Back to StepDoc

Privacy Policy

Last updated: October 12, 2025

Privacy-First by Design

Your Data Stays Yours

StepDoc processes everything locally on your device. We don't collect, store, or access your workflow data, screenshots, or documentation content. This policy explains our minimal data practices for authentication and payments only.

Summary

  • We collect no personal data and upload nothing.
  • All processing stays on your device.
  • We only read a mystepdoc.com authentication cookie to show your name/plan.
  • No ads, analytics, or third‑party sharing.
  • Not directed to children under 13.

Third-Party Services We Use

Authentication & Database

User accounts & subscription management

What we store: Email, encrypted password, subscription status

Location: Data stored in secure cloud infrastructure

Purpose: Enable login, manage subscriptions, sync account across devices

Privacy: Supabase Privacy Policy

💳 Stripe (Payment Processing)

Secure payment handling

What they handle: Credit card processing, billing, invoices

What we receive: Payment status and subscription details only

Security: PCI DSS compliant, your card details never reach our servers

Privacy: Stripe Privacy Policy

Chrome Extension

Scope: This section applies to the StepDoc Chrome extension.

  • Local processing: Screenshots, steps, and edits are processed locally in your browser and never sent to our servers unless you explicitly export/share to mystepdoc.com.
  • No background capture: The extension only operates when you use it.
Permissions we request (match manifest)
  • activeTab, tabs: Needed to capture the current tab and detect navigation during step recording.
  • storage: Save your settings and drafts locally.
  • contextMenus: Offer quick actions in right‑click menus.
  • scripting: Inject UI/styles needed for capturing steps you trigger.
  • sidePanel: Show the StepDoc panel.
  • cookies: Read your mystepdoc.com auth cookie to display your name/plan.
  • Host access: Limited to mystepdoc.com domains only.

Cookies

We use a first‑party session cookie on mystepdoc.com to keep you signed in.

Cookie details
  • Name/pattern: sb‑*-auth‑token (Supabase session cookie set by mystepdoc.com)
  • Domain: mystepdoc.com and subdomains
  • Purpose: Keep you signed in on our site; the extension only reads it locally to show your name/plan.
  • Control: Clear the cookie by signing out on mystepdoc.com.

Data Sharing and Sale

We do not sell data or share it with advertisers.

More details
  • We do not sell data.
  • We do not share data with advertisers.
  • Service providers (if any) process only website data needed to run mystepdoc.com — not extension data.

Retention and Deletion

  • Extension data: Settings and drafts stay locally until you delete them or uninstall the extension.
  • Account data: On mystepdoc.com follows the website policy; you can request deletion via support.

Children’s Privacy

Not directed to children under 13; do not use if under 13.

Security

  • All communication with mystepdoc.com uses HTTPS.
  • Access to your local data is limited to the extension’s required scope.

Your Privacy Rights

🔍 Access Your Data

Request a copy of all personal information we have about you

✏️ Update Information

Modify your account details anytime through your dashboard

🗑️ Delete Your Account

Permanently remove your account and all associated data

📧 Opt-out Communications

Unsubscribe from promotional emails (account-related emails still required)

📋 Data Portability

Export your account data in a machine-readable format

🛑 Object to Processing

Limit how we use your information for marketing purposes

To exercise any of these rights, contact us at privacy@mystepdoc.com

International Users & Legal Compliance

🇺🇸 US-Based Service

StepDoc is operated from the United States. By using our service, you consent to your data being processed in the US.

🇪🇺 GDPR Compliance (EU Users)

  • Legal basis: Legitimate interest for service provision, consent for marketing
  • Data retention: Account data retained while account is active + 30 days after deletion
  • Your rights: All GDPR rights listed above apply to EU residents
  • Complaints: Contact your local data protection authority if needed

🏖️ CCPA Rights (California Users)

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We don't sell personal information, so no opt-out needed
  • Non-discrimination: We won't discriminate against you for exercising your rights

Data Security & Retention

🛡️ How We Protect Your Data

  • Encryption: All data encrypted in transit and at rest
  • Access controls: Strict limits on who can access your information
  • Regular audits: Security practices reviewed and updated regularly
  • Local data: Controlled entirely by you - clear browser data to remove

Changes to This Policy

We may update this privacy policy from time to time. When we do, we'll:

  • Update the "Last modified" date at the top of this page
  • Notify you via email for significant changes
  • Post a notice on our website for 30 days

Continued use of StepDoc after changes constitutes acceptance of the updated policy.

Contact Us

🔒 Privacy Questions

privacy@mystepdoc.com

🆘 General Support

support@mystepdoc.com

💼 Business Address

StepDoc
United States

We typically respond to privacy requests within 6 business days.