Last Updated: September 12, 2022
1. Information We Collect and How We Collect it
When you access our Site or use the Services, we collect and store certain information about you, including “personal information.” Personal information is information that, alone or in combination with other information in our possession, could be used to personally identify you. We collect the following categories of personal information and other information as described below.
A. Information you provide
Information You Provide Directly. We may collect or receive the following categories of personal information when you access the Site, request to receive information about Steep or its Services, create an account, verify your identity, use any of the Services, or otherwise communicate with us, including through customer support channels.
- Identification Information, such as: Name, email address
Other Information You Voluntarily Choose to Provide. We may collect information, including personal information, that you voluntarily provide to us when you:
- participate in surveys, contests, sweepstakes, or promotions
- register for, attend, or participate in conferences, webinars, or events
- provide us feedback or comment on our blogs or social media pages
- submit information to us so that we can assess potential business opportunities
- apply for a job position with us
B. Information collected automatically
We automatically collect certain information when you access the Site or use the Services.
- Communication Information, such as:
- audio, electronic, or visual information, which includes screen sharing views
- any data in any files uploaded, emailed or otherwise provided by customers
- the contents of your communications with us, whether via email, social media, telephone or otherwise and inferences we may make from other Personal Information we collect
We collect this information for the uses stated in this policy or to provide accommodations under applicable law including the Americans with Disabilities Act.
- Electronic & Online Identifiers (IDs), such as:
- If on a mobile device: mobile carrier, device IDs, and mobile advertising IDs
- If using a browser: operating system, browser type, and Internet Protocol (IP) address
- Geolocation Information, such as:
- Approximate location derived from IP address (if using a browser)
- Precise location (based on the GPS coordinates of your device) only if you have opted into a product feature that includes it (such as a geo-fenced or geo-location time tracking service).
- Internet Activity Information, such as:
- Your “log-in” and “log-out” information
- The pages that you visit before, after, and while using our Services
- Pages you visit, links you click, and the content you view on the Site
- Single Sign-On Information (SSO) that allows us to verify your authorized access to the Services from another service you use and with which we partner, such as your email.
- We collect information using Tracking Technologies, such as:
- Cookies, which are small text files that websites send to your computer or mobile device. This includes session cookies (which are deleted once you close your browser) and persistent cookies (which remain on your computer or device until you delete them or they expire)
- Pixel tags (also known as web beacons), which are pieces of code embedded in our Services that collect information about engagement on our Site or emails. To make it easier, we call cookies and pixel tags/web beacons “Tracking Technologies”
- We use the third-party analytics tools, including:
- We use Tracking Technologies for the following purposes:
- when it is operationally necessary for us to provide you access to our Site or Services. This also includes tracking behavior in order to protect against irregular, fraudulent, or possibly illegal behavior on our Site or Services
- to assess the performance of how you and others use our Site and Services (for more information, read the Analytics section below)
- to enhance the functionality of our Site or Services. This includes identifying you when you sign into our Services and keeping track of your preferences, interests, or past items viewed
- to target our advertising to you using Tracking Technologies that we or our third-party partners place on our Site or other websites
C. Information collected from third parties
2. How We Use Your Information
We use information that we collect about you for the following purposes:
- To develop and provide you with the Site and Services, including to:
- operate the Site, manage accounts and provide the Services
- determine your eligibility for our Services and our partners’ programs
- improve, personalize, and enable your use of the Site and Services
- develop new products and features
- To protect Steep, our users, and the public, and comply with applicable law, regulation, or legal process, including to:
- validate user information for fraud and risk detection purposes
- resolve disputes and protect the rights of users and third parties
- respond to claims and legal process (such as subpoenas and court orders)
- monitor and enforce compliance with the applicable Terms of Service
- prevent or stop any activity that may be illegal, unethical, or legally actionable
- To operate our business, including to:
- process payment transactions
- manage and enforce contracts with you or with third parties
- manage our corporate governance, compliance and auditing practices
- recruit new hires, if you submit an application for employment with Steep
- generate anonymized or aggregated data
- To communicate with you as part of your use of Services, including to:
- respond to requests or questions you submit to our support staff
- send you surveys and get your feedback about the Services
- otherwise contact you with Services-related notices
- To advertise and market to you, including to:
- determine your eligibility for certain programs, events, and offers
- inform you of our or our partners’ products, services, features or promotions
- provide you with newsletters, articles, reports, and announcements
- develop “interest-based” or “personalized advertising,” including through cross-device tracking
- For any other purpose for which you, your employer, or your employer’s agent expressly authorize us to use your information.
3. When and with Whom We Share Your Information
We will only share your information with the categories of third parties listed below for the purposes described above in the “Use of Your Information” section, unless otherwise noted at the point of collection.
