StepSisters Privacy Policy
Version 1.0.0 — Effective 4/15/2026
StepSisters Privacy Policy
Effective date: 2026-04-15
1. Data We Collect
We collect: account identifiers (name, email, phone), authentication data (hashed passwords, 2FA secrets), financial data (payout details, tax forms, earnings), content you upload, verification data (Stripe Identity), device and usage telemetry, and support correspondence.
2. How We Use Data
We process data to: operate and secure the Service; process payouts and calculate taxes; comply with law (KYC, AML, 2257 record-keeping); detect fraud and abuse; provide analytics and improve features.
3. Legal Bases (GDPR)
Contract performance, legal obligation, legitimate interest, and — where required — your explicit consent.
4. Sharing
We share data with processors that help us run the Service: Stripe (payments, identity), Cloudflare R2 (storage), Upstash (queues), Resend (email), Sentry (error tracking), and PostHog (product analytics). We do not sell personal data.
5. International Transfers
Data may be processed in the United States. We rely on Standard Contractual Clauses for transfers from the EEA/UK.
6. Your Rights
Depending on your jurisdiction you may have the right to access, rectify, export, restrict, or delete your data, and to object to processing. EU/UK users can request an export or deletion from Settings. California residents may opt out of analytics and marketing via the "Do Not Sell" control.
7. Retention
Account data is retained while your account is active. On hard deletion, financial records (earnings, payouts, invoices, tax forms) and 2257 records are retained for 7 years to satisfy tax, AML, and federal record-keeping obligations.
8. Security
We employ encryption in transit and at rest, hashed passwords (bcrypt), 2FA, JWT session management, and least-privilege access controls. No system is completely secure — report suspected vulnerabilities to [email protected].
9. Children
The Service is not directed to children under 18, and we do not knowingly collect data from anyone under 18.
10. Contact
Questions? Email [email protected] or our EU representative at [email protected].