← Back to product

Privacy policy

Auf deutsch ansehen


Last updated: 01.05.2026



1. Data Controller


This Privacy Policy applies to the social media platform Stepflow, operated by:


Stepflow GmbH
Toelzer Str. 1
82031 Gruenwald
Germany


E-Mail: privacy@stpflw.com


2. Personal Data Processed


Depending on your use, Stepflow processes:

  • Registration data: email address, password
  • Profile information: name, username, profile picture, bio, contact options
  • Published content: texts, photos, videos, audio, comments, likes
  • Usage data: interactions, community memberships, search behavior
  • Device and log data: IP address, device identifier, browser type
  • Location data (if provided via user permission or device functions)
  • Advertising data: clicks, impressions, interactions with ads
  • Communication data: support emails, reports, contact requests



3. Purposes of Processing


Data is used for:

  • Providing and managing platform functions
  • Personalizing content and advertising
  • Security, fraud detection, and spam prevention
  • Improving user experience and analyzing usage behavior
  • Recommendation and usage-based content sorting
  • Training and optimizing AI models for moderation and suggestions
  • Communication with users (e.g. support, updates, notifications)



4. Legal Basis for Processing


Personal data is processed based on GDPR:

  • Art. 6(1)(b) GDPR (contract performance – platform usage)
  • Art. 6(1)(f) GDPR (legitimate interest, e.g. security, stability, abuse prevention)
  • Art. 6(1)(a) GDPR (consent, especially for advertising, tracking, personalized content, and profiling where required)
  • Art. 6(1)(c) GDPR (legal obligations)


If consent has been given, it may be withdrawn at any time with future effect. Consent also includes processing for personalized advertising and profiling.



5. Recipients and Third-Party Service Providers


To operate the platform, Stepflow uses trusted service providers, including:

  • Hosting and cloud providers (e.g. AWS, Google Cloud, Firebase, Cloudflare)
  • Analytics and security services
  • Payment providers for premium features
  • Advertising networks and partner platforms


Data processing agreements pursuant to Art. 28 GDPR exist with these providers.Data is shared strictly for specific purposes, especially for platform operation, analysis, security, and payment processing.



Cloudflare (CDN and Security Service)


For secure and performant delivery of the platform, we use Cloudflare. Cloudflare provides a content delivery network (CDN) and protection mechanisms against attacks. When accessing our platform, technical connection data, especially the IP address, is processed.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in security, stability, and performance of the platform).

Data processing is carried out in accordance with the General Data Protection Regulation (GDPR) and based on concluded data processing agreements.


More information: https://www.cloudflare.com/privacypolicy/



6. International Data Transfers


Stepflow primarily processes data within the EU/EEA. If personal data is transferred outside the EU/EEA, this only occurs if an adequate level of data protection is ensured. This is secured in particular through Standard Contractual Clauses provided by the European Commission or adequacy decisions of the EU Commission.



7. Data Retention


Data is deleted as soon as it is no longer required for the stated purposes or legal retention periods expire. Backups and security copies may remain for technical reasons.



8. User Rights


Users have the following rights under GDPR:

  • Access to stored data
  • Rectification of incorrect data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing (e.g. personalized advertising, profiling)
  • Withdrawal of consent with future effect


Stepflow offers a free, ad-supported version as well as an ad-free premium version (Stepflow+). In the free version, ads may be displayed. Personalized advertising is only processed based on consent; the platform can also be used with non-personalized advertising or via the ad-free premium version.

To exercise these rights, an email to privacy@stpflw.com is sufficient.

Users also have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR. Exercising these rights is free of charge.



9. Data Security


Stepflow uses technical and organizational measures to protect personal data (e.g. HTTPS, encryption, access controls, backups).



10. Protection of Minors


The platform may be used from the age of 13. For users under 16, parental consent is required where legally necessary. Stepflow does not process personal data of children without prior consent.



11. Artificial Intelligence, Moderation and Automated Processing


Stepflow uses AI-based systems for content moderation, fraud detection, and platform improvement and security. Usage data is processed to analyze content, evaluate it, and provide personalized recommendations.

This processing may include profiling within the meaning of GDPR but does not involve solely automated decisions under Art. 22 GDPR that produce legal effects or similarly significantly affect users.

Users may object to profiling and personalization at any time or withdraw consent with future effect.



12. Changes to this Privacy Policy


Stepflow may change this Privacy Policy to reflect new legal requirements or technical developments. Updated versions will be published on the platform/website.



13. Contact and Supervisory Authority


Data protection inquiries: privacy@stpflw.com

Users also have the right to lodge a complaint under Art. 77 GDPR with a supervisory authority.