- Service Providers that have signed an agreement with us that limits how they use your information and promises to keep your information confidential. Examples include:
- banks, financial institutions, and credit bureaus
- companies or organizations that provide services such as website hosting (ex: AWS), customer management (ex: Salesforce) and customer service
- Advertising Partners that deliver advertisements about us to you, including Advertising Partners that utilize Tracking Technologies in order to deliver advertisements that are personalized to you when you visit their websites (“interest-based advertising” or “personalized advertising”)
- Other parties under the circumstances described below:
- for legal reasons, including:
- with companies that verify your identity for us and detect fraud
- with legal and financial advisors, auditors, examiners, and certain (including potential) investors
- with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets
- to comply with applicable law, regulation, or legal process, including to:
- comply with law enforcement or national security requests
- comply with legal process, such as a court order or subpoena (including in a country other than your home country)
- protect your, our, or others’ rights, property, or safety
- enforce our policies or contracts and collect amounts owed to us
- assist with an investigation or prosecution of suspected or actual illegal activity
- to further public policy goals, including:
- publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior
- sharing data containing aggregated and/or non-personally identifiable customer information with non-profit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information
- for any other purpose and to any other person with whom you, your employer, or your employer’s agent expressly authorize us to share your information
- for legal reasons, including:
4. Your Privacy Choices and Rights
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
- Email and Text Messages. You can opt out of our promotional emails by using the unsubscribe link located at the bottom of our promotional emails, contacting us as described below. You can opt out of text messages from us by replying “STOP” or contacting us as described below. If you decide to opt-out, we may still send you non-promotional communications such as your payday emails and messages about your account.
- Mobile Notifications. We may send you push notifications through our mobile app. You can opt out from receiving push notifications by changing the settings on your mobile device.
- “Do Not Track.” Do Not Track (“DNT”) is a privacy setting you can set on some web browsers that signals to websites like ours that you don’t want your online activities to be tracked. At this time, we do not respond to DNT signals sent to us by your web browser.
- Cookies and Interest-Based Advertising. You may stop us from sending Tracking Technologies to your browser by changing the settings on your browser. However, if you block all Tracking Technologies, our Services may not work properly. Please note you must separately opt out in each browser and on each device. You can learn how to manage your cookies on these popular browsers by clicking on the links below.
- Google Chrome. For more information, visit Google Chrome
- Internet Explorer. For more information, visit Internet Explorer
- Mozilla Firefox. For more information, visit Mozilla Firefox
- Safari – Desktop. For more information, visit Safari (Desktop)
- Safari – Mobile. For more information, visit Safari (Mobile)
- Android – Browser. For more information, visit Android Browser
You may stop us from personalizing our advertisements to you on some mobile applications by following the instructions for Android, iOS, and others. You may also opt out of receiving targeted ads from advertising partners that participate in self-regulatory programs, such as the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Your Privacy Rights. In accordance with applicable law, you may have the following rights. To exercise these rights, please contact us as set forth below.
- Access personal information about you, including confirming whether we are processing your personal information and obtaining access to your personal information
- Request correction of your personal information where it is inaccurate or incomplete
- Request deletion of your personal information
- Request restriction of or object to our processing of your personal information
- Withdraw your consent to our processing of your personal information.
5. Important Information
We employ administrative, physical and technical measures designed to protect your information from unauthorized access and to comply with applicable privacy laws in the states and countries in which we operate. Your personal information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your personal information. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
International Data Transfers
All information processed by us or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be accessible to the courts, law enforcement, and national security authorities of the United States. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your personal information is transferred to a country other than your home country, we will take measures to protect your personal information with appropriate contract clauses. To obtain more information about Steep’s policies and practices with respect to service providers outside your country, please contact us as set forth below.
Links to Other Sites
Our Policy Toward Children
The Service is not directed to children under 13. However, if a child under the age of 13 is a dependent on a benefits plan covered by the Benefits Service, we may collect information about the child (solely as needed to provide the Benefits Service) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators.
Notice to California Consumers
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA specifies that natural persons who are California residents have the right to know what categories of personal information Steep has collected about them and whether Steep has disclosed or sold that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.
For purposes of the CCPA, Steep does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Categories of personal information we may collect about you:
- Identifiers (ex: name, email address, mailing address, phone number, signature);
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, financial information, medical information, or health insurance information)
- Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, sexual orientation, veteran or military status, genetic information (including familial genetic information);
- Commercial information (ex: sales engagement history)
- Biometric information (ex: photographs of office visitors for identification badges);
- Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history)
- Geolocation data (ex: the location from which you’re logging in)
- Employment-related information (ex: employment history, employer name)
- Education information (ex: education history).
Categories of third parties who we may share that information:
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive discriminatory treatment from Steep for exercising the privacy rights granted by the CCPA.
Verifiable Consumer Requests
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against Steep’s records. To designate an authorized agent, please contact us as set forth below.
Notice to Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.
Lafayette, CO 94403