N
NextStep

Privacy Policy

Last updated: January 4, 2026

NextStep ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our service.

Information We Collect

Account Information

When you sign up, we collect:

  • Your email address
  • Your name
  • Your company/team name

Connected Sources Data

When you connect third-party services (Slack, Gmail, Notion), we access and process data from these sources to provide our AI-powered prioritization features. This includes:

  • Slack: Messages from channels you authorize, direct messages you're part of
  • Gmail: Email content, senders, and metadata from authorized folders
  • Notion: Page content and database entries you authorize

We request read-only access to these services. We never send messages, emails, or modify content on your behalf.

Usage Data

We automatically collect:

  • Feature usage patterns (which features you use, how often)
  • AI processing metrics (to improve our service)
  • Error logs (to fix bugs)

How We Use Your Data

  • AI Processing: Your connected data is processed by AI to identify priorities, extract action items, and generate insights for your dashboard.
  • Service Improvement: Aggregated, anonymized data helps us improve NextStep.
  • Communication: We may send you important service updates or respond to your inquiries.

We never sell your data to third parties.

Third-Party Services

We use the following third-party services to operate NextStep:

  • Supabase: Database and authentication (US servers)
  • Anthropic Claude: AI processing for content analysis
  • OpenAI: Embeddings for semantic search
  • Vercel: Hosting and infrastructure

Each of these services has their own privacy policies and security measures.

Data Retention

  • Your data is retained while your account is active.
  • You can disconnect any source at any time, and we'll stop syncing new data from that source.
  • When you delete your account, we delete all your data within 30 days.
  • You can request data deletion at any time by contacting us.

Security

We take security seriously:

  • All data is encrypted in transit (TLS) and at rest
  • We use Row Level Security (RLS) to ensure users can only access their own data
  • OAuth tokens are stored securely and refreshed automatically
  • We regularly review and update our security practices

Your Rights

You have the right to:

  • Access: View all data we have about you
  • Delete: Request deletion of your account and data
  • Export: Request a copy of your data
  • Disconnect: Remove any connected source at any time

To exercise these rights, contact us at hello@getnextstep.app.

Cookies

We use minimal cookies, primarily for authentication purposes. We do not use tracking cookies or third-party advertising cookies.

Beta Service

NextStep is currently in beta. While we take every precaution to protect your data, beta software may have bugs or unexpected behavior. We appreciate your understanding as we continue to improve the service.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the service. Your continued use of NextStep after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

Email: hello@getnextstep.app

← Back to home