Steer Privacy Policy

1. Introduction and Overview

Steer Group, Inc. (“Steer,” “we,” “us,” or “our”) is committed to protecting the privacy of its users and providing a safe, secure user experience. This Privacy Policy explains how we collect, use, and share data about you when you access our website https://usesteer.io/ (the “Steer Site”), mobile application(s), and related services, or otherwise interact with us (collectively, the “Services”). It also describes the choices available to you regarding our use of your personal information and how you can exercise your rights.

By using or accessing the Steer Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue your use of the Steer Services.

If you have questions about our privacy practices or need further information, please contact us at team@usesteer.io.

2. Scope and Definitions

2.1 Scope

This Privacy Policy applies to personal information we process in connection with your use of the Services. It covers information collected through our website(s), mobile application(s), and any other interactions you have with us that reference this Privacy Policy.

2.2 Key Definitions

“Personal Information” means information that relates to, describes, or could reasonably be linked with an identifiable individual. It does not include aggregated or deidentified data that cannot be reasonably linked back to you.

“User,” “You,” or “Your” means any person who accesses or uses our Services, including but not limited to:

• Consumers / Shoppers: Individuals who browse, shop, or otherwise interact with Steer to discover products, services, or content recommended or created by others.
• Creators / Publishers: Individuals or entities who use our Services to curate or share content (e.g., product recommendations, sponsored content) through links, blogs, or social media.

“Brand” or “Merchant” means companies or retailers that partner with Steer to make their products or services available to Users.

“Service Providers” means third-party companies that process personal information on our behalf to support or provide our Services.

3. Information We Collect

Steer collects personal information about you in various ways, depending on how you interact with our Services. This includes information you provide directly, information we collect automatically, and additional considerations regarding sensitive data and children's data.

3.1 User Data (Information You Provide Directly)

Account Information
Name, username, email address, phone number, and hashed password. Profile details such as a profile picture or bio. If you are a Creator, we may also collect additional details (e.g., social media handles, links to your website, payment, or tax information for commission purposes). In some cases, you may provide your date of birth, address, or city/country of residence if required for account setup or regional compliance.

Contact and Support Information
If you submit inquiries, feedback, or requests (via forms, email, or in-app messages), we collect the information you provide to respond to you.

Content and Posts
Any comments, images, videos, or other content you upload or publish through the Services (e.g., product images, sponsored content).

Financial Information
If our Services offer paid products or if we owe commissions to Creators, you may provide payment or banking details. Steer uses PCI-DSS compliant third-party payment processors who collect and store your payment information on our behalf. We do not store full payment card numbers, CVV codes, or bank account details on our own servers. We may retain limited payment information such as the last four digits of your payment card and expiration date for account management and verification purposes.

Marketing or Preferences Data
This may include your preferences in receiving marketing communications or information about certain products or features.

Note: Certain aspects of your personal information may be required for you to fully use the Services. If you don't supply requested information, we may be unable to provide certain features or services in full.

3.2 Information We Collect Automatically

Usage Data
We collect log files, IP addresses, browser or device type, unique identifiers, date/time stamps, referring URLs, pages visited, and the time spent on webpages. This helps us understand how you use our Services, diagnose technical issues, maintain security, and improve performance.

Location Data
We may use and store information about your approximate location (e.g., city, country, or postcode) based on IP address.

Cookies and Similar Technologies
We use cookies, web beacons, pixels, and related tracking technologies to retain certain information (e.g., IP addresses, usage patterns, preferences).

POS System Data
If a brand chooses to link its point-of-sale (“POS”) system (such as Marianatek) with our Services, we automatically collect purchase and transactional data as set forth in the applicable business licensing agreement. This collection and processing is based on the legitimate interests of providing our Services and is subject to appropriate technical and organizational security measures. You will be notified of such data collection through the brand's own privacy notice. Steer uses this data to provide and enhance our Services, fulfill contractual obligations, and support analytics or reporting features for the linked brand.

3.3 Sensitive Data

We do not collect any special categories of personal information (also known as sensitive personal data) about you (e.g., race or ethnic origin, political opinions, religious beliefs, health or genetic background, biometric data, union membership or criminal record) unless: (1) you expressly provide such information to us for a specific purpose; (2) we have obtained your explicit consent; or (3) we are required to do so by applicable law. When we do process such data, we implement appropriate additional safeguards as required by applicable data protection laws. If so, we process such data only as required by law and in accordance with your explicit consent.

