New Steplab subprocessors

Steplab is committed to maintaining the highest standards of service reliability and data security. To achieve this, we occasionally engage specialised third-party vendors—known as subprocessors—to handle specific technical functions, such as securing our network traffic or powering our customer support systems.

We select these partners based on their ability to offer best-in-class security and performance. Every subprocessor is vetted strictly and bound by a Data Processing Agreement (DPA) to ensure they process your data solely for the purposes we authorise and in full compliance with UK GDPR standards.

New addition: Intercom

We use Intercom to power our customer support chat and help centre. This allows us to provide real-time assistance and efficiently manage your support queries. While Intercom processes personal data such as names, email addresses, and the contents of your messages, they do so strictly to facilitate communication between you and our team. Data is encrypted both in transit and at rest, and Intercom is contractually prohibited from using your data for their own purposes, such as advertising.

New addition: Cloudflare

Cloudflare acts as our Web Application Firewall (WAF) and Content Delivery Network (CDN). It serves as a secure perimeter for our application, inspecting incoming web traffic to block malicious attacks (such as botnets or hacking attempts) before they reach our servers.

To perform this security function, Cloudflare processes technical data such as IP addresses and traffic logs. This processing is transient and necessary to distinguish between legitimate users and security threats, ensuring the platform remains fast and available for everyone.