Short version: We collect only what we need to run the Service and make it better. We don't sell your data. We don't share it with advertisers. We use it to calculate your Safe Monthly Spend and improve the product. You can request your data or ask us to delete it at any time.
1. What We Collect
Information you give us directly
- Account information: Your email address and any name or profile details you choose to provide when you sign up or create an account
- Financial data: Income figures, expense estimates, and other financial information you enter manually into the Service
- Payment information: If you purchase a founding membership, payment details are handled by our payment processor (Stripe). We receive a transaction confirmation and the last four digits of your card. We do not store full card numbers.
- Feedback and communications: Anything you send us through our feedback form, email, or other communications
Information we collect automatically
- Usage data: How you interact with the Service, which features you use, and how often
- Device and technical information: Browser type, operating system, IP address, and general location (city or region level)
- Cookies and similar technologies: See the Cookies section below for details
What we don't collect
We do not directly access your bank accounts or pull real-time financial data without your explicit action. If and when bank sync is offered, you will authorize that connection separately and can revoke it at any time.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Calculate your Safe Monthly Spend, runway, and allocation recommendations
- Process payments and send billing communications
- Send you updates about the product, new features, and your waitlist status (you can unsubscribe at any time)
- Respond to your support requests and feedback
- Understand how people use Steady so we can make it better
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
We will never use your financial data to make lending decisions, sell you products, or share it with advertisers.
3. Who We Share Your Information With
We do not sell your personal data. Period.
We share limited information only in the following circumstances:
Service providers
We use third-party vendors to help us run the Service. These include:
- Stripe for payment processing
- Email delivery services to send transactional emails and product updates
- Analytics tools to understand usage patterns (aggregated, not linked to individual financial data)
- Cloud hosting providers for storing data securely
Each of these providers is bound by their own privacy policies and, where required, data processing agreements with us. They may only use your data for the specific purposes we've authorized.
Legal requirements
We may disclose your information if required by law, court order, or legitimate legal process. We'll notify you when legally permitted to do so.
Business transfers
If Steady is ever acquired, merged, or goes through a significant asset transfer, user data may be transferred as part of that transaction. If that happens, we'll notify users and the new entity will be bound by this Privacy Policy or notify you of any material changes.
With your consent
We may share your information for other purposes if you explicitly consent to it.
4. Data Storage and Security
Your data is stored on secure servers in the United States. We implement reasonable technical and organizational safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction.
These include encrypted data transmission (HTTPS), access controls that limit who within our team can access user data, and regular review of our security practices.
No system is perfect. While we take security seriously, no method of transmission over the internet or electronic storage is 100% secure. If we ever experience a data breach that affects your information, we will notify you as required by applicable law.
Data retention
We keep your data for as long as you have an active account or as needed to provide the Service. If you delete your account, we'll remove your personal data within 30 days, except where we're required to retain it for legal or tax purposes.
5. Cookies and Tracking
We use cookies and similar tracking technologies to operate the Service and understand how people use it. Here's what that means in practice:
Essential cookies
These keep you logged in, remember your preferences, and make the Service work. You can't turn these off without also losing Service functionality.
Analytics cookies
These help us understand which features are used, how people navigate the Service, and where things might be confusing. We use this to improve the product. You can opt out of analytics tracking by contacting us or using browser privacy settings.
No advertising cookies
We do not use cookies to track you across the internet, build advertising profiles, or sell data to ad networks.
Most browsers let you control cookies through their settings. Disabling cookies may affect how the Service works.
6. Your Rights
You have the following rights with respect to your personal data:
- Access: You can request a copy of the personal data we hold about you
- Correction: You can ask us to correct inaccurate or incomplete data
- Deletion: You can ask us to delete your personal data. We'll do so within 30 days, except where retention is legally required.
- Portability: You can request your data in a portable format so you can take it elsewhere
- Unsubscribe: You can opt out of marketing emails at any time using the unsubscribe link in any email, or by contacting us directly. Note that transactional emails (like receipts and account notices) are not optional.
- Withdraw consent: Where we process your data based on consent, you can withdraw that consent at any time
To exercise any of these rights, email support@joinsteadyapp.com. We'll respond within 30 days.
7. Children
Steady is not intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with their data, please contact us and we'll delete it promptly.
8. California Residents (CCPA/CPRA)
If you're a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- The right to know what personal information we collect, use, disclose, and sell
- The right to delete your personal information
- The right to correct inaccurate personal information
- The right to opt out of the sale or sharing of personal information (we don't sell it, but this right applies regardless)
- The right to non-discrimination for exercising your privacy rights
- The right to limit use of sensitive personal information
To exercise these rights, contact us at support@joinsteadyapp.com. We will not discriminate against you for exercising any of these rights.
In the past 12 months, we have not sold or shared personal information with third parties for cross-context behavioral advertising.
9. International Users (GDPR)
If you're located in the European Economic Area, United Kingdom, or Switzerland, the following applies:
We process your personal data based on one or more of the following legal bases:
- Contract: Processing necessary to provide the Service to you
- Legitimate interests: Improving the Service and preventing fraud
- Consent: Marketing communications (you can withdraw at any time)
- Legal obligation: Where required by law
Data transfers to the United States are made pursuant to appropriate safeguards including Standard Contractual Clauses approved by the European Commission where required.
If you have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority.
10. Changes to This Policy
We may update this Privacy Policy as the Service evolves and as laws change. If we make material changes, we'll notify you by email and update the date at the top of this page. Your continued use of the Service after changes are posted means you accept the revised policy.