👉 View IBM FlashSystem Pricing
Call us

Privacy Policy

Privacy Policy

  • Home
  • Privacy Policy

Introduction

At StepKnock, we are committed to protecting your privacy and handling your personal information with care. As a growing startup, we have designed this Privacy Policy to be both comprehensive and scalable – adhering to high standards of data protection while remaining clear and accessible. We follow widely accepted privacy principles and applicable laws, including the EU’s GDPR and US state laws like California’s CCPAscoredetect.com. In practice, this means we collect only the data we truly need, obtain required consent, give you control over your information, and implement strong security measuresscoredetect.com. We do not sell your data or share it for third-party advertising, and we strive to minimize what we collect in the first place (aligning with the “data minimization” principle of GDPR that personal data be “adequate, relevant and limited to what is necessary”gdpr-info.eu). This policy explains what information we collect, how we use and safeguard it, and your rights regarding your data. Our goal is to be transparent and compliant with all relevant laws while collecting as little personal data as possible to deliver our services.

Information We Collect

We only collect personal information that is necessary for our stated purposes (following a “collect only what you need” approachscoredetect.com). The types of information we may collect include:

  • Contact and Identity Information: Name, email address, phone number, company/organization name, and job title or role. This is typically collected when you interact with us (for example, when you fill out our contact form, sign up for an event, or correspond with us via email). We do not collect any government ID numbers or sensitive personal identifiers in our normal course of business.
  • Communication Content: Information you voluntarily provide to us during communications. This could include messages you send us (through email or our website form), inquiries about our services, or details you share when scheduling appointments or during event planning. We use Outlook email for much of our contact management, so emails and attachments you send may be stored in our secure Outlook system.
  • Event and Appointment Details: If you register for a meeting, demo, or event we organize, we may collect details related to that appointment or event (e.g. scheduling preferences, organization name, and any relevant requirements or notes you provide). This helps us plan and personalize the event or appointment to meet your needs.
  • Website Usage Data: When you visit our website, we may collect minimal technical information through cookies or similar tracking technologies. This can include your IP address, browser type, and browsing behavior on our site (e.g. pages viewed, time spent). We only use this data to understand website traffic and improve user experience. (See Cookies and Tracking below for more details.)
  • Non-Collected Data: We intentionally do not collect certain data that is not necessary for our services. For example, we do not collect or process any payment information or financial account data. Any payments for our services are handled externally (off-site billing or bank transactions), so we will never ask you for credit card numbers or banking details. We also do not knowingly collect any sensitive personal information such as social security numbers, government IDs, health or biometric data, etc., as our services do not require this. Furthermore, our services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 16. If you believe a minor has provided us personal data, please contact us and we will delete it.

Our philosophy is to limit data collection to the minimum needed for our legitimate business purposesgdpr-info.eu. If we ever need to collect additional information, we will only do so with a clear purpose and, when required, with your consent.

How We Use Your Information

We use the collected information strictly for defined purposes in support of our business relationship with you. These purposes include:

  • Providing and Improving Services: We use contact and communication information to deliver our consulting and planning services, schedule appointments, and organize events that you have signed up for or agreed to. For example, if you request a consultation or register for a webinar, we will use your provided contact details to schedule and communicate with you about it. We may also use feedback or inquiries you send us to improve our services and customer support.
  • Marketing and Communications: With your permission or as otherwise allowed by law, we may use your contact information (such as email) to send you updates about StepKnock’s offerings, industry insights, invitations to events, or other marketing communications. This is typically done to keep you informed of solutions or events that could benefit your business. All such communications will come from us (often via our IBM-affiliated marketing platform or Outlook) and you can opt out at any time. We do not bombard you with irrelevant requests, and we never sell your information to third-party marketers.
  • Appointment Setting and Event Planning: As noted, a core use of your data is to coordinate meetings and events. We will use the information you provide (e.g. your name, company, and contact info) to arrange appointments or enroll you in events, send you reminders or updates, and ensure the event or meeting is tailored to your interests.
  • Website Functionality and Analytics: The website usage data we gather (via cookies or logs) helps us ensure our website functions properly and is user-friendly. For instance, basic analytics might tell us which pages are most visited, allowing us to improve those pages. This usage information is analyzed in aggregate and is not used to personally identify you for advertising. It is purely for improving our site and services.
  • Legal Compliance and Protection: We may use or preserve personal information as needed to comply with legal obligations, such as keeping records required by law or responding to lawful requests by authorities. Additionally, if necessary, we will use information to enforce our Terms & Conditions or to protect our rights, privacy, safety or property, or those of our clients and partners. This includes using data to detect or prevent security issues or fraud.

We will only use your personal data for the purposes for which we collected it, and will not use it in a way that is incompatible with those purposes without informing you and obtaining consent if required. We do not engage in any automated decision-making or profiling that has legal or significant effects on individuals. If we ever need to use your information for a new purpose, we will update this policy and notify you when appropriate.

Cookies and Tracking

Our website uses cookies and similar technologies to provide necessary site functionality and to understand how users interact with our site. Cookies are small text files stored on your device when you visit a website. The cookies we use on the StepKnock website fall into a couple of basic categories:

  • Essential Cookies: These are necessary for the website to function and cannot be switched off in our systems. For example, if our site has a login or session feature (currently it’s mostly informational, so this may be minimal), such cookies would maintain your session or preferences.
  • Analytics Cookies: We may use analytic or performance cookies to collect anonymous information about how visitors use our site. For instance, we might use these to track site traffic, page views, and click patterns in aggregate. This data helps us improve the website’s layout and content. We currently do not use any advanced third-party analytics tools that collect personal data; if we introduce an analytics tool (like Google Analytics or similar), we will update this policy and ensure it’s configured to respect privacy (e.g. IP anonymization where applicable).

Importantly, we do not use advertising or marketing cookies that track you across other sites, nor do we allow third-party ad networks to collect information about you through our site. In other words, your browsing on our site is not used to later target you with ads on other platforms. We also do not share browsing data with social media platforms for advertising purposes. Our focus is on basic, first-party analytics and functionality.

Cookie Consent: When you first visit our site, you may see a notification about cookies. If you are in a jurisdiction that requires cookie consent (such as the EU/UK), we will present you with a clear option to allow or disable non-essential cookies. You can always choose not to accept certain cookies. Even after accepting, you can manage or delete cookies in your browser settings at any time. Declining optional cookies will not break the core functionality of our site, though some enhancements (like video playback or embedded content) might be affected.

For more information on cookies and how to control them, you can adjust your browser settings to refuse cookies or alert you when cookies are being used. Each browser (Chrome, Firefox, Safari, etc.) has its own cookie management options in its settings. Using our site with cookies disabled is possible, but if you encounter any issues, please let us know.

How We Share and Disclose Information

We do not share or disclose your personal information to third parties except in the limited cases described here. Fundamentally, we never sell your personal data – not for money, not for any other valuable consideration. (Under laws like the CCPA/CPRA, “selling” can include sharing data for advertising purposesonetrust.com, but we engage in no such activity. We do not share your information for cross-context behavioral advertising or any similar “sale” of data.) In short, your information is used by StepKnock solely for the purposes outlined above, and if we share it, it is only as necessary to run our business or comply with the law. The scenarios in which we might share your data are:

