Steap Lab

Privacy Policy

Last updated: April 18, 2026

This Privacy Policy describes how Steap Lab ("we," "us," or "our"), a brand operated by Steap LLC, collects, uses, and shares information about you when you visit or use steaplab.io ("the Site"). By using the Site, you agree to the practices described here.

1. Who we are

Steap Lab publishes evidence-backed wellness tools and editorial content at steaplab.io. The Site is operated by Steap LLC, a limited liability company. Steap Lab content may reference products from our parent brand STEAP (steap.com), but your activity on steaplab.io is governed by this policy.

2. Information we collect

Information you provide directly.

  • Email address when you subscribe to The Ledger or submit a contact form.
  • Any other information you voluntarily provide (feedback, survey responses, correction suggestions).

Information collected automatically.

  • Usage data: pages viewed, tool interactions, verdicts generated, share events, outbound clicks.
  • Device data: IP address (truncated for analytics), browser type, operating system, screen size, referring URL, approximate geographic region.
  • Cookies and similar technologies (see our Cookie Notice).

Information from third-party services.

  • Google Analytics 4 — pseudonymous usage data.
  • Google AdSense — ad performance, cookies, advertising identifiers.
  • Klaviyo — email engagement metrics, delivery status.

3. How we use your information

We use the information we collect to:

  • Operate, maintain, and improve the Site and its tools.
  • Send The Ledger newsletter to subscribers and respond to inquiries.
  • Measure aggregate usage and content performance.
  • Serve and optimize advertising through Google AdSense.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal information.

4. How we share your information

We share information only with:

  • Service providers that help us operate the Site — Vercel (hosting), Google (analytics, advertising), Klaviyo (email). Each is contractually bound to use data only to provide services to us.
  • Legal authorities when required by law, court order, or to protect rights or user safety.
  • Business transfers in the event of a merger, acquisition, or asset sale.

We do not share your information with third parties for their own marketing purposes.

5. Google AdSense and advertising

We use Google AdSense to display advertising on the Site. Google and its partners may use cookies and advertising identifiers to serve ads based on your prior visits to our Site or other websites. You can opt out of personalized advertising at Google's Ad Settings or learn more at aboutads.info.

6. Cookies and tracking

We and our third-party providers use cookies and similar technologies for essential functionality, analytics, and advertising. See our Cookie Notice for details on what cookies we use and how to manage them.

7. Your rights

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, correct inaccuracies, opt out of the sale or sharing of personal information, and receive non-discriminatory treatment when exercising these rights. While we do not sell personal information for money, some advertising cookies may qualify as "sharing" under CCPA — you can opt out via our cookie banner or the links in Section 5.

For EU/UK residents (GDPR/UK GDPR): You have the right to access, correct, delete, restrict processing of, and port your personal data; to object to processing; and to withdraw consent at any time. You may also lodge a complaint with your local data protection authority.

For everyone: To exercise any of the rights above, email team@steaphealth.com with "Privacy Request" in the subject line. We will verify your identity and respond within 30 days.

8. Data retention

  • Newsletter subscriptions: retained until you unsubscribe, then purged within 30 days.
  • Analytics data: retained per Google Analytics default settings (currently 14 months).
  • Contact form submissions: retained up to 24 months after resolution.
  • Cookies: varies by type — see Cookie Notice.

9. Children's privacy

The Site is not directed to children under 13 (under 16 in applicable EU/UK jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact team@steaphealth.com and we will delete it.

10. International data transfers

If you access the Site from outside the United States, your information may be transferred to and processed in the United States. We rely on Standard Contractual Clauses or equivalent safeguards for international transfers of EU/UK personal data.

11. Security

We use reasonable administrative, technical, and physical safeguards to protect your information. No system is 100% secure; we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy here with an updated "Last updated" date. Material changes will be communicated via a banner on the Site or an email to subscribers.

13. Contact

Email: team@steaphealth.com
Postal: Steap LLC, 200 Spectrum Center Dr, Suite 300, Irvine, CA 92618, United States

This policy was last updated on April 18, 2026.