Privacy Policy

Welcome to SoulStep (soul-step.org). SoulStep is a pilgrimage and sacred sites discovery platform that helps users explore mosques, temples, churches, gurdwaras, synagogues, and other places of worship around the world. We enable users to create pilgrimage journeys, check in at sacred sites, write reviews, save favorites, and connect with fellow travelers on spiritual journeys.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at soul-step.org on desktop or mobile web (collectively, the "Service"). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service. We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy.

Account Information. When you register for a SoulStep account, we collect your name, email address, and password. You may optionally provide a profile photo and display name. If you sign in through a third-party authentication provider (such as Google), we receive your name, email address, and profile image from that provider.

Check-in and Activity Data. When you check in at a sacred site, we record the place, the timestamp, and any associated journey or group. We also store your reviews, ratings, favorite places, and journey progress. This data is used to personalize your experience, display your pilgrimage history, and calculate journey progress.

Location Data. With your permission, we collect your device's geographic location to show nearby sacred sites, enable proximity-based check-ins, and display your position on the discovery map. You can disable location services through your device or browser settings at any time, though this may limit certain features of the Service.

Device and Technical Information. We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, device type, screen resolution, referring URL, and pages visited. This information is collected through our analytics provider (described in Section 5) and through standard server logs. We use this data to maintain the security and performance of the Service and to understand aggregate usage patterns.

Service Operation. We use your information to create and manage your account, authenticate your identity, process check-ins, store your reviews and favorites, track journey progress, and deliver notifications. Your account data is essential for providing the core functionality of the Service.

Personalization. We use your check-in history, favorites, and location data to recommend sacred sites you may be interested in, suggest journeys, and display content relevant to your spiritual interests and geographic area. We may also use this data to personalize the order and presentation of places in search results and on the discovery map.

Analytics and Improvement. We analyze aggregate and anonymized usage data to understand how users interact with the Service, identify areas for improvement, fix bugs, and develop new features. We use Umami Cloud as our analytics provider, which is described in more detail in Section 5.

Communication. We may use your email address to send you service-related announcements, such as account verification, password reset, security alerts, and important updates to our Terms of Service or this Privacy Policy. We do not send marketing emails unless you have explicitly opted in.

Third-Party Advertising Cookies. We may use third-party advertising partners, including Google AdSense and Adsterra, to display advertisements on the Service. These partners may use cookies, scripts, pixels, or similar technologies to serve, measure, and improve ads based on your visits to SoulStep and other websites, subject to your consent choices and their policies.

Personalized Advertising and Opt-Out. Advertising partners may use data collected through these technologies to personalize the advertisements shown to you. You may manage Google personalized advertising by visiting Google Ads Settings. Alternatively, you may opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.

Advertising Consent Controls. We use consent controls to respect your privacy choices. By default, advertising storage and analytics storage are set to "denied" until you provide explicit consent through our cookie consent banner. When Google tags are active, we use Google Consent Mode v2 so those tags adjust their behavior accordingly. Other advertising partner tags are only loaded after advertising consent is granted. You may withdraw your consent at any time by clearing your browser cookies or using the consent controls provided on the Service.

Essential Cookies. In addition to advertising cookies, we use essential cookies that are strictly necessary for the operation of the Service. These include session cookies for authentication (to keep you logged in), language preference cookies, and theme preference cookies (light/dark mode). Essential cookies cannot be disabled as they are required for the Service to function properly.

We use Umami Cloud as our web analytics provider. Umami is a privacy-focused analytics platform that does not use cookies, does not collect personal data, and does not track users across websites. All data collected by Umami is aggregated and anonymized — it cannot be used to identify individual users.

Umami collects the following anonymized data points: page views, referrer URLs, browser type, operating system, device type, screen size, and country of origin (derived from IP address, which is not stored). This data helps us understand which pages are most visited, how users navigate the Service, and which devices and browsers we should prioritize for testing and optimization.

Because Umami does not use cookies or collect personally identifiable information, it is compliant with GDPR, CCPA, and other privacy regulations without requiring cookie consent. Umami analytics data is entirely separate from the advertising cookies described in Section 4.

We do not sell your data. SoulStep does not sell, rent, or trade your personal information to third parties for their marketing purposes. We will never monetize your personal data directly.

Advertising Partners. As described in Section 4, we share data with Google and other advertising partners through cookies for the purpose of serving advertisements on the Service. This data may include browsing activity and cookie identifiers but does not include your name, email address, or other directly identifying account information.

Service Providers. We may share your information with third-party service providers who perform services on our behalf, such as hosting, data storage, email delivery, and customer support. These providers are contractually obligated to use your information only for the purposes of providing their services to us and are required to maintain the confidentiality of your data.

Legal Requirements. We may disclose your information if required to do so by law, in response to a valid legal process (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We retain your account information, check-in history, reviews, and other user-generated content for as long as your account is active or as needed to provide you with the Service. If you stop using the Service but do not delete your account, we will retain your data in accordance with this policy and applicable law.

You may request deletion of your account and all associated data at any time by contacting us at contact@soul-step.org. Upon receiving a verified deletion request, we will delete your personal data from our active systems within 30 days. Some data may persist in encrypted backups for up to 90 days after deletion, after which it will be permanently removed.

Please note that certain data may be retained even after account deletion where required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes such as fraud prevention. Anonymized and aggregated data that can no longer be associated with you may be retained indefinitely for analytical purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you. You can access most of your data directly through the Service by visiting your profile and check-in history pages.
• Right of Correction: You may update or correct your personal information at any time through the Edit Profile section of the Service, or by contacting us directly.
• Right of Deletion: You may request the deletion of your personal data as described in Section 7 above.
• Right to Opt Out: You may opt out of personalized advertising as described in Section 4. You may also opt out of non-essential communications by updating your notification preferences.
• Right to Data Portability: You may request a machine-readable export of your personal data by contacting us.

To exercise any of these rights, please contact us at contact@soul-step.org. We will respond to all legitimate requests within 30 days. We may ask you to verify your identity before processing your request to protect your account security.

If you are a resident of the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority if you believe your personal data has been processed in violation of applicable law. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete it, and the right to opt out of the sale of personal information (which SoulStep does not engage in).

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and you believe your child under 13 has provided us with personal information, please contact us at contact@soul-step.org so that we can take appropriate action. We encourage parents and guardians to monitor their children's Internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information through the Service without permission.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice such as an in-app notification or an email to your registered email address.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of those changes. If you disagree with any updated terms, you should discontinue use of the Service and request deletion of your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SoulStep
Email: contact@soul-step.org
Website: soul-step.org

We take your privacy seriously and will make every effort to respond to your inquiry promptly. For data deletion or access requests, please allow up to 30 days for a complete response.