  • Service Providers (Processors): We may share certain information with trusted third-party service providers who perform services on our behalf, under our instructions. This includes, for example, IT hosting and infrastructure providers, email and marketing distribution services, and customer relationship management tools (if we use them in the future). Specifically, at present we use Microsoft Outlook for managing contacts and communications, and an IBM internal marketing platform to help run email campaigns and newsletters. These platforms inevitably handle your contact information as we store or send communications, but they act under our control and for our use only. We have agreements in place with such providers to ensure your data is protected and used only for our specified purposes. They are not allowed to use your information for their own marketing or any other purposes outside of what we’ve contracted them for.
  • Affiliates and Partners: StepKnock is an IBM Business Partner, which means we work closely with IBM on solutions for our clients. However, we do not automatically share your personal data with IBM or any other partner unless it is necessary for the services you’ve requested. For instance, if we co-host an event with IBM or need to arrange specialized support, and it requires sharing your information (like your name and company) with IBM, we will do so only with appropriate protections and, if required, with your consent. Any such sharing will be limited to what is necessary.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or regulatory requirement). We will only provide the information that is necessary and will object when we believe a request is overly broad. Additionally, if we need to disclose data to enforce our legal rights or defend against legal claims, we will do so as necessary.
  • Business Transfers: As a startup, we anticipate growth. If StepKnock undergoes a business transition such as a merger, acquisition by another company, or sale of all or part of our assets, personal information may be among the assets transferred to the new owner. Should such a transfer occur, we will ensure that the successor entity is bound to respect the terms of this Privacy Policy (or you will be given notice and an opportunity to opt out of the transfer of your data, if required by law). The new entity will only be allowed to use your data in ways consistent with this policy or as you otherwise consent.
  • With Your Consent: In any other scenario not covered above, we would share your personal information only if you have given explicit consent for a specific purpose. For example, if you ask us to introduce you to a third-party partner or sign up to receive information from an external service through us, we would share your contact info only with your knowledge and approval.

We emphasize that outside of these circumstances, your data stays with StepKnock. We do not trade, rent, or sell your information to advertisers or data brokers. We also do not share your personal data for others’ independent marketing or advertising purposes. Any third parties who assist us (as described) are contractually obligated to safeguard your data and use it only for the functions we’ve specifiedscoredetect.comscoredetect.com. If you have questions about any specific third party that may handle your data, feel free to contact us for more information.

Data Security

We take security seriously and employ a combination of technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse. As a company focused on IT and cybersecurity solutions, we apply the same rigor to our internal practices. Some of the key security measures we have in place include:

  • Secure Infrastructure: We store your data on secure servers and trusted cloud services. For example, our emails and contact lists are maintained in Microsoft’s Outlook/Office 365 platform, and marketing information is managed through an IBM-secured marketing system. These platforms offer robust security features at an enterprise level, including encryption of data at rest and in transit, and they are monitored for unusual activity.
  • Encryption: Any sensitive transmissions of data are protected via encryption protocols (HTTPS/SSL on our website, encrypted email channels when available, etc.). Encryption scrambles data so that only authorized parties (with the decryption keys) can read it. We also use encryption where feasible for stored data, adding an extra layer of protection in case of any unauthorized accesscom.
  • Access Controls: We limit access to personal data strictly to those personnel and service providers who need it to perform their duties. Within StepKnock, only authorized staff (for example, our management or team members responsible for client relations) can access your information, and even then, only what they need. Our accounts and systems are protected with strong passwords and, where possible, multi-factor authentication to prevent unauthorized loginscom.
  • Employee Training and Policies: We ensure that everyone on our team is educated about privacy and security best practices. Our team is small, but we have internal policies to guide how we handle personal data. Team members are trained to follow confidentiality protocols, to recognize and avoid phishing or other security risks, and to promptly report any potential security incidents. We instill a culture of data protection awareness, as recommended for startups building out their privacy practicescom.
  • Preventive Monitoring: We regularly review our systems for vulnerabilities or suspicious activities. Software and plugins are kept up-to-date to patch security issues. We utilize antivirus and anti-malware tools on our devices. If we use any web analytics or form processors, we ensure they are configured securely. In short, we check for security issues often and strive to address potential problems proactivelycom.
  • Incident Response Plan: Despite all precautions, no method of transmission or storage is 100% secure. In the unlikely event of a data breach or security incident, we have a response plan in place. This includes immediately investigating the incident, taking steps to mitigate any harm, and notifying affected parties and regulators as required by law (for example, GDPR requires breach notification within 72 hours in certain cases). We will be transparent and do everything we can to rectify any security issues that arise.

