Steerway — Privacy Policy

Enterprise-Grade, GDPR-Compliant Privacy Policy

Updated on November 26, 2025

Vendor

Steerway, SAS
Registered office: 64 A Rue Sully, 21000 Dijon, France
R.C.S. Dijon 933 643 942
Share capital: €33,085
Contact: contact@steerway.dev

Merchant of Record

Payments, invoicing, and tax handling are operated by Paddle.com Market Ltd.

1. Introduction

Steerway, SAS (“Steerway”, “we”, “us”), a company registered under R.C.S. Dijon 933 643 942 and located at 64 A Rue Sully, 21000 Dijon, France, is committed to protecting your privacy and personal data.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you access or use our Service, including our API, Plugins, and website.

Steerway acts as the Data Controller for all personal data processed through the Service.

2. Data We Collect

We collect only the minimum personal data required to operate the Service.

2.1 Account Information

  • Email address
  • Password (hashed and salted)

2.2 Subscription & Billing

Billing is processed by Paddle.com Market Ltd., our Merchant of Record.
Steerway does not collect or store credit card information.

2.3 Machine Identifiers

We collect a hashed machine identifier strictly to enforce Seat limits and prevent abuse.

2.4 Technical Logs

We store standard SaaS logs, including IP address, timestamp, endpoint, response code, and error logs.
Log retention period: 30 days.

2.5 Prompts and Code

Steerway does NOT store your prompts, code, or any data you send to the AI.
Inputs are processed transiently and discarded after generating results.
No training is performed on customer data.

2.6 Analytics

We use Plausible Analytics, a privacy-friendly, cookie-less service.
Plausible stores no personal data and uses no cookies.

2.7 Marketing Emails

We use a self-hosted Listmonk instance to send optional marketing emails. Marketing emails include newsletters, product updates, and promotional communications. These emails are sent only if you explicitly opt in, and you can unsubscribe at any time using the link provided in each email or via your account preferences.

Transactional emails — such as receipts, account activations, password resets, and support communications — are always sent because they are necessary for the proper functioning of the service. Transactional emails may be sent via a separate email service to ensure reliability and deliverability.

All email addresses and preferences are stored securely and handled in compliance with GDPR. Marketing emails are never sent without explicit permission.

3. How We Use Your Data

  • To create and manage accounts
  • To provide and maintain the Service
  • To enforce licensing and Seat activation
  • To send transactional emails
  • To ensure security and prevent abuse
  • To send optional marketing emails (if opted in)

We do not use your personal data for purposes incompatible with this Policy.

4. Legal Bases for Processing

  • Contract performance (account, subscription, licensing)
  • Legitimate interest (security, service improvement)
  • Consent (marketing emails)
  • Legal obligation (invoicing, tax compliance via Paddle)

5. Where Data Is Processed & Stored

The Steerway platform is hosted in the EU via Coolify.
Compute and inference workloads use third-party GPU providers (listed upon request).

6. Sharing Your Data

We only share data with:

  • Paddle (billing and compliance)
  • Cloud hosting and GPU providers
  • Listmonk (email delivery)

We do not sell personal data.

7. Cookies

Our web apps use Plausible Analytics, which uses no cookies.

8. Data Retention

  • Account data: kept until account deletion
  • Logs: 30 days retention
  • Machine IDs: stored during subscription duration
  • Prompts/code: never stored
  • Marketing consent: kept until revoked

9. User Rights (GDPR)

You have the right to:

  • Access your data
  • Correct data
  • Delete data
  • Export data
  • Restrict or object to processing
  • Withdraw marketing consent

For any data protection concerns, contact: privacy@steerway.dev

10. Data Security

We use industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Role-based access control
  • Monitoring and logging
  • Secure password hashing
  • Zero prompt/code storage

11. International Transfers

Some subprocessors — including Paddle.com Market Ltd. — operate in the United Kingdom. Transfers from the EU to the UK are permitted under the UK GDPR Adequacy Decision.

Certain subprocessors (payment processors or GPU providers) may operate outside the EU. In such cases, Steerway ensures appropriate safeguards:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Equivalent GDPR-compliant mechanisms

12. Children’s Privacy

Steerway is not intended for children under 16.
We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy occasionally.
Continued use of the Service constitutes acceptance of the updated version.

14. Contact

For privacy inquiries: privacy@steerway.dev
For general support: contact@steerway.dev