FullStep

Privacy Policy

Last updated: June 6, 2026

This Privacy Policy explains how FullStep ("FullStep," "we," "us," or "our") collects, uses, and protects information about you when you use fullstep.ai and fullstep.polsia.app. We take your privacy seriously and keep data collection to what's actually necessary to run the service.

1. What We Collect

Account information. When you sign up or log in, we collect your email address. We use it to send magic-link login emails and service communications.

Video URLs you submit. When you paste a video link to generate a guide, we store that URL and the guide we generate from it. This is core to the service — saved guides require storing the source URL.

Generated guides. The full content of each guide you generate is stored and associated with your account.

Stripe customer ID. If you purchase a plan, Stripe provides us with a customer ID we store to manage your subscription status. We do not store your payment card number, CVV, or full card details — Stripe handles all payment processing.

IP address and user agent. Logged for security purposes (fraud prevention, abuse detection). Not used for advertising or sold to third parties.

2. What We Do NOT Collect

• Payment card data. Stripe processes all payments. We never see or store your card number, expiration, or CVV.
• Video content. We do not download, store, or reproduce video files. We analyze publicly available metadata.
• Sensitive personal data. We do not collect health information, precise geolocation, biometric data, race, religion, or political affiliation.
• Third-party account credentials. We never ask for your TikTok, YouTube, or social media passwords.

3. How We Use Your Information

• To authenticate you and maintain your session
• To generate and save guides you request
• To process payments and manage subscription status
• To send transactional emails (login links, receipts, launch notifications)
• To detect and prevent fraud, abuse, and security incidents
• To improve and operate the service

We do not sell your personal data. We do not use your data to train AI models without your explicit consent.

4. Third-Party Processors

We share limited data with trusted service providers who help us operate FullStep:

• Stripe — payment processing. Your payment details go directly to Stripe. Stripe Privacy Policy.
• Postmark (via Polsia email proxy) — transactional email delivery (login links, receipts).
• Render — cloud hosting provider where our servers and database run.
• Neon — PostgreSQL database hosting.
• Anthropic / AI model provider (via Polsia proxy) — video URL metadata and guide generation requests are processed through an AI model. We do not send your account email to the AI provider for guide generation.

Each processor is contractually bound to use your data only to provide services to us and not for their own marketing.

5. Data Retention

We keep your guides and account data for as long as your account is active. If you delete your account, we delete your personal data and saved guides within 30 days, except where retention is required by law (e.g., billing records).

Log data (IP, UA) is retained for up to 90 days for security purposes, then deleted.

6. Your Rights

You have the right to:

• Access — request a copy of all data we hold about you
• Correction — update inaccurate data
• Deletion — request deletion of your account and associated data
• Export — request an export of your guides in a portable format

To exercise any of these rights, email privacy@fullstep.ai. We'll respond within 30 days.

7. Cookies and Tracking

Session cookies. We use a single session cookie to keep you logged in. It expires after 7 days of inactivity.

Analytics. We use a lightweight first-party analytics beacon (Polsia Analytics) to count page visits. No third-party tracking pixels or behavioral ad networks are used, except where you explicitly consent (e.g., the Meta Pixel on the public landing page, used only for measuring the effectiveness of our own ads).

No persistent tracking cookies are set inside the /app authenticated area.

8. Children

FullStep is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected a child's data, contact us at privacy@fullstep.ai.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, single-use login tokens, and server-side session management. No system is 100% secure. If you discover a security vulnerability, please report it to security@fullstep.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. Material changes will also be communicated by email to active users.

11. Contact

Privacy questions or requests? Email privacy@fullstep.ai.

← Back to FullStep