Features Support Open App

Privacy Policy

Last updated: March 29, 2026

01 Introduction

MicroSteps ("we", "us", "our") operates the MicroSteps mobile application and the website located at microsteps.io (collectively, the "Service"). We are committed to protecting your privacy and ensuring that your personal information is handled responsibly.

This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using MicroSteps, you agree to the collection and use of information in accordance with this policy.

02 Information We Collect

Account Data

  • Your name and email address, provided during registration
  • A securely hashed version of your password (we never store plain-text passwords)
  • Authentication tokens and session identifiers

Goal and Habit Data

  • Goals you create, including category, subcategory, and timeline
  • AI-generated tasks and your completion status
  • Progress metrics, milestones, and streak data
  • Form responses used to personalize your experience (e.g., fitness level, availability)

Usage Data

  • App interactions such as feature usage, screens visited, and timestamps
  • Session duration and frequency of use
  • Error logs and crash reports to improve stability

Device Information

  • Device type, model, and operating system version
  • App version and build number
  • Timezone and locale settings

03 How We Use AI

MicroSteps uses artificial intelligence to generate personalized tasks, recommendations, and progress insights tailored to your goals. Here is how that works:

  • Your goal data is processed by AI (powered by OpenAI) to generate personalized daily and weekly tasks
  • AI processing is performed server-side through Google Cloud Functions -- your data never leaves our secure infrastructure before reaching the AI provider
  • We only send relevant goal context to the AI (such as your goal type, timeline, and progress). We never send your full profile, email address, or account credentials
  • AI-generated content is returned to you in real time and is not stored or retained by our AI provider beyond the duration of the request

We regularly review our AI data practices to ensure minimal data exposure. The AI sees only what it needs to generate your tasks -- nothing more.

04 Data Storage & Security

We take the security of your data seriously and employ industry-standard measures to protect it:

  • All data is stored on Google Cloud (Firebase) infrastructure, which is SOC 2 and ISO 27001 certified
  • Data in transit is encrypted using TLS 1.3 (bank-level encryption)
  • Data at rest is encrypted using AES-256 encryption
  • Authentication is handled by Firebase Authentication with secure token management
  • We never store plain-text passwords. All passwords are cryptographically hashed before storage
  • Access to production data is restricted to authorized personnel only and is logged for audit purposes

05 Email Communications

We use Resend as our email service provider to send transactional emails. These include:

  • Welcome emails upon account creation
  • Email verification messages
  • Password reset instructions
  • Account deletion confirmations

We do not send marketing or promotional emails without your explicit consent. You will never receive unsolicited marketing communications from MicroSteps.

06 Analytics

We use Firebase Analytics to understand how users interact with the app. This helps us identify areas for improvement and prioritize new features.

  • Analytics data is aggregated and anonymized -- we do not track individual behavior patterns
  • We collect general usage statistics such as feature adoption, session counts, and retention metrics
  • Analytics data is used exclusively for improving the MicroSteps experience
  • You can opt out of analytics collection through the app settings

07 Data Sharing

We do NOT sell, trade, or rent your personal data to third parties. Period.

We share data only with the following service providers, strictly for the purpose of operating the Service:

  • Firebase (Google) -- data storage, authentication, analytics, and cloud functions
  • OpenAI -- AI-powered task generation (receives only goal context, no personal identifiers)
  • Resend -- transactional email delivery
  • RevenueCat -- subscription and in-app purchase management

Each of these third-party providers maintains their own privacy policy governing how they handle data. We encourage you to review their policies for complete transparency.

08 Your Rights

You have full control over your data. Here is what you can do:

  • Access -- View all your data directly within the MicroSteps app, including goals, tasks, progress history, and account information
  • Export -- Request a complete export of your data by contacting us at support@microsteps.io
  • Delete -- Permanently delete your account and all associated data at any time through the app settings. Deletion is immediate and irreversible
  • Opt Out -- Disable analytics collection through the app settings at any time

09 GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis -- We process your data based on (a) your consent, given when you create an account and use the Service, and (b) our legitimate interest in providing and improving the Service
  • Data Processing -- Your data is processed within Google Cloud infrastructure, which complies with EU data protection standards and maintains appropriate safeguards for international data transfers
  • Right to Erasure -- You may request complete deletion of your personal data at any time
  • Right to Portability -- You may request your data in a structured, machine-readable format
  • Right to Restriction -- You may request that we limit the processing of your personal data under certain circumstances
  • Right to Object -- You may object to the processing of your personal data for certain purposes

To exercise any of these rights, contact us at support@microsteps.io. We will respond to your request within 30 days.

10 CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

  • Right to Know -- You have the right to know what personal information we collect, use, and disclose about you
  • Right to Delete -- You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale -- We do not sell your personal information. We have never sold personal information and have no plans to do so
  • Non-Discrimination -- We will not discriminate against you for exercising any of your CCPA rights

11 Children's Privacy

MicroSteps is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will take immediate steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@microsteps.io so we can take appropriate action.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify users of significant changes through the app or via email
  • Provide a reasonable period for you to review the changes before they take effect

We encourage you to review this policy periodically to stay informed about how we protect your data.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 48 hours.