Privacy Policy
Effective date: April 9, 2026
1. Who we are
StepHigh is an education app and website that helps learners prepare for BECE, WASSCE, and related exam practice. In this policy, "StepHigh", "we", "our", and "us" refer to the StepHigh operator. Confirm the registered company name and business address before launch.
Contact: privacy@stephigh.io
2. What this policy covers
This policy covers the StepHigh mobile app, website, support channels, and related services. It explains what personal data we collect, why we collect it, how we use it, how long we keep it, and how users can request access, correction, or deletion.
3. Data we collect
| Data category | Examples | Purpose |
|---|---|---|
| Account data | First name, last name, display name, username, email, country, Firebase user ID | Create and manage the account, personalize the app, support sign-in and account recovery |
| Authentication data | Email/password authentication status, Google, Apple, or Facebook sign-in provider information | Authenticate users and protect accounts |
| Learning data | Subject, exam type, year, section, quiz attempts, score, correct/incorrect/skipped counts, time spent, completion date | Show quiz history, progress, analytics, streaks, and recent practice |
| Preference data | Theme, selected country, answer display setting, notification preferences | Remember user settings and control study experience |
| Support data | Name, email, messages, request details | Respond to user requests and privacy inquiries |
| Technical data | Device, app version, error logs, security logs, hosting logs where enabled | Maintain security, debug issues, prevent abuse, improve reliability |
4. How we collect data
We collect data when users create an account, sign in, complete quizzes, update their profile, change settings, request support, or interact with the website. We also receive limited authentication data from Google, Apple, or Facebook when a user chooses those sign-in methods.
5. Why we use data
We use data to provide the app, authenticate users, save learning progress, display analytics, remember preferences, send account-related messages, provide support, improve reliability, protect against abuse, and meet legal or app store obligations.
6. Legal bases where GDPR applies
Where GDPR or similar privacy laws apply, we rely on contract performance to provide the app, legitimate interests to secure and improve the service, consent where required for optional communications or non-essential cookies, and legal obligation where records must be kept by law.
7. Third-party service providers
StepHigh uses service providers to operate the app and website. These may include Firebase/Google Cloud for authentication, database, hosting, storage, app services, and security; Google, Apple, and Facebook for optional sign-in; Hostinger for website hosting; and app stores for distribution. These providers process data under their own terms and privacy policies.
8. We do not sell personal data
StepHigh does not sell personal data. If this changes, we will update this policy and provide legally required choices before making such changes.
9. Data retention
We keep account data while the account remains active. Quiz history and analytics are kept to provide progress tracking until the user clears history or deletes the account. Support records may be kept for a reasonable period to handle follow-up, security, and legal needs. When an account is deleted, StepHigh deletes the user profile and quiz history from the app database, subject to limited backups, security logs, or legal retention requirements.
10. Account deletion
Users can delete their StepHigh account in the app from Settings. Users can also request deletion help at stephigh.io/data-deletion. Deleting an account removes the StepHigh account profile and quiz history linked to that account. Some records may remain temporarily in backups or logs where required for security and operational integrity.
11. User rights
Depending on location, users may have rights to access, correct, delete, export, restrict, or object to use of personal data. Users can contact privacy@stephigh.io to make a request. See GDPR Rights for more detail.
12. Children and students
StepHigh is an education app and may be used by learners under the age of majority. We do not knowingly collect more personal data than needed to provide the app. Parents, guardians, or schools can contact us to request review, correction, or deletion of a learner's data. Before launch, confirm whether StepHigh is directed to children under 13, under 16, or general learners, because that affects COPPA, GDPR-K, and app store declarations.
13. Security
We use Firebase authentication, access controls, account reauthentication for deletion, and operational safeguards to protect personal data. No online service can guarantee absolute security.
14. International transfers
StepHigh and its providers may process data in countries other than the user's country. Where required, we use appropriate safeguards through our service providers and legal agreements.
15. Changes to this policy
We may update this policy when the app, website, providers, or legal requirements change. The effective date above will be updated when material changes are made.