UpStep

Privacy Policy

Effective date: 7 February 2026

UpStep (“UpStep”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, how it is stored, and what rights you have as a user.

UpStep is operated by Elnur Jabarov, an individual entrepreneur registered in the Republic of Azerbaijan, and is available to users worldwide.

1. Core Principles

  • We never sell your data.

    • Not raw data
    • Not anonymized data
    • Not aggregated data
      Never.

  • We collect only the data required to operate and improve UpStep.

  • We clearly separate public and private data.

  • You retain full ownership of your private data.

2. Public vs. Private Data

2.1 Public Data

Public data includes information that is visible on the site without logging in, such as:

  • Steps content
  • Reasons
  • Challenges
  • Tags
  • Approved user suggestions
  • Anonymized and/or aggregated reports, including (but not limited to):
    • Counts
    • Averages
    • Trends

Suggestions & Moderation

  • All user suggestions (including Steps, Reasons, Challenges, and Tags) are subject to review before approval.
  • UpStep reserves the right to:
    • Edit, modify, or rephrase suggestions for clarity, consistency, formatting, or quality.
    • Partially use a suggestion or merge it with existing content.
    • Reject or delete suggestions at any time, including after submission or approval.
  • Submission of a suggestion does not guarantee publication or permanent availability.

Ownership

  • All public data is owned by UpStep.
  • This includes approved content and unapproved suggestions.

2.2 Private Data

Private data is accessible only after account creation and includes:

  • Your step notes
  • Your reason upvotes
  • Your challenges
  • Your progress data
  • Your bookmarks
  • Your ratings
  • Account-related authentication data

Ownership

  • You fully own your private data.

You may request deletion of your private data at any time by emailing:

support@upstep.me

3. Data Deletion & Retention

  • Upon receiving a valid deletion request, your private data is:
    • Deleted from the main database within 24 hours
  • Some data may temporarily remain in database backups
    • If such backups are ever restored, your data will be immediately deleted again

4. Accounts & Authentication

  • Account creation is required to access private features
  • Authentication is handled via Supabase Auth
  • Login method:
    • Email and password only
  • Authentication cookies are used strictly for login and session management

5. Cookies & Tracking

We use cookies for essential functionality and analytics.

5.1 Essential Cookies

  • Used by Supabase Auth
  • Required for:
    • Authentication
    • Session management
  • These cookies are necessary for the service to function

5.2 Analytics Cookies

We use Google Analytics to understand how users interact with UpStep.

  • Data is collected in aggregated form
  • Used only to improve usability and performance
  • No personal data is sold or shared

6. Third-Party Services

UpStep relies on the following trusted providers:

6.1 Google Analytics

Used for usage analytics.

Privacy Policy:
https://policies.google.com/privacy

6.2 Vercel

Used for application hosting and delivery.

Privacy Policy:
https://vercel.com/legal/privacy-policy

6.3 Supabase

Used for database storage and authentication.

  • Database region: us-west-2
  • Authentication via Supabase Auth

Privacy Policy:
https://supabase.com/privacy

7. Data Security

We take security seriously and apply industry best practices:

  • All data is encrypted in transit using SSL/TLS
  • Strong, unique passwords are used across all platforms
  • Access to infrastructure is strictly limited
  • No plaintext passwords are stored

8. Age Restrictions

  • UpStep is intended for users 13 years of age and older
  • We do not knowingly collect data from children under 13
  • We do not ask users to provide their age
  • All public content is moderated to be suitable for users aged 13+

9. International Users & GDPR

UpStep is available worldwide, including users in the EU.

Depending on your location, you may have rights including:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your private data
  • Restriction or objection to certain processing

Requests can be made via:

support@upstep.me

10. Changes to This Policy

This Privacy Policy may be updated from time to time.

When changes occur, we will notify users via:

  • A notice on the website
  • Email (when applicable)

The updated policy will always display the latest effective date.

11. Contact

For any privacy-related questions, requests, or concerns:

Email: support@upstep.me