By implementing these measures – encryption, access control, regular audits, staff training, and more – we aim to meet or exceed industry standards for data securitysprinto.com. We understand that our clients trust us with their information, and we continuously work to maintain that trust through robust security practices.

Data Retention

We keep personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. In practice, this means:

  • If you are a client or actively engaged with our services, we will retain your information for the duration of our business relationship and for a reasonable period thereafter to manage any follow-up issues or legal obligations. For example, if you attend an event or we complete a project for you, we may retain your contact details and notes from the engagement for a certain time in case you have questions, for our own record-keeping, or to inform you of related services that might interest you (unless you have opted out).
  • If you have subscribed to our marketing communications, we will keep your contact information on our mailing list until you unsubscribe or ask us to delete it. (Every marketing email will include an Unsubscribe link to make this easy, or you can contact us directly.) If you opt out, we will remove you from our active list promptly, though we may keep a minimal record of your email address on a suppression list to ensure we honor your opt-out going forward.
  • If you contact us with an inquiry but do not become a client or otherwise engage further, we may retain your communication and contact info for a short period to be able to respond and follow up. After that, we will delete it if there’s no ongoing need.
  • Website logs and analytics data are retained only for short periods (typically for a few months) in aggregated form, unless we need to preserve them longer for security analyses. They are generally purged on a rolling basis.
  • In all cases, we regularly review the data we hold and erase or anonymize personal data that we no longer need. For instance, if we have old contact lists or event registrant information that is no longer relevant, we will securely delete those records. We aim to limit retention to the shortest duration necessary, aligning with the principle of storage limitation under GDPRgdpr-info.eu.

There are some instances where laws or legitimate business needs may require longer retention. For example, financial records (invoices, etc.) might be kept for accounting and tax purposes for a certain number of years (even though we do not collect payment info, if we issue an invoice with your company name, that invoice is a business record we retain). Also, if relevant to legal proceedings or disputes, we might need to retain certain information until those issues are resolved. However, these are exceptions; our default approach is not to hold onto personal data indefinitely unless there’s a good reason.

When we do dispose of personal data, we do so securely. Digital data will be permanently deleted or overwritten, and any physical documents (if any exist containing personal data) will be shredded. By minimizing both what we collect and how long we keep it, we reduce risks and respect your privacy choices.

Your Rights and Choices

We want you to have control over your personal information. Accordingly, you have certain rights and choices regarding the data that we collect and hold about you. These include:

