First Step
Privacy Policy
Effective Date: 4.04.2025
Last Updated: 4.04.2025
Company: First Step
Contact: [email protected]
1. Introduction

At First Step, we are committed to protecting your privacy and ensuring transparency about how your data is collected, used, and stored. This Privacy Policy describes our practices regarding the personal information we collect from users of our platform and services.

By using First Step, you agree to the terms of this Privacy Policy. If you do not agree with the practices described here, please do not use our services.

2. Information We Collect
a. Personal Information

When you create an account, make a contribution, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number (optional)
  • Payment and billing information (via third-party processors)
  • Messages or notes shared with the recipient
  • Date of birth of the child (for symbolic purposes)
b. Technical Information

We automatically collect:

  • IP address
  • Browser type
  • Operating system
  • Device type
  • Access times
  • Pages viewed and user interaction
c. Third-Party Sources

We may also collect data from trusted partners such as payment processors and analytics providers, in compliance with applicable data protection laws.

3. How We Use Your Information

We use your data to:

  • Facilitate user registration and account management
  • Process voluntary contributions
  • Send confirmation emails and transaction receipts
  • Communicate service updates, product features, or important legal notices
  • Monitor and improve the platform performance
  • Prevent fraudulent activity and ensure regulatory compliance

We do not sell, rent, or trade your personal data to third parties.

4. Legal Basis for Processing (GDPR & PIPEDA)

For users in the EU and Canada, our lawful bases for processing include:

  • Consent (e.g., signing up or providing information voluntarily)
  • Performance of a contract (e.g., managing your account)
  • Legal obligations (e.g., tax or fraud regulations)
  • Legitimate interests (e.g., improving our services)
5. Data Sharing and Third-Party Services

We share data only with trusted third parties necessary for delivering our services:

  • Payment processors (e.g., Stripe or equivalent)
  • Email and communications providers
  • Cloud infrastructure (AWS) and technical providers (e.g., for CI/CD pipelines)
  • Analytics and diagnostics services (e.g., Google Analytics)

All third parties are bound by strict confidentiality and data protection obligations.

6. Children’s Privacy

First Step is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from minors without such consent. Parents or guardians may contact us to request deletion of data associated with a child.

7. Data Storage and Retention

All user data is stored on secure AWS servers located in the United States or Canada. We retain data only for as long as necessary to fulfill the purposes outlined in this policy, including regulatory compliance. Retention periods:

  • Account data: until user deletion request or inactivity for 3 years
  • Transaction data: 7 years (to meet legal/tax requirements)
  • Technical logs: 12 months (for diagnostics)
8. Your Rights

Depending on your jurisdiction, you may have the following rights:

Under the GDPR:
  • Right to access
  • Right to rectification
  • Right to erasure (“Right to be forgotten”)
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing
Under the CCPA:
  • Right to know what personal information we collect
  • Right to request deletion
  • Right to opt-out of data sales (we do not sell personal data)
  • Right to non-discrimination

To exercise any of these rights, please contact: [email protected]

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate users
  • Remember user preferences
  • Track usage patterns (e.g., Google Analytics)

You may manage cookie preferences in your browser settings.

10. Security Measures

We take security seriously and implement the following safeguards:

  • SSL encryption for all data in transit
  • Data encryption at rest (via AWS services)
  • Access control, password hashing, and MFA for admin panels
  • Regular vulnerability scanning and code reviews

However, no system can be 100% secure, and we encourage users to protect their credentials.

11. International Transfers

If you access our services from outside the United States or Canada, be aware that your data may be transferred to, stored, and processed in jurisdictions that may not provide equivalent data protection. We implement safeguards such as Standard Contractual Clauses (SCCs) where required.

12. Changes to This Policy

We may update this Privacy Policy periodically. Any material changes will be posted on our website with the updated “Effective Date.” Continued use of the platform constitutes acceptance of the new terms.