PRIVACY NOTICE

Last updated: October 15th, 2024

This privacy notice (“Privacy Notice”) for Stepful, Inc. ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or disclose ("process") your information when you use our services ("Services"), such as when you:

  • Engage with us in other related ways, including any sales, marketing, or events.

As used herein, “you” and “your” mean a user of our Services.

If an organization with which you are associated (an “Organization”) signs up to use our Services, we may receive information about you in connection with our provision of such Services to your Organization. To the extent we process that information solely in order to provide such Services to your Organization, we will act as a processor on behalf of your Organization in respect of that information, which means: we will handle that information solely at the direction of your Organization; your Organization’s privacy policy (and not this Privacy Notice) will apply to the processing of that information; and your Organization (and not us) is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your information for any other lawful business purpose of ours, this Privacy Notice will apply to the processing of such information.

Questions or concerns? Reading this Privacy Notice will help you understand our privacy practices. If you have any questions or concerns, please contact us at privacy@stepful.com.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

5. HOW LONG DO WE KEEP YOUR INFORMATION?

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

7. DO WE COLLECT INFORMATION FROM MINORS?

8. WHAT ARE YOUR PRIVACY CHOICES?

9. CONTROLS FOR DO-NOT-TRACK SIGNALS

10. DO WE MAKE UPDATES TO THIS NOTICE?

11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • names
  • phone numbers/mobile information
  • email addresses
  • mailing addresses
  • job titles
  • previous work experience
  • resume
  • driver's license 
  • social security number (last four digits)
  • education information such as high school or GED diploma
  • usernames
  • contact preferences
  • contact or authentication data
  • billing addresses
  • debit/credit card numbers
  • whether you are legally authorized to work in the U.S.
  • military affiliation or status
  • English proficiency
  • state of residence
  • current income level
  • whether your employer or another entity will cover your tuition payments
  • experience in the healthcare field
  • preferred method of communication
  • how you heard about us

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We may collect general location data (based on your IP address or time zone).

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of Services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and the Services, changes to our terms and policies, and other similar information.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders or payments made through the Services.
  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes. We and may – by email unless you “opt out” (to the extent permitted by applicable law) and/or by text/SMS message if you “opt in” – subsequently send you electronic newsletters, contact you about the Services, products, services, information, and news that may be of interest to you. You can opt out of our marketing communications at any time. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below.
  • To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.
  • To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
  • To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
  • To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your personal information in the following situations:

  • Employers. As part of the job placement process and upon your enrollment in a Stepful program, we may share your information, including your resume, email, and contact information with potential employers who partner with us to find candidates matching your qualifications. If we disclose your information to a potential employer, such information will be subject to the terms of the potential employer’s privacy policy and your information may be further disclosed in accordance with the terms of their privacy policy.
  • Third Parties Generally. We may provide information to third parties, including where such information is combined with similar information of other users of the Services. For example, we might inform third parties regarding the number of unique users who use the Services, the demographic breakdown of our users of the Services, or the products and/or services purchased using the Services and the vendors of such products and services. In addition to the above, when users use our Service, third parties (including without limitation third-party advertisers analytics service providers and commercial partners) may directly collect information about our users’ online activities over time and across different websites. The third parties to which we may provide or who may independently directly collect information may include potential or actual advertisers, providers of advertising products or services (including vendors, analytics services providers, and website tracking services), merchants, affiliates and other actual or potential commercial partners, and other similar parties. Please note in particular that the Services use Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use our partners' sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.

  • Outside Contractors. We may share your data with third-party vendors, service providers, consultants, contractors, or agents (“Outside Contractors”) to provide specific services and products related to the Services, such as hosting and maintaining the Services, and developing applications for the Services. Our Outside Contractors include our text/SMS service provider, DialPad. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Services, including your information. We use reasonable efforts to ensure that these Outside Contractors are capable of protecting the security of your information. 

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any general corporate reorganization, merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include any person or entity which directly or indirectly controls, is controlled by or is under common control with Stepful, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.
  • Laws and Legal Rights. We may disclose your information if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating a contract with us, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of our users, the Services, or the general public.
  • Business Partners. We may disclose your information to our business partners to offer you certain products, services, or promotions.
  • Professional Advisors. We may provide your information to professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
  • Public Areas. When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services (collectively, “public areas”), such personal information may be viewed by all users and may be publicly made available outside the Services. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile. These public areas are open to the public and should not be considered private. We cannot prevent information included within a public area from being used in a manner inconsistent with this Privacy Notice, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings. Any information you share in a public area is by design open to the public and is not private. You should think carefully before posting any information in any public area. What you post can be seen, disclosed to, or collected by others and may be used by others in ways we cannot regulate or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google, Yahoo, and Bing. If you mistakenly post information in a public area, you can send us an e-mail to request that we remove it by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?". You should understand that in some cases, we may not be able to remove your information. If you wish to keep any information private or proprietary, do not submit it to the public areas of the Services. NOTWITHSTANDING THE FOREGOING, WE HAVE NO RESPONSIBILITY OR LIABILITY IF A USER’S INFORMATION OR IDENTITY IS MISUSED OR STOLEN, OR IF A USER SUFFERS HARM AS A RESULT OF VOLUNTARY DISCLOSURES.