3.4 Children's Data

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16 without parental consent. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you are a parent or guardian and believe that a child under 16 has provided us with personal information, please contact us at team@usesteer.io. We will take steps to delete such information promptly if we become aware of it.

Under 13: In some jurisdictions, additional protections apply for children under 13. If you become aware that a child under 13 has provided us with personal information, please notify us immediately.

Under 18: Depending on your region's requirements, individuals under 18 may need parental or guardian consent to sign up. If you are a parent or guardian and discover that a minor under 18 has provided us with information without consent, please contact us so we can take appropriate steps.

4. Why We Collect Your Personal Information

Steer collects and processes personal information for various purposes to operate and improve our Services, including:

• To Provide and Deliver the Services: Creating and managing your account, processing transactions, ensuring core functionalities are available.
• To Assess, Maintain, and Improve Performance: Tracking usage, conducting performance analytics, and optimizing infrastructure for a better user experience.
• To Ensure Relevance and Personalization: Tailoring content to your device, location, and preferences (e.g., recommended products or Creators).
• To Notify You About Changes and Deliver Targeted Content: Sending notices regarding updates to our Services, plus relevant marketing, or promotional materials (unless you opt out).
• To Conduct Consumer Research, Surveys, and Interactive Features: Inviting you to participate in research or surveys (voluntary) and using feedback to enhance the Services.
• To Provide Customer Support: Addressing questions, complaints, or other inquiries.
• To Monitor Usage and Detect Technical Issues: Analyzing logs and usage patterns to identify errors or disruptions and to safeguard security.
• To Process Transactions and Support Business Operations: Handling payment details (via third-party processors), paying commissions, financial forecasting, and other internal operations.
• To Deliver Promotional Materials and Special Offers: Where permitted by law or with your consent, sending updates about goods, services, or events that may interest you.
• To Administer Our Business and Exercise Rights: Fulfilling legal or contractual obligations, defending, or exercising legal claims, and managing ongoing relationships.
• To Comply with Legal Obligations and Law Enforcement: Disclosing data if required by law, regulation, or valid legal process.
• To Verify Your Identity and Detect Fraud: Confirming user identities, detecting fraudulent activity, and protecting the integrity of the Services.

5. How We Collect Your Personal Information

5.1 Collection Directly From You

Where reasonable and practical, we collect personal information directly from you, including:

• Registration and Use of Our Services: When you sign up, log in, and interact with Steer.
• Website Links, Social Media, or Other Platforms: When you share personal information via social media integrations or other channels connected to Steer.
• Surveys and Marketing Materials: When you respond to surveys or marketing campaigns.
• Content and Recommendations: Information you or other users upload (e.g., product recommendations, posts, comments).
• Interactions with Staff and Other Users: Through support requests, account management, or in-app/online messaging.

5.2 Collection From Third Parties

We may also collect your personal information from third parties, such as:

• Partners and Service Providers: Hosting, analytics, payment processing, or other business collaborations.
• POS System Integrations: If a brand chooses to link its point-of-sale (“POS”) system with our Services, we automatically receive purchase and transactional data in accordance with the applicable business licensing agreement. This may include details such as items purchased, transaction amounts, timestamps, and any associated membership or customer information.
• Marketing Leads: Third parties that provide marketing or sales leads.
• Marketing and Data Analysis Services: For data enrichment or analytics.
• Public Sources or Social Networks: If you connect a social media account to Steer or if your information is publicly available.

Note: If you provide personal information about another individual (e.g., employees, target audience members), you must ensure they are aware that we will use their data in accordance with this Privacy Policy.

5.3 Legal Bases for Processing

Our legal basis for collecting and using personal information depends on the circumstances. Generally, we process personal information where:

• Performance of a Contract: Necessary to fulfill a contract with you (e.g., providing the Services).
• Consent: You have given permission for specific purposes (e.g., receiving marketing emails).
• Legitimate Interests: Needed for our legitimate business interests (e.g., improving services, preventing fraud), balanced against your fundamental rights.
• Legal Obligation: We must comply with applicable laws, regulations, or requests from law enforcement.

