Last updated: April 2026
Privacy Policy
1. Who We Are
StepBeam is operated by QLTY Consulting AB, a company registered in Sweden (org. nr 559XXX-XXXX). When this policy refers to "StepBeam," "we," "us," or "our," it means QLTY Consulting AB.
We are the data controller for the personal data we collect through our website (stepbeam.com) and our SaaS platform. For guide interaction data collected via our SDK on our customers' websites and applications, our customers are the data controllers and we act as a data processor on their behalf.
2. What Data We Collect
2.1 Account Data
When you create a StepBeam account, we collect your name, email address, and company name. If you subscribe to a paid plan, we also collect billing information (processed securely by Stripe; we never store full card numbers).
2.2 Usage Data
We collect information about how you interact with the StepBeam platform, including pages visited, features used, guides created, and general platform activity. This helps us improve the product and provide support.
2.3 Guide Interaction Data (End-User Data)
When our customers embed the StepBeam SDK in their products, the SDK collects interaction data from their end-users, such as which guide steps were viewed, completed, or dismissed. This data is collected on behalf of our customers, who are responsible for informing their own users about the data collection in accordance with applicable privacy laws.
The SDK does not collect personal data such as names or email addresses from end-users unless the customer explicitly configures it to pass user identifiers for analytics segmentation.
2.4 Cookies and Analytics
Our marketing website uses Google Analytics 4 to understand traffic patterns and improve our content. We also set a first-party cookie to remember your cookie consent preference. See Section 7 for a full list of cookies.
3. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:
- Contract (Article 6(1)(b)): Processing your account data is necessary to provide the StepBeam service under our Terms of Service.
- Consent (Article 6(1)(a)): We use analytics cookies only after you have given consent via our cookie banner. You can withdraw consent at any time by clearing your cookies or adjusting your browser settings.
- Legitimate Interest (Article 6(1)(f)): We process usage data to operate, secure, and improve the StepBeam platform. We have assessed that these interests do not override your rights and freedoms.
4. Data Sharing
We do not sell your personal data to third parties. We share data only with the following service providers, who process it on our behalf under appropriate data processing agreements:
- Stripe(payments): Processes billing and payment information for paid subscriptions. Stripe's privacy policy is available at stripe.com/privacy.
- Google Analytics(website analytics): Receives anonymized and aggregated usage data from our marketing website. IP anonymization is enabled. Google's privacy policy is available at policies.google.com/privacy.
We may also disclose personal data if required by law, regulation, or legal process, or to protect the rights and safety of StepBeam, our users, or the public.
5. Data Retention
- Account data is retained for as long as your account is active. When you delete your account or request deletion, we remove your personal data within 30 days, except where we are legally required to retain it.
- Usage and analytics data is anonymized after 26 months. Once anonymized, it can no longer be linked to any individual.
- Guide interaction data (end-user data collected via the SDK) is retained according to the data retention settings configured by the customer. Customers can delete this data at any time from the StepBeam dashboard.
6. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se.
7. Cookie Policy
We use a limited number of cookies on our marketing website. No cookies are set until you provide consent via our cookie banner (except the consent cookie itself, which is strictly necessary).
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique visitors. Used to calculate visitor, session, and campaign data for site analytics. | 2 years |
| _ga_* | Google Analytics | Maintains session state across page requests for GA4 measurement. | 2 years |
| stepbeam_cookie_consent | StepBeam (first-party) | Remembers your cookie consent preference so we do not show the banner again. Strictly necessary. | 1 year |
You can manage or delete cookies through your browser settings at any time. Disabling cookies may affect your experience on our website but will not affect the functionality of the StepBeam platform itself.
8. International Data Transfers
Your data is primarily stored and processed within the European Union. Where data is transferred to service providers outside the EU/EEA (for example, Google and Stripe operate globally), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.
9. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, regular security reviews, and secure development practices.
10. Children's Privacy
StepBeam is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Email: [email protected]
- Company: QLTY Consulting AB
- Country: Sweden