How we handle what you tell us. Plain language, no fine print buried in jargon.
Who we are. Sure Step ("we") provides a guided coaching conversation that helps you write a plan for your future. We are the data controller for the information you give us. You can reach us at darren.emedo@gmail.com.
Your email address and first name; your payment details (handled entirely by Stripe — we never see your card number); and the answers you give during your coaching session. Your answers may include personal and sensitive details about your health, relationships, finances, or faith, but only if you choose to share them.
If you create an account, we store your email and a securely hashed password via Supabase Auth so you can access your sessions from any device. If you use voice conversation mode (available on Blueprint and Compass tiers), your spoken audio is sent to a transcription service to convert it to text; we do not store the audio itself.
We use your information to run your session, generate your written plan, and email it to you. Our legal basis is the contract you enter when you purchase a session. Where you share sensitive personal details (health, faith, relationships), we rely on your explicit consent, given through the tick-box at sign-up, which you can withdraw at any time by contacting us.
You only share what you are comfortable with. You can choose no faith content and skip money entirely. You do not need to share sensitive information to receive a useful plan.
At sign-up there is a separate, unticked box for occasional marketing emails about Sure Step. It is never pre-ticked, entirely optional, and has no bearing on your plan. You can withdraw this consent at any time by unsubscribing from any such email or by contacting us directly.
We use the following trusted suppliers, each processing data only on our instructions:
Anthropic — powers the AI coaching conversation. Processes data in the US under standard contractual clauses. Does not use your session content to train its models.
Stripe — handles payment securely. We pass them your email for receipt purposes; they are an independent data controller for payment data.
Supabase — stores your session data and, if you create an account, your authentication credentials. Data is held in the EU.
Resend — sends your plan and resume link by email.
OpenAI — used for voice transcription and text-to-speech on Blueprint and Compass tiers. Audio is processed in the US and is not retained or used for training.
Vercel — hosts the application. We never sell your data or display advertising.
We keep an internal record, linked to your email, of how much AI processing your sessions used and its approximate cost. This is for our own accounting only, is never shared, contains none of your answers or plan content, and is never used to limit what you receive.
We keep your session and plan while your account is active so you can return to it. We delete data after a reasonable period of inactivity, or promptly on request. We do not store voice audio after transcription.
Under UK data protection law you have the right to access, correct, delete, or restrict our use of your personal data, to object to processing, and to data portability. These rights are free to exercise. Email us at darren.emedo@gmail.com and we will respond within one month. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.
Your plan is created by an AI coach. It is personal guidance to help you design your own future. It is not medical, psychological, financial, or legal advice, and should not be treated as such.
We will post any material changes here and update the date below. Continued use of Sure Step after a change constitutes acceptance of the updated notice.
Last updated 28 June 2026.
Note for Darren: this notice covers the current technical stack. Have a UK data-protection solicitor review it before scaling to a large user base, particularly regarding the sensitive personal data processed during sessions and the US-based sub-processors.