6. How We Disclose or Share Your Personal Information

6.1 Third-Party Disclosures

We may share your personal information with:

• Technology and Media Partners: Hosting, analytics, marketing, or content delivery service providers.
• Professional Advisors: Lawyers, accountants, auditors, and other advisors.
• Service Providers: Third-party vendors (e.g., branding agencies, cloud storage) under contractual obligations to keep your data secure.
• Steer Affiliates: Related companies and subsidiaries for coordinated business operations.
• Law Enforcement and Legal Requests: Where required by law, court order, or legal process.
• Business Transfers: If we sell or transfer all or a portion of our business or assets. We will use reasonable efforts to ensure the transferee uses your data in a manner consistent with this Privacy Policy.
• Third-Party Payment Processors: If we offer paid products or services, we rely on processors like PayPal or Stripe. Your payment data is handled under their policies.

6.2 Compliance with Payment Card Industry (PCI-DSS)

Our third-party payment processors adhere to PCI-DSS standards managed by the Payment Card Industry Security Standards Council. These standards help ensure secure handling of payment information.

7. Cookies and Other Tracking Technologies

7.1 Overview

We and our service providers use cookies, web beacons, pixels, and similar technologies to automatically collect information when you interact with our Services or emails. A cookie is a small text file stored on your device to remember your preferences and usage patterns. Web beacons or pixels are small images or code snippets that allow us to log information about your device. These tools make navigating and interacting with our Services more efficient, personalized, and meaningful. We obtain your consent before placing any non-essential cookies on your device in accordance with applicable data protection laws.

7.2 Types of Cookies

• Necessary Cookies: Essential for enabling key features (e.g., logging in, session management).
• Performance Cookies: Collect info on how visitors use our website (pages visited, errors) to improve performance.
• Functionality Cookies: Remember choices (language, user preferences) for a better user experience.
• Social Media Cookies: Enable sharing or “like” buttons and may track interactions across different sites.
• Marketing or Advertising Cookies: Deliver relevant ads, measure campaign effectiveness, or re-target users on partner platforms.

7.3 Third-Party Tools and Service Providers

We may employ external analytics or survey providers (e.g., Google Analytics) to collect usage data. These providers only use personal information on our behalf and as directed by us, subject to appropriate data processing agreements that ensure compliance with applicable privacy laws. For transfers of data outside your region, we implement appropriate safeguards such as Standard Contractual Clauses or ensure an adequate level of data protection.

7.4 Managing Your Cookie Preferences

Browser Settings: Most browsers let you delete or refuse certain cookies. Note that rejecting necessary or functional cookies may impair some features of our Services.
Global Privacy Control (GPC) and Do Not Track (DNT): We honor GPC signals as a valid opt-out mechanism in jurisdictions where required (such as under the CCPA/CPRA). We also respect DNT signals by limiting non-essential cookies and tracking when such signals are detected, though industry standards continue to evolve. When we receive these signals, we will stop selling or sharing your personal information and limit processing to essential purposes only.
Third-Party Opt-Out Tools: Visit resources like the Network Advertising Initiative, the Digital Advertising Alliance, or the European Interactive Digital Advertising Alliance for further cookie control.

7.5 Implications of Rejecting Cookies

If you reject cookies, certain functions or interactive features may be limited or unavailable.

8. Direct Marketing Communications

We may periodically send you direct marketing communications about our products, solutions, and services via electronic messages (email), online (through our Services), postal mail, or other channels, unless you opt out or legal restrictions prohibit us.

Opt-Out: You can opt out of receiving marketing communications at any time by: (1) clicking the unsubscribe link in our marketing emails; (2) adjusting your communication preferences in your account settings; or (3) contacting us at team@usesteer.io. Please note that even if you opt out of marketing communications, you may still receive service-related communications such as order confirmations, security alerts, and important updates about your account.

Legitimate Interests and Consent: Where required by applicable law (such as the GDPR), we will obtain your explicit consent before sending marketing communications. In other jurisdictions, we may rely on legitimate interests in promoting our Services, subject to your right to opt-out at any time. We maintain records of marketing consents and objections in compliance with applicable laws.

9. How Long We Retain Your Personal Information

We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, in accordance with applicable laws and regulations. Specific retention periods vary by data type and context of use, but generally include:

• (1) account information - retained while your account is active plus 30 days after deletion;
• (2) transaction data - 7 years for tax and accounting purposes;
• (3) marketing preferences - 2 years from last interaction;
• (4) website analytics - 26 months.

When information is no longer needed—or upon your valid deletion request—we securely dispose of your personal information using industry-standard deletion and anonymization techniques.

10. How We Secure Your Personal Information

Security Measures: We maintain appropriate technical and organizational safeguards including the use of SHA-256 encryption, to protect against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of your personal information.

Limited Access: We restrict personal information access to employees, agents, contractors, and third parties with a legitimate business need, subject to confidentiality obligations.

