Legal

Privacy Policy

Effective Date: February 21, 2026  |  Last Updated: February 23, 2026

1. Introduction

This Privacy Policy describes how Goalin LLP (TOO "Goalin", Товарищество с ограниченной ответственностью "Goalin"), BIN 260240021438, registered in Astana, Republic of Kazakhstan (hereinafter "we", "us", or "Company"), collects, uses, stores, and protects personal data of users of the StepToGoal mobile application and website (hereinafter "Service").

By using the Service, you consent to the collection and use of your data as described in this Policy, in accordance with the Law of the Republic of Kazakhstan "On Personal Data and Their Protection" No. 94-V dated May 21, 2013.

2. Data We Collect

2.1 Account Data

• Email address — required for account creation and OTP (one-time password) authentication
• Name or nickname — optional, provided by the user
• Avatar image — optional, uploaded by the user
• OAuth identifiers — if you sign in via Google or Apple, we receive a unique identifier and email from the respective service

2.2 Goal and Task Data

• Goals, sub-goals, habits, and tasks you create
• Progress and completion data
• Mood logs and daily reflections
• Calendar and scheduling data
• Wish map items and categories

2.3 Voice Data

• Voice recordings you make when using the voice input feature
• Voice recordings are sent to OpenAI for transcription and are not stored permanently on our servers after processing

2.4 Usage Data

• App interaction data (screens visited, features used, tap events)
• Crash reports and error logs
• Session duration and frequency of use

2.5 Device Data

• Device type, model, and operating system version
• Timezone and language preference
• Push notification token (for sending notifications)
• IP address (for security and fraud prevention)

2.6 Payment Data

We do not collect or store your payment card details. All payments are processed through:

• Apple App Store (for iOS subscriptions)
• Google Play Store (for Android subscriptions)
• RevenueCat (subscription management platform)

We only receive confirmation of subscription status (active, expired, cancelled) and plan type.

3. How We Use Your Data

• Provide the Service — display your goals, tasks, and progress; send reminders and notifications
• AI-powered coaching — your goal data and chat messages are sent to OpenAI to generate personalized plans, advice, and suggestions
• Personalization — adapt the interface, notifications, and recommendations to your preferences and behavior
• Communication — send you important updates about the Service, security alerts, and support responses
• Analytics — understand how users interact with the Service to improve features and user experience
• Security — detect and prevent fraud, abuse, and unauthorized access

4. Data Storage and Security

We take reasonable measures to protect your personal data:

• All communications between the app and our servers use HTTPS encryption
• Authentication tokens are stored securely on your device using platform-specific secure storage (Keychain on iOS, Keystore on Android)
• Server-side data is stored in encrypted databases with access controls
• Regular security audits and monitoring are performed

Your data is retained as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.

5. Third-Party Services

We use the following third-party services to operate and improve the Service:

• OpenAI — AI processing for chat, goal generation, plan creation, and voice transcription. Data sent to OpenAI is subject to OpenAI's Privacy Policy
• RevenueCat — subscription management and payment verification
• Apple / Google — payment processing, push notifications, OAuth authentication
• Expo (Expo Application Services) — push notification delivery, app updates

Each third-party service processes data according to their own privacy policies. We only share the minimum data necessary for each service to function.

6. Your Rights

In accordance with the Law of the Republic of Kazakhstan "On Personal Data and Their Protection", you have the following rights:

• Right to access — request a copy of your personal data we hold
• Right to correction — request correction of inaccurate or incomplete data
• Right to deletion — request deletion of your account and all associated personal data
• Right to withdraw consent — withdraw your consent to data processing at any time (this may result in loss of access to the Service)
• Right to restrict processing — request limitation of processing of your personal data

To exercise any of these rights, contact us at support@steptogoal.io. We will respond within 15 business days.

7. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at support@steptogoal.io.

8. International Data Transfers

Your personal data may be processed on servers located outside the Republic of Kazakhstan for the purposes of providing the Service (including AI processing and cloud hosting). By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your data during international transfers.

9. Cookies and Tracking

The StepToGoal website may use essential cookies for functionality (such as remembering your language preference). We do not use tracking cookies or third-party advertising cookies. The mobile application does not use cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or via email. The "Last Updated" date at the top of this page indicates when the latest revision was made. Continued use of the Service after changes constitutes acceptance of the revised Policy.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Company: Goalin LLP (TOO "Goalin")
• BIN: 260240021438
• Address: Republic of Kazakhstan, Astana, Esil district, Dostyk street, house 13
• Email: support@steptogoal.io
• Phone: +7 775 177 45 99