Privacy Policy

Step Stones is an AI-powered employee onboarding and training platform operated by Manifold Metrics LLC that helps organizations train and support their teams. We take your privacy seriously and collect only the information necessary to provide our services. We never sell your personal information to third parties. This policy explains what data we collect, how we use it, and your rights.

We collect information necessary to provide our services: Organization Information (company name, settings, subscription status). User Account Data (name, email, role, department, job title, authentication credentials). Training Content (modules you create, documents you upload including PDFs, videos, and audio files). Usage Data (training progress, completion status, time spent in modules). Conversation Data (questions you ask our AI assistant, responses provided, bookmarked answers). Analytics Data (anonymized aggregate metrics such as trending topics, knowledge gaps, and completion rates by role or department—we do not track individual employee activity). Billing Information (payment details processed through Stripe, subscription tier, and usage limits). We collect this data when you create an account, use our features, or interact with our AI assistant.

We use your data to: Power our AI chat assistant by analyzing your training materials and documents to provide contextual answers with citations. Track training progress and completion to help employees and managers understand learning status. Generate anonymized analytics showing trending topics, knowledge gaps, and aggregate completion rates . Manage role-based access permissions so users only see content relevant to their department and role. Process payments and enforce subscription limits through Stripe. Maintain audit logs for security and troubleshooting. Detect areas where additional training materials may be helpful. We use data only for these service-related purposes and do not use it for advertising or sell it to third parties.

We implement industry-standard security measures to protect your data. All data is encrypted in transit using secure protocols and at rest in our database. Access to data is controlled through role-based permissions within your organization (employees, team leads, managers, and admins each have different access levels). We offer optional multi-factor authentication for additional account security. System activity is logged in audit trails for security monitoring. Our infrastructure is hosted with reputable cloud providers that maintain their own security certifications.

We share data with select third-party service providers only as necessary to operate our platform: Stripe processes payment information for billing and subscriptions. Cloudflare hosts and streams video content. Cloud infrastructure providers host our database and application servers. Our AI features are self-hosted and do not share your content with third-party AI services. All service providers are bound by confidentiality agreements and data protection terms. We do not sell, rent, or lease your personal information to anyone. You retain ownership of all content you upload to Step Stones.

You have rights regarding your personal data: Access your data by requesting a copy of information we hold about you. Correct inaccuracies by updating your profile or contacting your organization administrator. Delete your data by requesting account deletion (subject to legal retention requirements). Export your data in a machine-readable format. Opt out of non-essential communications. For individual employees, your organization administrator manages your account and may access your training data as part of their administrative role. Organization administrators can configure data retention policies and request bulk data exports or deletion for their entire organization.

We retain your data as long as your account is active and for a reasonable period afterward to comply with legal obligations and resolve disputes. Upon account deletion or cancellation, we will delete your personal data within 30 days, though some information may be retained longer if required by law (such as billing records for tax purposes). Anonymized analytics data that cannot identify individuals or organizations may be retained indefinitely to help us improve our services. Backup copies are maintained for disaster recovery purposes and are deleted according to our backup retention schedule. Organization administrators can request data deletion at any time by contacting our support team or by deleting account data on the platform.

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through a notice in the application at least 30 days before the changes take effect. Your continued use of Step Stones after we publish changes means you accept the updated policy. We recommend reviewing this policy periodically. This privacy policy was last updated in November 2025.