Competent supervisory authority:


Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Germany

← Back to product

Privacy policy

Auf deutsch ansehen


Last updated: 01.05.2026



1. Data Controller


This Privacy Policy applies to the social media platform Stepflow, operated by:


Stepflow GmbH
Toelzer Str. 1
82031 Gruenwald
Germany


E-Mail: privacy@stpflw.com


2. Personal Data Processed


Depending on your use, Stepflow processes:

  • Registration data: email address, password
  • Profile information: name, username, profile picture, bio, contact options
  • Published content: texts, photos, videos, audio, comments, likes
  • Usage data: interactions, community memberships, search behavior
  • Device and log data: IP address, device identifier, browser type
  • Location data (if provided via user permission or device functions)
  • Advertising data: clicks, impressions, interactions with ads
  • Communication data: support emails, reports, contact requests



3. Purposes of Processing


Data is used for:

  • Providing and managing platform functions
  • Personalizing content and advertising
  • Security, fraud detection, and spam prevention
  • Improving user experience and analyzing usage behavior
  • Recommendation and usage-based content sorting
  • Training and optimizing AI models for moderation and suggestions
  • Communication with users (e.g. support, updates, notifications)



4. Legal Basis for Processing


Personal data is processed based on GDPR:

  • Art. 6(1)(b) GDPR (contract performance – platform usage)
  • Art. 6(1)(f) GDPR (legitimate interest, e.g. security, stability, abuse prevention)
  • Art. 6(1)(a) GDPR (consent, especially for advertising, tracking, personalized content, and profiling where required)
  • Art. 6(1)(c) GDPR (legal obligations)


If consent has been given, it may be withdrawn at any time with future effect. Consent also includes processing for personalized advertising and profiling.



5. Recipients and Third-Party Service Providers


To operate the platform, Stepflow uses trusted service providers, including:

  • Hosting and cloud providers (e.g. AWS, Google Cloud, Firebase, Cloudflare)
  • Analytics and security services
  • Payment providers for premium features
  • Advertising networks and partner platforms


Data processing agreements pursuant to Art. 28 GDPR exist with these providers.Data is shared strictly for specific purposes, especially for platform operation, analysis, security, and payment processing.



Cloudflare (CDN and Security Service)


For secure and performant delivery of the platform, we use Cloudflare. Cloudflare provides a content delivery network (CDN) and protection mechanisms against attacks. When accessing our platform, technical connection data, especially the IP address, is processed.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in security, stability, and performance of the platform).

Data processing is carried out in accordance with the General Data Protection Regulation (GDPR) and based on concluded data processing agreements.


More information: https://www.cloudflare.com/privacypolicy/



6. International Data Transfers


Stepflow primarily processes data within the EU/EEA. If personal data is transferred outside the EU/EEA, this only occurs if an adequate level of data protection is ensured. This is secured in particular through Standard Contractual Clauses provided by the European Commission or adequacy decisions of the EU Commission.



7. Data Retention


Data is deleted as soon as it is no longer required for the stated purposes or legal retention periods expire. Backups and security copies may remain for technical reasons.



8. User Rights


Users have the following rights under GDPR:

  • Access to stored data
  • Rectification of incorrect data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing (e.g. personalized advertising, profiling)
  • Withdrawal of consent with future effect


Stepflow offers a free, ad-supported version as well as an ad-free premium version (Stepflow+). In the free version, ads may be displayed. Personalized advertising is only processed based on consent; the platform can also be used with non-personalized advertising or via the ad-free premium version.

To exercise these rights, an email to privacy@stpflw.com is sufficient.

Users also have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR. Exercising these rights is free of charge.



9. Data Security


Stepflow uses technical and organizational measures to protect personal data (e.g. HTTPS, encryption, access controls, backups).



10. Protection of Minors


The platform may be used from the age of 13. For users under 16, parental consent is required where legally necessary. Stepflow does not process personal data of children without prior consent.



11. Artificial Intelligence, Moderation and Automated Processing


Stepflow uses AI-based systems for content moderation, fraud detection, and platform improvement and security. Usage data is processed to analyze content, evaluate it, and provide personalized recommendations.

This processing may include profiling within the meaning of GDPR but does not involve solely automated decisions under Art. 22 GDPR that produce legal effects or similarly significantly affect users.

Users may object to profiling and personalization at any time or withdraw consent with future effect.



12. Changes to this Privacy Policy


Stepflow may change this Privacy Policy to reflect new legal requirements or technical developments. Updated versions will be published on the platform/website.



13. Contact and Supervisory Authority


Data protection inquiries: privacy@stpflw.com

Users also have the right to lodge a complaint under Art. 77 GDPR with a supervisory authority.


Competent supervisory authority:


Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Germany

← Back to product

Privacy policy

Auf deutsch ansehen


Last updated: 01.05.2026



1. Data Controller


This Privacy Policy applies to the social media platform Stepflow, operated by:


Stepflow GmbH
Toelzer Str. 1
82031 Gruenwald
Germany


E-Mail: privacy@stpflw.com


2. Personal Data Processed


Depending on your use, Stepflow processes:

  • Registration data: email address, password
  • Profile information: name, username, profile picture, bio, contact options
  • Published content: texts, photos, videos, audio, comments, likes
  • Usage data: interactions, community memberships, search behavior
  • Device and log data: IP address, device identifier, browser type
  • Location data (if provided via user permission or device functions)
  • Advertising data: clicks, impressions, interactions with ads
  • Communication data: support emails, reports, contact requests



3. Purposes of Processing


Data is used for:

  • Providing and managing platform functions
  • Personalizing content and advertising
  • Security, fraud detection, and spam prevention
  • Improving user experience and analyzing usage behavior
  • Recommendation and usage-based content sorting
  • Training and optimizing AI models for moderation and suggestions
  • Communication with users (e.g. support, updates, notifications)



4. Legal Basis for Processing


Personal data is processed based on GDPR:

  • Art. 6(1)(b) GDPR (contract performance – platform usage)
  • Art. 6(1)(f) GDPR (legitimate interest, e.g. security, stability, abuse prevention)
  • Art. 6(1)(a) GDPR (consent, especially for advertising, tracking, personalized content, and profiling where required)
  • Art. 6(1)(c) GDPR (legal obligations)


If consent has been given, it may be withdrawn at any time with future effect. Consent also includes processing for personalized advertising and profiling.



5. Recipients and Third-Party Service Providers


To operate the platform, Stepflow uses trusted service providers, including:

  • Hosting and cloud providers (e.g. AWS, Google Cloud, Firebase, Cloudflare)
  • Analytics and security services
  • Payment providers for premium features
  • Advertising networks and partner platforms


Data processing agreements pursuant to Art. 28 GDPR exist with these providers.Data is shared strictly for specific purposes, especially for platform operation, analysis, security, and payment processing.



Cloudflare (CDN and Security Service)


For secure and performant delivery of the platform, we use Cloudflare. Cloudflare provides a content delivery network (CDN) and protection mechanisms against attacks. When accessing our platform, technical connection data, especially the IP address, is processed.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in security, stability, and performance of the platform).

Data processing is carried out in accordance with the General Data Protection Regulation (GDPR) and based on concluded data processing agreements.


More information: https://www.cloudflare.com/privacypolicy/



6. International Data Transfers


Stepflow primarily processes data within the EU/EEA. If personal data is transferred outside the EU/EEA, this only occurs if an adequate level of data protection is ensured. This is secured in particular through Standard Contractual Clauses provided by the European Commission or adequacy decisions of the EU Commission.



7. Data Retention


Data is deleted as soon as it is no longer required for the stated purposes or legal retention periods expire. Backups and security copies may remain for technical reasons.



8. User Rights


Users have the following rights under GDPR:

  • Access to stored data
  • Rectification of incorrect data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing (e.g. personalized advertising, profiling)
  • Withdrawal of consent with future effect


Stepflow offers a free, ad-supported version as well as an ad-free premium version (Stepflow+). In the free version, ads may be displayed. Personalized advertising is only processed based on consent; the platform can also be used with non-personalized advertising or via the ad-free premium version.

To exercise these rights, an email to privacy@stpflw.com is sufficient.

Users also have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR. Exercising these rights is free of charge.



9. Data Security


Stepflow uses technical and organizational measures to protect personal data (e.g. HTTPS, encryption, access controls, backups).



10. Protection of Minors


The platform may be used from the age of 13. For users under 16, parental consent is required where legally necessary. Stepflow does not process personal data of children without prior consent.



11. Artificial Intelligence, Moderation and Automated Processing


Stepflow uses AI-based systems for content moderation, fraud detection, and platform improvement and security. Usage data is processed to analyze content, evaluate it, and provide personalized recommendations.

This processing may include profiling within the meaning of GDPR but does not involve solely automated decisions under Art. 22 GDPR that produce legal effects or similarly significantly affect users.

Users may object to profiling and personalization at any time or withdraw consent with future effect.



12. Changes to this Privacy Policy


Stepflow may change this Privacy Policy to reflect new legal requirements or technical developments. Updated versions will be published on the platform/website.



13. Contact and Supervisory Authority


Data protection inquiries: privacy@stpflw.com

Users also have the right to lodge a complaint under Art. 77 GDPR with a supervisory authority.


Competent supervisory authority:


Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Germany