Introduction
StepSavvy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App").
StepSavvy is a physical therapy and recovery companion app that uses AI-powered gait analysis, exercise tracking, and personalized recovery plans. Because our App handles health-related data, we take extra care to ensure your information is secure and handled responsibly.
By using StepSavvy, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the App.
Information We Collect
We collect the following categories of information to provide and improve the StepSavvy experience:
Account Information
When you create an account, we collect your email address and an encrypted password. We may also collect your name if you choose to provide it.
Health & Recovery Data
To personalize your recovery experience, we collect information about your surgery type, surgery date, recovery phase, and physical therapy progress. This includes exercise completion records, streaks, daily plans, and self-reported condition check-ins.
Photos & Videos
If you use our AI gait analysis feature, we access your device camera or photo library with your permission to capture or select images for analysis. These images are processed to generate movement insights and are stored securely in our cloud infrastructure.
Device & Technical Information
We automatically collect certain technical information including device model, operating system version, app version, and general usage patterns (such as which features you use and how often). This helps us improve app performance and fix issues.
Crash & Diagnostic Data
We use crash reporting services to collect error logs, stack traces, and diagnostic data when the App encounters problems. This data does not include your personal health information and is used solely to identify and fix bugs.
What we do NOT collect: We do not collect precise GPS location data, contacts, call logs, browsing history, or financial information. We do not sell your personal information to third parties.
How We Use Your Information
We use the information we collect for the following purposes:
- To provide, maintain, and improve the StepSavvy service
- To create and manage your account and authenticate your identity
- To generate personalized physical therapy exercise plans based on your surgery type and recovery phase
- To track your exercise progress, streaks, and achievements
- To provide AI-powered gait analysis from your submitted photos
- To send transactional emails such as welcome messages, password reset codes, and weekly recovery summaries
- To send exercise reminders and motivational notifications (with your permission)
- To diagnose technical problems and improve app stability using crash reports
- To analyze aggregate usage patterns and improve the App experience
- To comply with legal obligations and enforce our Terms of Service
We process your data based on your consent (provided when you create an account and use specific features), our legitimate interest in providing and improving the service, and where necessary to comply with legal requirements.
Data Storage & Security
Your data is stored securely using Supabase, a trusted cloud database and backend-as-a-service provider. We implement multiple layers of security to protect your information:
- Encryption in transit: All data transmitted between the App and our servers is encrypted using HTTPS/TLS protocols
- Encryption at rest: Your data is encrypted at rest on our database servers
- Row-Level Security (RLS): Database-level access controls ensure that each user can only access their own data
- Secure authentication: Passwords are hashed using industry-standard algorithms and are never stored in plain text
- Secure media storage: Photos and videos uploaded for gait analysis are stored in access-controlled cloud storage buckets
- Regular monitoring: We conduct ongoing security monitoring and apply updates to protect against emerging threats
While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.
Third-Party Services
StepSavvy uses the following third-party services to operate and improve the App. Each service has its own privacy policy governing the data it processes:
Supabase (Backend & Database)
We use Supabase for user authentication, database storage, file storage, and serverless functions. Supabase stores your account information, health data, exercise records, and uploaded media. Data is hosted in secure, SOC 2 compliant data centers.
Sentry (Crash Reporting)
We use Sentry to collect crash reports and diagnostic data when the App experiences errors. Sentry receives device information, error logs, and stack traces. It does not receive your health data, exercise records, or personal photos.
AI Analysis Services
Photos submitted for gait analysis may be processed by AI services to generate movement insights. These services receive only the image data necessary for analysis. We do not share your account details, health records, or other personal data with these AI services.
Resend (Email Delivery)
We use Resend to send transactional emails including welcome messages, password reset codes, and weekly recovery summaries. Resend receives your email address solely for the purpose of delivering these communications.
We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.
Data Retention
We retain your personal data for as long as your account is active and as needed to provide you with the StepSavvy service. Specifically:
- Account data: Retained while your account is active
- Health and exercise data: Retained while your account is active to support your ongoing recovery tracking
- Photos and analysis results: Retained while your account is active unless you delete them individually
- Crash and diagnostic data: Retained for up to 90 days for debugging purposes
If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain information for longer periods.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you
- Right to Correction: You can request that we correct any inaccurate or incomplete data
- Right to Deletion: You can request that we delete your personal data by deleting your account or contacting us directly
- Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
- Right to Withdraw Consent: You can withdraw your consent for data processing at any time by deleting your account
- Right to Restrict Processing: In certain circumstances, you can request that we limit how we process your data
- Right to Opt Out of Notifications: You can disable push notifications at any time through your device settings
- Right to Revoke Permissions: You can revoke camera, photo library, and notification permissions at any time through your device settings
To exercise any of these rights, please contact us at support@stepsavvy.app. We will respond to your request within 30 days.
California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
- Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism
To submit a CCPA request, contact us at support@stepsavvy.app. We may need to verify your identity before processing your request.
European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal Basis for Processing: We process your personal data based on: (a) your consent when you create an account and use our services, (b) the performance of our contract with you to provide the StepSavvy service, and (c) our legitimate interests in improving our service and ensuring security.
- Data Transfers: Your data is stored on servers in the United States via Supabase. We rely on standard contractual clauses and other appropriate safeguards for international data transfers.
- Additional Rights: In addition to the rights listed in Section 7, you have the right to: lodge a complaint with your local data protection authority, request restriction of processing, and object to processing based on legitimate interests.
- Data Protection Contact: For GDPR-related inquiries, contact us at support@stepsavvy.app.
Children's Privacy
StepSavvy is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@stepsavvy.app, and we will take steps to delete such information promptly.
If we become aware that we have inadvertently collected personal data from a child under 13 without verified parental consent, we will delete that information as quickly as possible.
HIPAA & Health Data Disclaimer
StepSavvy is not a HIPAA-covered entity. While we implement strong security measures to protect your health-related information, StepSavvy is a general wellness application and is not subject to the Health Insurance Portability and Accountability Act (HIPAA). Your health and recovery data is protected through encryption, row-level security policies, and strict access controls as described in our Data Storage & Security section. If you have concerns about how your health information is handled, please contact us at support@stepsavvy.app.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you through the App or via email for significant changes
- Provide a summary of what has changed when practical
We encourage you to review this Privacy Policy periodically. Your continued use of StepSavvy after any changes indicates your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
StepSavvy Support
support@stepsavvy.appWe aim to respond to all privacy-related inquiries within 30 days.