Privacy Policy

The data controller responsible for your personal data is:

Controller: Dorinel Ghimis (trading as: StepUp Tutorials)

Operator: StepUp Tutorials

Email: [email protected]

Website: stepuptutorials.com

Jurisdiction: Deutschland / EU

Impressum →

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), date of birth (optional)
• Profile data: display name, avatar, bio, location, social links (Premium only)
• Content data: tutorials, comments, ratings and collections you create
• Payment data: subscription status and billing period (payment details are processed by Mollie and never stored on our servers)
• Technical data: country and city derived from IP address via Cloudflare headers (not stored as raw IP), browser type, device type
• Communication data: messages sent through the contact form or direct messaging feature
• When signing in via Google or Facebook: name, email address, profile picture and OAuth token from the respective provider

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR) — to provide the services you subscribed to, including account management and payment processing
• Legitimate interests (Art. 6(1)(f) GDPR) — to maintain platform security, prevent fraud and improve our services through anonymous analytics
• Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws, including German tax and accounting obligations (§ 147 AO)
• Consent (Art. 6(1)(a) GDPR) — For optional features such as signing in with Google or Facebook and embedding YouTube videos, we obtain your explicit consent.

Legal basis per service:

Your personal data is used for the following purposes:

• Creating and managing your account
• Processing subscription payments via Mollie
• Translating tutorial content via DeepL API (see Section 5)
• Sending transactional emails via Mailjet (account confirmation, password reset, contact responses)

We do not sell your personal data to third parties and do not use it for automated decision-making or profiling.

StepUp automatically translates tutorial content (titles, descriptions and steps) into 6 languages using the DeepL API. You should be aware of the following:

• Tutorial content (text only, no personal data) is transmitted to DeepL servers in Germany 🇩🇪 for translation
• DeepL processes text on EU-based infrastructure and has a Data Processing Agreement in place with us
• Content sent to DeepL does not include personal identifiers such as names, email addresses or payment information

Platform administrators may edit or correct DeepL translations to improve accuracy. Translated content is clearly marked as machine-translated within the platform.

We offer you the option to sign in to StepUp Tutorials using your Google or Facebook account. When you use this option, the following data is transmitted to us by the respective provider:

• Name and email address of your account
• Profile picture (if set in your account)
• Unique user ID of the provider
• OAuth access token for authentication

Processing is based solely on your consent (Art. 6(1)(a) GDPR). You can disconnect the link at any time in your account settings. Google LLC and Meta Platforms Ireland Ltd. act as independent controllers and are subject to their own privacy policies.

StepUp Tutorials maintains presences on the following social networks to reach our community and share tutorials:

• Facebook & Instagram (Meta Platforms Ireland Ltd., Ireland) – Privacy: facebook.com/privacy/policy
• YouTube (Google Ireland Ltd., Ireland) – Privacy: policies.google.com/privacy
• X / Twitter (X Corp., USA, data transfer based on Standard Contractual Clauses) – Privacy: x.com/en/privacy
• When visiting our social media profiles, the privacy policies of the respective provider apply

We have no influence over data processing by the platform operators. Where we act jointly with Meta as co-controllers under Art. 26 GDPR, a corresponding agreement is in place. We recommend reading the privacy notices of the respective platforms.

Some tutorials on our platform may contain affiliate links added independently by the tutorial creators. If you click on such links and make a purchase, the creator of the tutorial may receive a commission. StepUp Tutorials is not involved in these commissions and receives no revenue from them.

• Affiliate links belong to the creators and are added at their own responsibility
• StepUp Tutorials accepts no liability for the safety, accuracy or availability of linked products or websites
• Click and purchase data may be collected by the affiliate program of the respective provider — StepUp has no influence over this
• Affiliate links are marked as such within the tutorial

We recommend using external links with caution. StepUp is not responsible for the content or privacy practices of linked third-party websites.

We use technically necessary cookies for operating the platform (authentication, language settings) and optional cookies for functional purposes (Google and Facebook sign-in). Plausible Analytics operates without cookies and does not use tracking code.

You can adjust your cookie preferences at any time via the cookie banner at the bottom of the screen. A detailed list of all cookies can be found in the 'Legal Basis' section and in the cookie banner itself.

We use carefully selected service providers who process data on our behalf. Data processing agreements pursuant to Art. 28 GDPR are in place with all processors. Providers based outside the EEA (Google, X Corp.) transfer data on the basis of EU Standard Contractual Clauses (SCCs).

A complete overview of our processors can be found in the table below.

We store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations. For accounting records, retention periods of 6 and 10 years apply pursuant to § 257 HGB and § 147 AO. Account data is deleted immediately and irrevocably upon account deletion.

You have the following rights regarding your personal data under the GDPR:

• Right of access — You may request information about the data stored about you at any time (Art. 15 GDPR).
• Right to rectification — You may request correction of inaccurate or incomplete data (Art. 16 GDPR).
• Right to erasure — Under certain conditions, you may request deletion of your data (Art. 17 GDPR).
• Data portability — You may receive your data in a commonly used, machine-readable format (Art. 20 GDPR).
• Right to object — You may object to processing of your data based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent — You may withdraw any consent given at any time with effect for the future (Art. 7(3) GDPR).

How to exercise your rights:

• By email: [email protected]
• We will process your request within 30 days in accordance with Art. 12 GDPR.

We implement appropriate technical and organisational measures to protect your data in accordance with Art. 32 GDPR. All data transfers use HTTPS/TLS encryption. Access to personal data is restricted to authorised staff on a need-to-know basis.

Our application is hosted on servers operated by Hetzner Online GmbH (Nuremberg / Falkenstein, Germany 🇩🇪). All processing takes place within the European Union. A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner.

In the event of a data breach, we will notify the competent supervisory authority within 72 hours pursuant to Art. 33 GDPR, and affected users pursuant to Art. 34 GDPR where there is a high risk to their rights and freedoms.

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent supervisory authority for StepUp Tutorials is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW) — baden-wuerttemberg.datenschutz.de

If you have questions about data protection or wish to exercise your rights, please contact us at: