Privacy Policy

1. Introduction

Small Steps Pro ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our AI coaching service.

2. Information We Collect

Account Information

• Email address: Required for account creation and service communications
• Password: Securely hashed and stored by Supabase
• Account timestamps: When you created and last used your account

Coaching Conversations

• Chat messages: All messages you send and receive during coaching sessions
• Conversation metadata: Timestamps, conversation titles, and progress tracking
• Usage patterns: How you interact with the coaching methodology

Payment Information

• Subscription status: Active, canceled, past due, or trialing
• Stripe Customer ID: Links your account to your payment method
• Usage tracking: Monthly session count for service management

Security Data

• Cloudflare Turnstile tokens: Used during signup to prevent automated abuse

3. How We Use Your Information

• Provide coaching services: Process your conversations with our AI coaching companion
• Personalize experience: Remember your patterns and progress for better coaching
• Process payments: Manage your £9/month subscription
• Account management: Authentication, security, and service communications
• Improve our service: Understand how users interact with the coaching methodology

4. Third-Party Services

Supabase (Database & Authentication)

We use Supabase to store your account and conversation data securely.

• Data is protected with Row Level Security (RLS) - you can only access your own data
• Authentication cookies are used for secure login sessions
• Data location depends on your Supabase region settings

Anthropic Claude (AI Processing)

We share your conversation data with Anthropic's Claude AI to provide coaching responses.

• Your messages are sent to Claude Sonnet 4 for processing
• Previous conversation context is included for better personalization
• Your email prefix may be used for friendly greetings

Stripe (Payment Processing)

Payment processing is handled by Stripe.

• Your email and user ID are shared for subscription management
• You can manage billing through Stripe's secure customer portal
• We receive subscription status updates via secure webhooks

Cloudflare Turnstile (Bot Protection)

During signup, we use Cloudflare Turnstile to verify you're human.

• This is a privacy-focused alternative to traditional CAPTCHAs
• Only verification tokens are processed, no personal data is shared

5. Data Security

• Encryption: All data is transmitted over HTTPS
• Database security: Row Level Security ensures users can only access their own data
• API protection: Server-side authentication and validation
• Regular security updates: We keep our systems up to date

6. Your Rights

• Access: You can view all your conversation data within the app
• Export: Download your conversations as Markdown files
• Delete: Remove individual conversations through the app interface
• Account closure: Contact us to delete your entire account and data
• Billing control: Manage your subscription through the Stripe customer portal

7. Data Retention

We retain your data as follows:

• Account data: Until you request account deletion
• Conversation data: Until you manually delete conversations or request account deletion
• Payment data: Retained by Stripe according to their data retention policies
• Security logs: May be retained for up to 90 days for security purposes

8. Cookies

We use minimal cookies necessary for service functionality:

• Authentication cookies: Managed by Supabase to keep you logged in securely
• Session cookies: Temporary cookies that expire when you close your browser

We do not use tracking cookies or third-party advertising cookies.

9. International Transfers

Your data may be processed in countries outside your residence. We work with service providers who maintain appropriate security standards and comply with applicable data protection laws.

10. Children's Privacy

Small Steps Pro is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes by updating the date at the top of this policy and, where appropriate, providing additional notice.

12. Contact Us

If you have questions about this privacy policy or your data, please contact us at: