices, or policy changes).

3.3 Compliance and Legal Obligations

  • To comply with applicable laws, regulations, court orders, or government requests;
  • To protect our rights, property, and safety, and the rights, property, and safety of our users and others.

3.4 Service Improvement and Analytics

  • To analyze system performance, improve existing functionalities, and develop new features;
  • To maintain the security and integrity of our Services (e.g., by detecting and preventing fraudulent activities).

4. LEGAL BASES FOR PROCESSING (WHERE APPLICABLE)

If required by applicable law, we rely on certain legal bases to process personal information, including:

  • Consent: Where you have provided clear consent for processing;
  • Contractual necessity: Where processing is necessary to perform the agreement with the District;
  • Legal obligations: Where processing is required to comply with legal or regulatory obligations;
  • Legitimate interests: Where processing is necessary for our legitimate business interests (e.g., improving our Services), unless overridden by individual rights and interests.

5. HOW WE SHARE AND DISCLOSE INFORMATION

5.1 With Service Providers

We share information with trusted third-party service providers who assist us in operating our Services, including print fulfillment partners (such as Printful), payment processors, and shipping carriers.

5.2 With Third-Party Service Providers

We may engage trusted third-party vendors to help us operate our Services (e.g., cloud hosting, analytics, or payment processing). These vendors have access to personal information solely for the purpose of performing tasks on our behalf and are obligated to maintain the privacy and security of such information.

5.3 As Required by Law

We may disclose personal information where required to comply with a subpoena, court order, legal process, or government request; or to establish or exercise our legal rights; or to defend against legal claims.

5.4 Business Transactions

In the event of a merger, acquisition, bankruptcy, or other business transaction, personal information may be transferred as part of the transaction. In such cases, we will provide notice to the District and/or affected users as required by law.

5.5 De-Identified or Aggregated Data

We may create de-identified or aggregated data for research, analytics, or statistical purposes. Such data cannot reasonably be used to identify any individual and is not considered personal information under this Privacy Policy.

6. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, enforce our agreements, or as otherwise directed by the District. Upon request and in line with applicable laws, we will securely delete or de-identify personal information within reasonable timeframes.

7. DATA SECURITY

Steppable takes reasonable administrative, technical, and physical measures to protect the information we collect, including:

  • Encryption of data in transit (e.g., HTTPS) and at rest where appropriate;
  • Access controls restricting access to personal information to authorized personnel only;
  • Regular security assessments and vulnerability testing of our networks and systems;
  • Incident response protocols to address and mitigate any unauthorized access or data breach.

Despite these measures, no data transmission or storage system can be guaranteed to be 100% secure. If we become aware of a data breach, we will notify the affected District and take appropriate remedial action in accordance with applicable laws and regulations.

8. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have received information from a child under 13, please contact us at the information provided in Section 12 below so we can delete such information.

9. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have certain rights regarding your personal information, such as the right to:

  • Access or request a copy of your personal information;
  • Request correction of inaccurate personal information;
  • Request deletion of personal information, subject to certain exceptions.

To exercise these rights, please contact us using the information provided in Section 12. We will respond to your request in accordance with applicable law.

10. INTERNATIONAL DATA TRANSFERS

Our Services are primarily intended for use within the United States. If we transfer personal information outside of the country or region where it was originally collected, we will take steps to ensure appropriate safeguards are in place to protect the data, in accordance with applicable laws.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Services before the changes take effect. The "Effective Date" at the top of this Privacy Policy indicates when it was most recently revised.

12. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

  • Email: team@steppable.com
  • Address: 169 Madison Ave Suite 2504 New York NY 10016
  • Phone: (978) 254-1076

We value the trust you place in Steppable Inc. as the owner and operator of OneGoat. We are committed to protecting your information and maintaining robust privacy and security safeguards in accordance with applicable laws and industry best practices.