This page explains what data we process, why we process it, which providers are involved, how long we keep data, and your rights under the GDPR.
Jump to a section. Each section includes a copy link button and a collapse toggle.
Stepien Digital is based in Germany and acts as the data controller under the General Data Protection Regulation.
This Privacy Policy explains how personal data is collected, processed, and protected when you use Stepien Digital services, websites, and communication channels.
It applies to visitors, prospects, business clients, and contacts who reach out via email, web forms, social platforms, or other channels used to deliver our services.
We may process the following categories of personal data, depending on the interaction and service scope.
We process personal data to deliver services, host websites, manage visibility, keep systems secure, communicate, handle billing, and comply with legal obligations.
Legal bases may include performance of a contract, legitimate interests, and compliance with legal obligations. When consent is required, we request it clearly and specifically.
Websites and databases are hosted on SmarterASP.NET. DNS and security services are managed through Cloudflare. Media and static assets may be stored and delivered via Cloudflare R2.
We use third party services only when needed to deliver services, run infrastructure, process payments, improve security, or support operations.
When we rely on providers, we aim to use appropriate contractual protections and technical safeguards.
Our websites may process technical data needed to display pages, protect services, and prevent abuse. This can include server logs, IP addresses, request metadata, and security event signals.
When you contact us, we process the data you provide to respond, document the request, and support service delivery.
Communication data can include message content, attachments, and technical metadata. We keep communication data as long as needed to handle the request and meet legal obligations.
Billing information may be processed to issue invoices, manage subscriptions, and keep accounting records. Payments are processed via Stripe.
We do not store full card details on our systems. Payment card data is handled by Stripe according to their security standards.
We keep personal data only as long as necessary for the stated purposes and to comply with legal retention duties.
Depending on the providers used, personal data may be processed in different countries. Where international transfers occur, we aim to rely on appropriate safeguards, such as contractual protections and security measures.
Data subjects have the right to access, rectify, erase, restrict processing, object, and request data portability in accordance with GDPR.
Stepien Digital uses encryption in transit, firewall protections, access controls, and monitoring to safeguard personal data.
Stepien Digital is not responsible for misuse of services, unlawful content provided by clients, or actions taken by third party platforms.
Clients remain responsible for the legality of content they provide, and for compliance obligations that apply to their specific business activities.
This Privacy Policy may be updated to reflect legal or technical changes. The current version is published on the website.