Privacy Policy
Last updated: June 4, 20261. Information We Collect
We collect the following types of information when you use 1STEP SOCIAL:
- Account Information
- Your email address and password when you register for an account.
- Billing Information
- Payment and billing details are collected directly by Paddle.com (our payment processor) and are not stored by us. We receive only a subscription status and plan identifier from Paddle.
- Usage Data
- Information about how you use the Service, including pages visited, features used, and actions taken within your account.
- Conversion & Attribution Data
- Server-side event data you send to the Service for attribution purposes. This data is owned by you and processed on your behalf.
- Communications
- Any messages you send us via email or our contact form, including support requests.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Send transactional emails (receipts, password resets, service notices)
- Respond to support and billing requests
- Monitor for abuse and enforce our Terms of Service
- Analyze aggregate usage patterns to improve the product
We do not sell your personal information to third parties, and we do not use your data for advertising purposes.
3. Data Sharing
We share your data only with the following third-party service providers, and only as necessary to operate the Service:
- Supabase
- Authentication and database infrastructure. Your account data is stored in Supabase-managed Postgres.
- Paddle
- Payment processing. Paddle collects billing data directly as Merchant of Record and is subject to its own privacy policy.
- Amazon Web Services (AWS)
- Cloud infrastructure for server-side event processing and data storage.
- Email providers
- Transactional email delivery for receipts, password resets, and service notices.
We do not share your data with advertisers, data brokers, or any other third parties.
4. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law or a legitimate business need (such as billing records required for tax purposes).
Conversion and attribution event data you have submitted may be retained for up to 24 months for analysis purposes, after which it is deleted or anonymized.
5. Cookies
We use a minimal number of cookies:
- Session cookie
- A single first-party cookie to keep you logged in. This cookie is strictly necessary and cannot be disabled without losing access to your account.
- No tracking cookies
- We do not use third-party advertising cookies, analytics cookies, or any persistent tracking technology beyond the session cookie above.
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your account and associated personal data
- Receive a copy of your data in a portable format
- Object to processing of your personal data
To exercise any of these rights, email us at info@onestepsocial.com. We will respond within 30 days.
7. Security
We take reasonable technical and organizational measures to protect your data, including encryption in transit (TLS) and encryption at rest for stored data. However, no system is perfectly secure.
In the event of a data breach that affects your personal information, we will notify you promptly by email and take appropriate steps to contain and remediate the incident.
8. Changes & Contact
We may update this Privacy Policy from time to time. We will notify you of material changes by email before they take effect. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
For privacy questions, requests, or concerns, contact us at info@onestepsocial.com.