Privacy

Privacy Policy

Last updated: May 2026 · Applies to: stepwize.fr web platform

1. Data Controller

The data controller for personal data collected through this platform is:

For privacy-related requests, users may contact: contact@stepwize.fr

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (first and last)
• Password (stored in hashed form only)
• Organization/company name (if applicable)
• Role within the platform

2.2 Content and Media

When you use the Platform, we process:

• Video recordings created via the platform
• Workflow steps, guides, and associated metadata
• Comments, annotations, and collaborative content

2.3 Communication Data

We may collect data from your interactions with us:

• Support requests and correspondence
• Contact form submissions
• Assessment/diagnostic form responses

2.4 Technical and Usage Data

We automatically collect certain technical information:

• IP address
• Browser type and version
• Device information
• Pages visited and features used
• Session duration and timestamps

3. How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve the Platform;
• Account management: To create and manage your user account;
• Communication: To respond to your enquiries and send service-related notifications;
• Security: To detect, prevent, and address technical issues and unauthorized access;
• Legal compliance: To comply with applicable laws and regulations;
• Platform improvement: To analyze usage patterns and improve our services (on an aggregated, anonymized basis where possible).

4. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing necessary for the provision of our services;
• Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement;
• Legal obligation (Art. 6(1)(c)): Compliance with applicable legal requirements;
• Consent (Art. 6(1)(a)): Where applicable, for optional communications or analytics.

5. Cookies and Tracking

The Platform uses essential cookies required for its proper functioning (session management, authentication, security). These are strictly necessary and do not require consent.

No third-party analytics or advertising cookies are currently in use. If non-essential tracking is introduced in the future, users will be informed and appropriate consent mechanisms will be implemented.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with:

• Service providers: Technical infrastructure and hosting partners who process data on our behalf, under appropriate contractual safeguards;
• Legal authorities: When required by law, regulation, or legal process;
• Business transfers: In connection with a merger, acquisition, or asset sale, subject to continued data protection obligations.

Sub-processors

PONTIVA EURL uses the following third-party service providers to operate the Platform:

• Google Cloud Platform (GCP) — hosting and infrastructure;
• Google Cloud Storage (GCS) — media and file storage;
• Mailgun — transactional email delivery.

Each provider is bound by appropriate data processing agreements and operates in compliance with applicable data protection law.

7. Data Retention

Data is retained only for the duration necessary to provide the service and comply with legal obligations. Once an account is closed or data is no longer required, it is deleted or anonymized in a reasonable timeframe.

• Account data: Retained for the duration of your account, and for a reasonable period thereafter for legal and administrative purposes;
• Content: Retained as long as your account is active or as required by your organization's administrator;
• Technical logs: Retained for a limited period for security and debugging purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, and regular security assessments.

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access: Obtain confirmation and a copy of your personal data;
• Right to rectification: Request correction of inaccurate or incomplete data;
• Right to erasure: Request deletion of your data under certain conditions;
• Right to restriction: Request limitation of processing in specific circumstances;
• Right to data portability: Receive your data in a structured, machine-readable format;
• Right to object: Object to processing based on legitimate interests;
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at: contact@stepwize.fr

10. International Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Platform is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For any questions regarding this Privacy Policy or to exercise your data rights, please contact: