Privacy Policy

Introduction

At Stepture ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension, web application, and related services (collectively, the "Services").

Information We Collect

Personal Information

• Google Account Information: When you sign in with Google OAuth, we collect your name, email address, Google ID, and profile image.
• Authentication Tokens: We store encrypted Google OAuth access and refresh tokens to maintain your authenticated session and access Google Drive services.
• Account Data: User preferences, settings, and account configuration information.

Content and Usage Data

• Screenshots and Images: Screenshots captured through our browser extension, including viewport coordinates, device pixel ratios, and display metadata.
• Step Documentation: Text descriptions, step sequences, document titles, and organizational metadata you create.
• Web Interaction Data: Information about elements you interact with on web pages, including click coordinates, element properties (tag names, IDs, classes), and page URLs.
• Browser Context: Viewport dimensions, device pixel ratio, screen resolution, and browser technical specifications necessary for accurate screenshot capture.

Technical Information

• Device Information: Browser type, operating system, device specifications, and extension version.
• Cookies and Local Storage: Authentication cookies, session tokens, and browser local storage for offline functionality.

Data Storage and Third-Party Services

Google Drive Integration

We integrate with Google Drive to store your screenshots and documentation. When you use our services:

• We create a dedicated folder named "Stepture - [Your Name]" in your Google Drive
• All captured screenshots are uploaded to this folder with public read permissions for sharing functionality
• We store Google Drive file IDs and public URLs in our database for content management
• Deleted content is automatically removed from both our systems and your Google Drive

Database Storage

We use PostgreSQL databases hosted on secure cloud infrastructure to store:

• User account information and preferences
• Document metadata, step descriptions, and organizational structures
• Screenshot metadata including URLs, coordinates, and technical specifications
• Encrypted authentication tokens and session data

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission is encrypted using HTTPS/TLS protocols
• Token Security: Authentication tokens are encrypted using advanced cryptographic methods
• Access Controls: Strict access controls and authentication requirements for all service components
• Secure Infrastructure: Cloud-hosted infrastructure with regular security updates and monitoring
• Data Isolation: User data is properly isolated and accessible only to authorized systems

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

• With Your Consent: When you explicitly share documents or grant access to specific users
• Service Providers: With trusted third-party service providers (Google Drive, cloud infrastructure) necessary for service operation
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with advance notice

Your Rights and Choices

• Access and Portability: You can access, download, and export all your data through our service interface
• Correction: You can update, edit, or correct your personal information and content at any time
• Deletion: You can delete individual documents, screenshots, or your entire account and associated data
• Data Control: You maintain full control over your Google Drive folder and can revoke access permissions
• Communication Preferences: You can opt out of non-essential communications while maintaining service notifications

Browser Extension Privacy

Our browser extension operates with specific privacy considerations:

• Selective Operation: The extension only captures data when explicitly activated by you
• Local Storage: Captured data is temporarily stored locally before secure upload to our servers
• Permission-Based: All web page interactions require your explicit consent and activation
• Content Script Isolation: Our content scripts operate in isolation and do not interfere with page functionality
• No Passive Monitoring: We do not monitor or collect data from web pages unless actively recording

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for a reasonable period after deactivation
• Content: Documents and screenshots are retained until you delete them or close your account
• Authentication Tokens: Regularly refreshed and expired tokens are securely deleted

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: