Privacy Policy

Last updated: April 20, 2025

Introduction

InvestStep ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our investment education services.

We comply with all applicable data protection laws in Puerto Rico and other jurisdictions where we operate. Please read this Privacy Policy carefully to understand our practices regarding your personal information.

By accessing or using our services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

We collect several types of information from and about users of our website and services, including:

Personal Information

Personal information is data that can be used to identify you individually. We may collect the following personal information:

  • Contact information (name, email address, phone number, postal address)
  • Account credentials (username, password)
  • Payment information (credit card details, billing address)
  • Profile information (educational background, investment experience, goals)
  • Communications you send to us

Non-Personal Information

We also collect non-personal information that does not directly identify you, including:

  • Usage data (pages visited, time spent on the site, clicks)
  • Device information (browser type, operating system, IP address)
  • Location data (country, region, city)
  • Demographic information (age range, gender, interests)

How We Collect Information

We collect information through various methods:

Direct Collection

  • When you create an account or profile
  • When you submit forms or surveys
  • When you communicate with us
  • When you make purchases or payments
  • When you participate in our courses or use our tools

Automated Collection

  • Through cookies and similar technologies
  • Through server logs and analytics tools
  • Through third-party service providers

For more information about our use of cookies and your choices regarding them, please see our Cookie Policy.

How We Use Your Information

We use the information we collect for various purposes, including:

To Provide and Improve Our Services

  • Delivering the educational content and features you request
  • Processing transactions and managing your account
  • Personalizing your learning experience
  • Improving our website, services, and user experience
  • Developing new features and offerings

To Communicate With You

  • Responding to your inquiries and requests
  • Providing customer support and technical assistance
  • Sending administrative messages about your account
  • Delivering educational content and updates
  • Sending marketing communications (with your consent)

For Legal and Security Purposes

  • Protecting our rights, property, and safety
  • Detecting and preventing fraud or abuse
  • Complying with legal obligations
  • Enforcing our terms and policies

Legal Basis for Processing (for EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we collect and process your personal information based on one or more of the following legal grounds:

  • Consent: When you have given us explicit consent to process your information for specific purposes.
  • Contract: When processing is necessary to fulfill our contractual obligations to you (e.g., providing the services you have signed up for).
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms.
  • Legal Obligation: When processing is necessary to comply with our legal obligations.

Information Sharing and Disclosure

We may share your information with the following categories of recipients:

Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Payment processors
  • Cloud hosting providers
  • Analytics companies
  • Customer support services
  • Email delivery services

These providers are contractually obligated to use your information only as directed by us and for the purpose of providing their services.

Business Partners

We may share your information with business partners who offer products or services jointly with us or who provide educational content on our platform. These partners are bound by confidentiality obligations and are prohibited from using your information for purposes other than those disclosed to you.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government requests).

Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

With Your Consent

We may share your information with other third parties when we have your consent to do so.

We do not sell, rent, or lease your personal information to third parties.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider:

  • The amount, nature, and sensitivity of the personal information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the information
  • Whether we can achieve those purposes through other means
  • Applicable legal, regulatory, tax, accounting, or other requirements

When we no longer need your personal information, we will securely delete or anonymize it.

Data Security

We have implemented appropriate technical and organizational measures to protect your personal information from accidental loss, unauthorized access, use, alteration, and disclosure.

Our security measures include:

  • Encryption of sensitive data
  • Secure socket layer (SSL) technology
  • Access controls and authentication procedures
  • Regular security assessments and testing
  • Employee training on data protection

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

Access and Information

You have the right to request access to the personal information we hold about you and to receive information about how we process it.

Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Deletion

You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data.

Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Objection

You have the right to object to the processing of your personal information in certain circumstances, such as for direct marketing purposes.

Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law.

Children's Privacy

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information as soon as possible.

If you believe that we might have any information from or about a child, please contact us using the information provided in the "Contact Us" section below.

International Data Transfers

We may transfer your personal information to countries other than the one in which you reside. These countries may have data protection laws that differ from those in your country.

When we transfer personal information across borders, we take appropriate safeguards to ensure that your information receives an adequate level of protection, such as:

  • Using standard contractual clauses approved by relevant authorities
  • Ensuring that recipients are subject to adequate data protection laws
  • Obtaining your consent for specific transfers

By using our services, you consent to the transfer of your information to countries outside your country of residence, including the United States, where our primary servers and operations are located.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated policy will be posted on this page with a revised "Last updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

InvestStep
1369 Ashford Avenue
Mezzanine Floor
San Juan, 00907
Puerto Rico

Phone: +1 (281) 794-0077

Email: [email protected]

We will respond to your inquiry as soon as possible and within the timeframe required by applicable law.

Complaints

If you are not satisfied with our response to your privacy concern or believe that we are not processing your personal information in accordance with applicable law, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

We use cookies to enhance your experience on our website. By continuing to browse, you agree to our Cookie Policy. You can customize your cookie preferences at any time.

Cookie Settings

Manage your cookie preferences. You can enable or disable different types of cookies below.

Necessary Cookies

These cookies are essential for the website to function properly and cannot be disabled.

Functional Cookies

These cookies enable personalized features and functionality on our website.

Analytics Cookies

These cookies help us understand how visitors interact with our website, helping us improve our services.

Marketing Cookies

These cookies are used to track visitors across websites to display relevant advertisements.