  • Access and Transparency: You have the right to request a copy of the personal information we hold about you and to inquire about how we have used it. We will provide you with a summary of such information in a readily understandable format.
  • Correction (Rectification): If any of your personal data we have is inaccurate or outdated, you have the right to request that we correct or update it. For example, if you change your email address or realize we misspelled your name, just let us know and we will fix it.
  • Deletion (Right to be Forgotten): You can ask us to delete your personal information. For instance, if you no longer want us to have your contact details on file, you can request that we remove you from our database. We will honor such requests, provided we do not have a specific legal obligation or overriding legitimate interest to retain the data. If, for some reason, we cannot delete all your data (e.g., we need to keep records of a transaction for auditing), we will let you know what we must retain and why.
  • Opt-Out of Marketing: If you are receiving marketing emails or newsletters from us, you have the right to opt out at any time. You can click the “Unsubscribe” link in any email we send, or contact us at any point to be removed from marketing lists. Once you opt out, we will stop sending you promotional communications. (Note: Even if you opt out of marketing, we may still send you non-promotional communications if you are an active client – for example, emails about a project you’re working on with us, or important updates about our services like changes to this policy.)
  • Data Portability: To the extent applicable, you can request to receive the personal data you have provided to us in a structured, commonly used, machine-readable format. If you need your data transferred to another service provider (and it’s data you gave us directly, like your contact info), we will provide it in a CSV or similar format that is portable.
  • Right to Object or Restrict Processing: You may have the right to object to certain processing activities or request that we limit the processing of your data. For example, if we were processing your data based on a legitimate interest, and you have a particular situation that makes you want to object, you can inform us. Or if you just want us to hold your data but not actively use it (perhaps while you verify its accuracy or resolve another issue), you can request restriction. We will evaluate such requests and comply if required by law.
  • California Privacy Rights: If you are a California resident, in addition to the rights above, you have the right to ask for disclosure of the categories of personal information we have collected, the categories of sources, the business purpose for collecting it, and whether we disclosed or “sold” (shared) any of that information. We provide much of this information in this Privacy Policy. Importantly, as stated, we do not sell personal info, so the right to opt-out of sale is not applicable in our case (there is no sale to opt out of). California residents also have the right not to receive discriminatory treatment for exercising their privacy rights. StepKnock honors that: we will never deny services or provide different quality of service just because you exercised your privacy rights.
  • EU/UK GDPR Rights: If you are located in the European Union or United Kingdom, your data protection rights include all the above (access, correction, deletion, etc.) under the GDPR/UK GDPR. You also have the right to lodge a complaint with a Data Protection Authority (DPA) or supervisory authority in your country if you believe we have not handled your information properly. We encourage you to contact us first, and we will do our best to address your concern. But it’s your right to seek regulatory enforcement if needed.

To exercise any of these rights, please contact us using the information in the “Contact Us” section below. We will respond to your request as quickly as possible, generally within 30 days as required by many laws (and often much sooner). For certain requests, we may need to verify your identity to ensure that we do not disclose or delete data at the request of an unauthorized person. Any verification process will be reasonable and tailored – typically, we might ask you to confirm some basic information we already have on file (like sending the request from the email address we have of yours, or answering a short question).

There is no fee for making a request, with one small exception: if you make repetitive, excessive requests, or requests that are manifestly unfounded, some laws allow a reasonable fee or even refusal. However, we have not encountered this situation – our policy is to fulfill reasonable requests in good faith. We want you to feel confident about how we handle your data, and respecting your rights is a crucial part of that.

scoredetect.comRemember, it’s your data – our job is to safeguard it and use it properly, and your job is to let us know if you have any concerns or if you want to exercise any choice regarding that data.

Compliance with Laws

We design our privacy practices to meet the requirements of applicable data protection laws and regulations, even if our current scale doesn’t formally require full compliance in all cases. This “future-proof” approach is intentional; as we grow, we want our practices to already be in line with legal expectations. Here are some of the key laws and principles we comply with:

