Privacy Policy

This Privacy Policy describes how Step Brands LLC (Step Brands, we, us, or our) collects, uses, and shares information about you when you use FirmLock (the Service), our website, and related services.

If you have any questions or concerns about this Policy, please contact us at the address listed at the end.

1. Who We Are

FirmLock is operated by Step Brands LLC, a Nevada limited liability company located at 8635 W Sahara Ave., Suite 3223, Las Vegas, NV 89117. Step Brands LLC is the data controller for personal information collected through the Service.

2. Information We Collect

We collect information in the following ways:

Information You Provide to Us

• Account Information. When you register for FirmLock, we collect your name, email address, password, company name, and other details necessary to create and maintain your account.
• Billing Information. When you subscribe to a paid plan, we collect billing details such as your name, billing address, and payment card information. Payment card details are processed by our third-party payment processor (e.g., Stripe) and are not stored on our servers.
• Communications. If you contact us for support or other inquiries, we retain a record of your message and our response.
• Marketing Preferences. If you opt in to marketing communications, we collect your email address and any preferences you indicate.

Information We Collect Automatically

• Usage Data. We collect information about how you interact with the Service, including pages visited, features used, time spent, and click patterns.
• Device and Log Data. We collect IP address, browser type, operating system, device identifiers, referring URLs, and timestamps.
• Cookies and Similar Technologies. We use cookies, web beacons, and similar technologies to operate the Service, remember your preferences, and analyze usage. See Section 7 for details.

Information from Third Parties

We may receive information about you from third parties such as analytics providers (e.g., Google Analytics), payment processors, and authentication services if you sign in via a third-party account.

3. How We Use Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Process payments and manage subscriptions
• Authenticate users and protect against fraud, abuse, and security risks
• Communicate with you about your account, transactions, and customer support
• Send marketing emails and product updates (where you have opted in or as otherwise permitted by law)
• Analyze usage trends and develop new features
• Comply with legal obligations and enforce our terms

4. How We Share Information

We do not sell your personal information. We share information only as described below:

• Service Providers. We share information with vendors who help us operate the Service, including hosting providers, payment processors (e.g., Stripe), email service providers, customer support platforms, and analytics providers (e.g., Google Analytics). These providers are contractually required to protect your information.
• Legal and Safety. We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers. If Step Brands LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent. We may share information with third parties when you direct us to.

5. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information.

For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell or share
• Access a copy of the personal information we have collected about you
• Delete personal information we have collected, subject to certain exceptions
• Correct inaccurate personal information
• Opt out of the sale or sharing of your personal information (we do not sell personal information, but some analytics and advertising cookies may qualify as sharing under California law)
• Limit the use of sensitive personal information
• Non-discrimination for exercising your rights

To exercise these rights, contact us at the address below. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

Categories of personal information collected in the past 12 months: identifiers (name, email, IP address), commercial information (subscription details), internet activity (usage data), and inferences drawn from the above.

For Residents of the European Economic Area, United Kingdom, and Switzerland (GDPR/UK GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data (the right to be forgotten)
• Restrict or object to processing
• Data portability (receive your data in a machine-readable format)
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with your local data protection authority

Legal bases for processing. We rely on the following legal bases under the GDPR: (a) performance of a contract (to provide the Service); (b) legitimate interests (to operate, secure, and improve the Service); (c) consent (for marketing and certain cookies); and (d) compliance with legal obligations.

International transfers. Personal data may be transferred to and processed in the United States and other countries that may have different data protection laws than your country. Where required, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

To exercise any of these rights, contact us using the details below.

6. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we will delete or anonymize it. Specific retention periods vary by data type and purpose.

7. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential cookies: required for the Service to function (e.g., authentication, security)
• Analytics cookies: help us understand how the Service is used (e.g., Google Analytics)
• Preference cookies: remember your settings and preferences

You can control cookies through your browser settings or, where available, through our cookie consent tool. Disabling certain cookies may limit functionality. To opt out of Google Analytics, you can install the Google Analytics Opt-Out Browser Add-on at tools.google.com/dlpage/gaoptout.

We do not currently respond to Do Not Track browser signals, but we honor opt-out requests submitted through our consent tool or by contacting us directly.

8. Marketing Communications

If you have opted in to marketing emails, we will send you product updates, promotions, and other communications. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us. Even if you opt out of marketing, we will still send you transactional and account-related messages.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and destruction. However, no system is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

FirmLock is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it. If you believe a child has provided us with personal information, please contact us.

11. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Policy does not apply to those third parties. We encourage you to review their privacy policies before sharing information with them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service prior to the change taking effect. The Last Updated date at the top reflects the most recent revision.

13. Contact Us

If you have questions, concerns, or requests regarding this Policy or your personal information, please contact us at:

Step Brands LLC
Attn: Privacy
8635 W Sahara Ave., Suite 3223
Las Vegas, NV 89117
Email: privacy@firmlock.app