Steadli

Privacy Policy

Last updatedAugust 14, 2025

Introduction

This Privacy Policy describes how Steadli Inc. ("we", "our", "us") collects, uses, and protects your personal information when you use our website, mobile app, and SMS-based services (collectively, "the Services"). Steadli Inc. is incorporated in Ontario, Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and applicable U.S. state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). By using our Services, you agree to the practices described in this Policy.

Important Disclaimers

Medical Information & Regulatory Status

We are not a healthcare provider, medical facility, or HIPAA-covered entity. While we may collect information related to your health behaviors to provide our Services, we do not provide medical care or medical advice. This information is handled in accordance with privacy laws applicable to consumer data, including PIPEDA and relevant U.S. state laws, not HIPAA. For medical advice, please consult a licensed healthcare provider.

Information We Collect

Personal Information

  • Contact information (e.g., phone number, email address)
  • SMS message content related to your behavior change journey
  • App usage data and interaction patterns
  • Information you provide about your health routines

Usage Data

We automatically collect certain information when you use our Services, including:

  • Frequency and timing of interactions
  • Pattern of responses
  • Technical information about your device, operating system, and browser
  • IP address and general location

How We Use Personal Information

  • Provide, operate, and improve our Services
  • Personalize your experience
  • Communicate with you, including support and updates
  • Send prompts, reminders, or other app content
  • Maintain security and prevent fraud
  • Comply with legal obligations

Consent (Canada)

Under PIPEDA, we collect, use, and disclose personal information with your consent, except where otherwise permitted by law. Consent may be express (e.g., signing up for an account, checking a consent box) or implied (e.g., continuing to use the Services after being informed of this Policy). You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us.

Your Rights

Canada

  • Request access to your personal information
  • Request corrections to inaccurate information
  • Withdraw consent to our processing
  • Make a complaint to the Privacy Commissioner of Canada

United States

  • Know the categories of personal information we collect and why
  • Access the personal information we hold about you
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information (we do not sell data)
  • Correct inaccurate personal information

Cross-Border Data Transfers

We store and process personal information on servers located in the United States (Heroku) and may use other service providers outside your province, state, or country. This means your information may be subject to U.S. laws, including access by U.S. government authorities. We use contractual agreements and technical safeguards (including encryption in transit and at rest) to protect your data and maintain a level of protection comparable to Canadian requirements. By using our Services, you consent to the transfer of your personal information outside your country of residence.

Limiting Collection, Use, and Retention

We only collect the personal information necessary for the purposes stated in this Policy. We retain your personal information only as long as needed for those purposes, or as required by law, after which it is securely deleted or anonymized.

Safeguards

We implement technical, organizational, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Sharing Personal Information

We share personal information only with service providers acting on our behalf (e.g., hosting, analytics, messaging), as required by law, or with your consent. We do not sell personal information.

Breach Notification

If a breach of security safeguards occurs that poses a real risk of significant harm, we will notify affected individuals and the Privacy Commissioner of Canada, and where applicable, U.S. authorities and affected state residents, as required by law.

Contact Us

Privacy Officer
Steadli Inc.
privacy@steadli.com

68 Claremont St,
Toronto, Ontario, Canada

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.