  • GDPR (General Data Protection Regulation): Although primarily for the European Union, GDPR often sets the global gold standard for privacy. We adhere to GDPR principles such as lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountabilitygdpr-info.eugdpr-info.eu. Practically, this means we only process data when we have a valid legal basis (e.g., your consent or our legitimate interest to perform a service you requested), we tell you what we’re doing with your data, we minimize data collection, and we protect data with strong security. If we ever were to transfer personal data from the EU to outside (e.g., to the U.S. where our servers or service providers are), we would ensure an appropriate transfer mechanism is in place (such as Standard Contractual Clauses) to safeguard that data.
  • CCPA/CPRA (California Consumer Privacy Act & California Privacy Rights Act): We respect the rights of California residents as outlined in these laws. Even though we are a small company likely below the formal thresholds of CCPA (e.g., we do not meet the 50,000 consumers or $25 million revenue criteriaca.gov), we voluntarily uphold its spirit. We provide transparency about what categories of data we collect and why, we honor deletion and access requests, and we have processes to handle any “Do Not Sell or Share” preferences (noting again that we don’t sell or share data in the manner those laws target). If in the future our activities expand, we will ensure full compliance with any notice and opt-out link requirements, but currently our policy of no data sales simplifies compliance here.
  • Other U.S. State Laws: New comprehensive privacy laws are in effect in several states such as Virginia (CDPA), Colorado (CPA), Connecticut, Utah, etc., each with similar core requirements around consumer rights and data responsibilitiescom. We are keeping abreast of these developments and incorporating their requirements as needed. For example, like the Virginia CDPA, we would honor opt-outs of targeted advertising or sale (though we don’t do those), and like Colorado’s law, we would treat sensitive personal data with extra care if we ever had to handle it (currently we do not collect sensitive data). We are committed to staying updated and adjusting our practices as new state or federal laws come into effectscoredetect.com.
  • CAN-SPAM Act and Email Marketing Laws: For our email communications, we comply with laws like the U.S. CAN-SPAM Act and Canada’s CASL, which require us to only send marketing emails to those who have given consent or with whom we have an ongoing relationship, and to include clear opt-out mechanisms. We always include an unsubscribe link and our contact information in marketing emails, as required by these laws. We also honor opt-out requests promptly.
  • Industry Standards and Best Practices: Beyond formal laws, we aim to follow best practices advocated by privacy professionals. This includes conducting privacy risk assessments when launching new projects, embedding privacy into our service design (privacy by design), and maintaining transparency with our users. We believe that good privacy practices are not just about legal compliance, but also about earning and keeping your trust.

In summary, we are diligent about legal compliance and proactively work to meet the requirements of privacy laws that apply to us (and even some that technically may not, due to our size). As laws evolve, we will update our policies and practices. Our promise is that we will always handle your data ethically, lawfully, and transparently. If you ever have a question about our compliance with a particular law or requirement, please contact us – we’ll be happy to explain or provide additional details.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes, we will notify you in a manner appropriate to the significance of the changes. For example, for significant changes we might send an email notification to our contacts or post a notice on our website’s homepage. Minor updates will simply be reflected in the “Last Updated” date at the top of the policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

When we update the policy, we will note the effective date of the revision at the top. If you continue to use our services or website after the new policy takes effect, it will be deemed acceptance of the changes. However, if any change would materially reduce your rights or our obligations regarding previously collected personal information, we will seek your consent where required by law. Our aim is not to change our approach to privacy in a negative way – any changes are generally to improve clarity or comply with new requirements.

If you have any questions about the changes or need further information, please contact us (see below). Your privacy is an ongoing priority, and we will always strive to keep our policy up-to-date and clear.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us. We are here to help and will respond as promptly as we can.

You can contact us in the following ways:

  • Email: privacy@stepknock.com – This is the dedicated email address for privacy inquiries. You may also contact our general support at info@stepknock.com, and it will be routed appropriately.
  • Mailing Address: StepKnock LLC, 1286 University Ave, Suite 1104, San Diego, CA 92103, USA. Attn: Privacy Team.
  • Phone: +1 (858) 609-9029. (If you call us with a privacy question, we may ask you to follow up in writing for documentation purposes, depending on the request, but we’re happy to discuss any concerns by phone initially.)

When contacting us about your personal data, please provide your name and contact information and clearly describe your request or question. If you are making a request to exercise your rights (e.g., requesting a copy of your data or asking for deletion), please specify what you are looking for. We may need to verify your identity before proceeding with certain requests, as mentioned in the Your Rights section, to ensure we protect your information from unauthorized access.

We will address your inquiry as quickly as possible. For most requests, you can expect a response within 30 days or sooner. If for some reason we need more time (for example, if a request is complex), we will let you know and keep you updated on the progress.

Thank you for trusting StepKnock with your personal information. We value your business and your privacy, and we are always open to feedback on how we can improve our practices. This Privacy Policy is meant to give you a clear understanding of what we do – and don’t do – with your data. If anything is unclear or if you need further clarification, please do not hesitate to contact us. Your privacy and satisfaction are extremely important to us.