No Absolute Guarantee: While we strive for commercially acceptable security measures, no transmission or storage system is 100% secure. We cannot guarantee absolute protection of your data.

Incident Response: In case of a suspected data breach, we will notify affected individuals and applicable regulators in a timely manner in accordance with applicable legal requirements.

11. Links to Other Sites

Our Services may contain links to third-party websites, content, or services for your information or convenience (e.g., external “shops“ curated by Creators). We do not control these external sites and are not responsible for their privacy practices or content. We encourage you to review each third party's privacy policy before interacting with them.

12. Your Rights in Relation to Personal Information

12.1 Access, Correction, and Accuracy

Accuracy: We aim to keep your personal information accurate and up to date.
Right of Access: You have the right to request access to the personal information we hold about you. In limited cases, we may deny or limit access if legally permissible.
Correction: If you believe your information is inaccurate, incomplete, or outdated, you can request that we correct or update it.

12.2 Deletion, Portability, and Opt-Out

Deletion (Right to Erasure): You may request that we delete your personal information, subject to certain exceptions provided by law (e.g., where we need to retain data to comply with legal obligations).
Data Portability: Where applicable, you have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format, and to ask us to transmit this information to another service provider, where technically feasible.
Opt-Out of Sale or Sharing: Under various privacy laws (including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA)), you have the right to opt out of the “sale” or “sharing” of your personal information and the processing of personal information for targeted advertising. To exercise this right, click the “Do Not Sell or Share My Personal Information” link in our footer or visit our privacy preferences center. We will process your opt-out request within 15 days and maintain it for at least 12 months before requesting authorization to resume sale/sharing.
Opt-Out of Marketing Communications: You can opt out of receiving certain promotional or marketing communications at any time by following the “unsubscribe” instructions in our emails or by contacting us directly.

12.3 Additional Rights Under Data Protection Laws

Your rights may vary based on your location and the laws applicable to you. For example:

• State Privacy Laws: Some U.S. states (e.g., California, Colorado, Virginia, Connecticut, Utah) provide additional rights, such as the right to correct inaccuracies, opt out of targeted advertising, and not be discriminated against for exercising any privacy rights.
• International Laws (e.g., GDPR): If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with comprehensive data protection laws, you may have broader rights such as the right to object to or restrict processing of your personal information and the right to lodge a complaint with a supervisory authority.

12.4 Exercising Your Rights

Verification: To protect your privacy and security, we will verify your identity using appropriate methods before processing your rights requests. This may include requesting specific information from you or using other authentication measures. We will only use any additional information provided for verification purposes. We aim to respond to all verified requests within 45 days, though complex requests may take longer, in which case we will notify you.
Contact Us: If you have questions or would like to exercise any of your rights, please email us at team@usesteer.io. We will review and respond to your request in accordance with applicable data protection laws. If we cannot resolve your concerns, you may have the right to contact the relevant regulatory or data protection authority in your jurisdiction.

13. Complaints

Submitting a Complaint

If you have concerns about how we handle your personal information, please email us at team@usesteer.io. We will acknowledge receipt and investigate as needed.

Investigation and Resolution

We will investigate your complaint thoroughly and aim to respond within 30 days. We may request additional details if needed to complete our investigation. We will inform you of the outcome, including any measures taken to address the complaint. We maintain records of all complaints and their resolutions as required by applicable law.

Escalation

If you are unsatisfied with our response, you may contact your local privacy or data protection authority to file a formal complaint.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or other factors. The most recent version will always be posted at https://usesteer.io/ (or within the Services), and the Effective Date at the top will be updated accordingly.

Material Changes: If we make significant changes affecting your rights or our processing of your personal information (such as changes to the categories of personal information collected, purposes of processing, or sharing with third parties), we will provide notice via email and a prominent notice in the Services at least 30 days before such changes become effective. Where we are relying on your consent for processing, we will obtain your fresh consent before implementing material changes. Previous versions of this Privacy Policy will remain accessible through our website.

Acceptance of Changes: For non-material changes, by continuing to use the Services after updates become effective, you acknowledge the revised Privacy Policy. For material changes affecting your rights or our processing of your personal information, your explicit consent will be required where necessary under applicable law. If you don't agree with any changes, you must stop using our Services and delete your account.

Contact Us

If you have questions, comments, or concerns about this Privacy Policy or Steer's privacy practices, please contact us:

We value your feedback and will do our best to resolve any issues promptly.