Steem Privacy Policy
Effective Date: June 1st, 2025
1. Introduction
This Privacy Policy ("Policy") sets forth the data practices of Steem LLC ("Steem," "we," "us," or "our") in connection with your use of the Steem mobile application and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge and agree to the terms set forth herein.
Steem is committed to responsible data governance. While we collect a limited amount of personal information for internal and operational purposes, the Service is designed to preserve end-user anonymity to the fullest extent reasonably possible.
2. Categories of Data Collected
Steem may collect the following categories of information:
- Personally Identifiable Information (collected for internal use only):
- Full legal name
- Email address
- Date of birth
- Technical and Usage Information:
- Device identifiers and diagnostic logs (e.g., IDFA, session tokens)
- IP address and network metadata
- Interaction metrics including feature engagement, session duration, and frequency
- Purchase and subscription data as processed through Apple In-App Purchase (IAP)
- Session Interaction Data:
- User-generated content and message transcripts (AI, Whisper, Peer Pro)
- Self-reported emotional states, goals, and behavioral indicators
- AI-generated content and derived metadata (e.g., sentiment tagging, intent classification)
3. Purposes of Data Processing
Steem processes data for the following business purposes:
- Provision and improvement of the Service and its core features
- Personalization of AI and support functionality
- Internal analytics and diagnostic reporting
- Prevention of misuse and detection of safety risks
- Fulfillment of legal, regulatory, and tax obligations
We do not sell personal data, nor do we share it with third parties for cross-context behavioral advertising.
4. Lawful Basis for Processing
To the extent applicable under U.S. and analogous legal standards, our lawful bases for processing include:
- Consent: where users affirmatively provide or authorize information
- Contractual necessity: to provide features that require authentication or payment
- Legitimate interests: to ensure system integrity, security, and platform improvement
5. AI Memory and Personalization Framework
Steem's AI architecture utilizes:
- Short-Term Memory: ephemeral session context, pace modulation, and emotional cues
- Long-Term Memory: vector-based representations of user interaction history and support themes
This information is retained solely for the purpose of continuity, personalization, and quality enhancement. You may request the erasure of this data at any time.
6. Anonymity, Identity & Session Data Retention
Steem does not display personally identifying information to users. Sessions are pseudonymous by default. The following retention practices apply:
- Whisper session transcripts: retained for 14 days, then automatically deleted
- AI session data: retained indefinitely unless deletion is requested
- Financial and transactional data: retained per applicable legal and tax compliance standards
- Account information (name, email, DOB): retained securely and not exposed to other users
7. Use of Third-Party Processors
We utilize certain third-party service providers to operate and maintain the Service:
- Apple IAP – subscription billing
- Firebase – app analytics and performance tracing
- Sentry – system error logging
- Qdrant / Weaviate – AI vector memory storage
- OpenAI / Meta API – AI content generation and enrichment
Third-party processors may have access to pseudonymized or hashed device identifiers solely for the purpose of fulfilling their contractual obligations.
8. Retention Summary
| Data Type | Retention Policy |
|---|
| Whisper sessions | 14 days (auto-delete) |
| AI/Peer Pro sessions | Retained unless deletion requested |
| Name, Email, DOB | Retained for account lifecycle |
| Payment data | Retained per financial regulations |
9. State-Specific Privacy Rights (U.S. Only)
We comply with applicable U.S. state privacy laws, including:
- California (CPRA): We do not sell or share personal data as defined by CPRA.
Residents may request access, correction, or deletion of their personal information.
- Virginia, Colorado, Connecticut, Utah: Users may exercise rights including access, correction, deletion, and objection to profiling.
All requests may be submitted to: support@steem.com
10. User Rights (Voluntarily Extended)
Steem voluntarily offers GDPR-modeled rights to all users, including:
- Right to access, correct, delete, or export your data
- Right to object to processing under specified grounds
We may decline requests where legally exempt or technically infeasible.
11. Children's Data
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect information from children. If such data is discovered, it will be purged promptly upon verification.
12. Security Practices
We apply commercially reasonable safeguards to protect your data, including:
- TLS encryption for data in transit
- AES-256 encryption for data at rest
- Access control based on job function and system privilege
No transmission or storage system is completely secure. Use of the Service is at your own risk.
13. Changes to This Policy
We reserve the right to update this Policy at any time. Material changes will be notified via in-app disclosure or update log. Continued use constitutes acceptance.
14. Contact and Data Inquiries
For questions or to submit a data rights request, contact our designated data officer at:
support@trysteem.com
© Steem LLC. All rights reserved.
