GDPR and privacy rights

Effective date: April 9, 2026

Who this page is for

This page explains rights that may apply to users in the European Economic Area, United Kingdom, Switzerland, and regions with similar privacy laws.

Your rights

• Access: ask for a copy of personal data linked to your account.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: delete your account in the app or ask for deletion support.
• Portability: ask for a copy of data in a structured format where legally required.
• Restriction: ask us to limit certain processing where legally required.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: withdraw consent for optional processing where consent is used.
• Complaint: contact a data protection authority if you believe your rights have been violated.

How to make a request

Email privacy@stephigh.io with the subject line "Privacy Rights Request". Include the email address connected to your StepHigh account and the right you want to exercise.

Verification

We may need to verify that you control the account before acting on a request. This protects learners and prevents unauthorized access or deletion.

Response time

We aim to respond within 30 days where GDPR applies, unless a longer period is allowed by law for complex requests.

Legal bases

StepHigh relies on contract performance to provide accounts and learning features, legitimate interests for security and service improvement, consent for optional choices where required, and legal obligation where records must be retained.