Please note that to the extent we use your mobile information to send you text/SMS messages, we will not sell or share your mobile information with third parties for those third parties’ marketing/promotional purposes.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may collect information passively using “cookies” and “action tags.”

“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your web browser and the activities of your computer on the Services and other websites. Cookies can be used to personalize your experience on the Services (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Services (such as saving time by not having to reenter your name each time you use the Services), to allow us to statistically monitor how you are using the Services to help us improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content.

In addition to cookies that we may place on your computer or mobile device, cookies might also be placed on your computer or mobile device by third parties that we use to display or serve advertisements or to collect information in order to provide advertising-related Services. In the course of serving advertisements, such third-party advertisers could place or recognize unique cookies on your browser.

For the avoidance of doubt, the Services use third-party service platforms (including to help analyze how users use the Services). These third-party service platforms may place cookies on your computer or mobile device. If you would like to disable "third party" cookies, you may be able to turn them off by going to the third party's website.

Here are links to the main third-party platforms we use:

https://www.google.com/policies/privacy/

https://legal.hubspot.com/cookie-policy

https://privacy.microsoft.com/en-us/privacystatement

https://www.facebook.com/privacy/policies/cookies/

https://www.rudderstack.com/cookie-policy/

"Action tags," also known as web beacons or gif tags, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of the Services, including advertisements, or e-mail sent on our behalf, may contain action tags.

By using cookies and action tags together, we can gain valuable information to improve the Services and measure the effectiveness of our advertising and marketing campaigns. We may also combine information collected from cookies with information that you may provide, such as information provided in a form that you complete. Information collected from some cookies placed on the website is used to deliver advertisements to you when you are visiting other websites, such as TikTok, Facebook, and LinkedIn.

Finally, you should be aware that advertisers and other third parties may use their own cookies or action tags when you click on their advertisement or a link to their websites or services on or from the Services. This Privacy Notice does not govern the use of cookies or action tags or the use of your information by such third-party websites or Services or providers of third-party advertising.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). 

When we have no ongoing legitimate business, legal, or other need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented commercially reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@stepful.com.

8. WHAT ARE YOUR PRIVACY CHOICES?

We generally use your information as described in this Privacy Notice, as authorized by you, or as otherwise disclosed at the time we request such information from you. You generally must "opt in" and give us permission to use your information for any other purpose. You may also change your preference and "opt out" of receiving certain marketing communications from us by following the directions provided in association with the communication or such other directions we may provide or by contacting privacy@stepful.com.

If you want to review, verify, correct, or request erasure of your information, object to the processing of your information, or request that we transfer a copy of your information to another party, please contact privacy@stepful.com.

Such updates, corrections, changes, and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Notice prior to such update, correction, change, or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, your information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you may have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor when applicable law allows, will it affect the processing of your personal information where otherwise permitted by applicable law.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying “STOP” or “UNSUBSCRIBE” to the text/SMS messages that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you Services-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information: If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. 

Note that information collected from cookies and other similar technologies (which may include device identifiers) may be used to send you online advertising for the Services. In particular, information collected from cookies (including cookies placed by third-party vendors, such as Google and its partners) and other similar technologies (which may include device identifiers) may be used to deliver advertisements to visitors to our website when such visitors are visiting other websites, including Facebook, LinkedIn, and YouTube. These third-party vendors may use cookies and/or device identifiers to serve ads based on your past visits to our website. You may opt out of a third-party vendor’s use of cookies and/or device identifiers for personalized advertising by visiting https://thenai.org/opt-out/.

Links to other websites: Our Services may provide you with access to other websites and services. This may include providing you with the ability to post updates on social media sites such as LinkedIn, YouTube, TikTok, Facebook, and Twitter/X. Please be aware that we are not responsible for the privacy practices of any websites or services other than the Services. A link to a third-party website does not constitute or imply endorsement by us. Additionally, we cannot guarantee the quality or accuracy of information presented on those websites. We encourage you to read the privacy policies or statements of each and every such website and service. This Privacy Notice applies solely to information collected by us or on our behalf, including through the Services. 

If you have questions or comments about your privacy rights, you may email us at privacy@stepful.com.

9. CONTROLS FOR DO-NOT-TRACK SIGNALS

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We take no action in response to such DNT browser signals. 

10. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this Privacy Notice, you may email us at privacy@stepful.com or by post to:

Stepful, Inc.

148 Lafayette Street, 4th Floor

New York, NY 10013 United States

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by sending an email to privacy@stepful.com.