Stecken Services LLC ("Company," "we," "us," or "our") is a California-based software development and technology consulting firm. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website at steckenservices.com (the "Site"), communicate with us, or engage our services. This policy is provided in compliance with the California Online Privacy Protection Act (CalOPPA) and other applicable laws.
1 Information We Collect
We may collect the following categories of personally identifiable information ("PII"):
Information You Provide Directly
- Contact information: name, email address, phone number, mailing address
- Business information: organization name, job title, department
- Communications: contents of emails or messages you send us
- Payment information: billing address, payment method details (processed by Stripe; we do not store card numbers on our systems)
- Contract information: details provided in connection with service agreements, statements of work, or project requirements
Information Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device type
- Usage data: pages visited, referring URL, date and time of visit
- Server logs: standard web server log data collected by our hosting provider
2 How We Collect Information
We collect personal information through:
- Direct interactions: when you email us, submit a contact form, enter into a service agreement, or otherwise communicate with us
- Automated technologies: server logs and cookies used by our hosting provider and payment processor (see Sections 4 and 5)
- Third-party sources: we may receive information from business partners, referral sources, or publicly available sources in connection with providing our services
3 How We Use Your Information
We use the information we collect for the following purposes:
- Responding to your inquiries and communicating with you
- Providing, maintaining, and improving our services
- Processing invoices and payments
- Delivering software, consulting, or other contracted services
- Sending transactional communications (project updates, invoices, service notifications)
- Complying with legal obligations, including tax and regulatory requirements
- Protecting the security and integrity of our systems and services
- Enforcing our contractual rights
We do not use your information for targeted advertising, behavioral profiling, or selling to third parties.
4 Third-Party Service Providers
We use the following categories of third-party service providers to operate our business. Each provider may process personal information in accordance with their own privacy policies:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing, fraud detection, analytics | stripe.com/privacy |
| Netlify | Website hosting | netlify.com/privacy |
| Google Workspace | Business email, document storage | policies.google.com/privacy |
| Mercury | Business banking | mercury.com/legal/privacy |
Stripe Disclosure: We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and its processing activities via its privacy policy at stripe.com/privacy.
5 Cookies & Tracking Technologies
Our website is a static site and does not use first-party cookies or tracking scripts. However, our third-party service providers (including Stripe and Netlify) may use cookies and similar technologies for the following purposes:
- Essential/functional cookies: required for payment processing and fraud prevention (Stripe)
- Performance cookies: used by our hosting provider for site delivery and performance monitoring (Netlify)
We do not use cookies for advertising, behavioral tracking, or marketing purposes.
6 Do Not Track Disclosure
As required by CalOPPA, we disclose our response to "Do Not Track" (DNT) browser signals. Our website does not use first-party tracking technologies that would respond to DNT signals. We do not track visitors across third-party websites. Some third-party services we use (such as Stripe) may have their own DNT policies, which are governed by their respective privacy policies linked in Section 4.
7 Information Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may disclose personal information only in the following circumstances:
- Service providers: to the third-party providers listed in Section 4, solely for the purposes described
- Legal requirements: when required by law, subpoena, court order, or governmental regulation
- Protection of rights: to protect the rights, safety, or property of Stecken Services LLC, our clients, or others
- Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected individuals
- With your consent: when you have given explicit permission for a specific disclosure
8 Data Security
We implement reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encrypted data transmission (TLS/SSL) for all website and email communications
- Payment processing handled by PCI-DSS compliant providers (Stripe)
- Access controls limiting data access to authorized personnel
- Secure cloud-hosted infrastructure with industry-standard protections
No method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.
9 Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law:
- Client and contract records: retained for a minimum of seven (7) years after the conclusion of services for tax, legal, and regulatory compliance
- Payment records: retained as required by applicable tax laws and Stripe's data retention policies
- Communications: retained as long as necessary for business purposes or as required by law
- Server logs: retained by our hosting provider per their retention policies
- Student data: deleted upon conclusion of contracted services or as directed by the contracting educational institution (see Section 13)
10 Your Rights
As required by CalOPPA, you have the right to:
- Know what personal information we have collected about you
- Review the personal information we maintain about you
- Request changes to inaccurate personal information
- Request deletion of your personal information, subject to legal retention requirements
To exercise any of these rights, contact us at nstecken@steckenservices.com. We will respond to verifiable requests within 30 days.
11 California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), depending on whether we meet the applicable thresholds. Regardless of whether CCPA/CPRA directly applies to our business at this time, we commit to the following practices:
- We do not sell personal information
- We do not share personal information for cross-context behavioral advertising
- We will honor verifiable requests to know, delete, or correct personal information
- We will not discriminate against individuals who exercise their privacy rights
California Shine the Light: Under California Civil Code Section 1798.83, California residents may request information about the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
12 Children's Privacy & COPPA
Our website and direct services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website.
When providing software development services to educational institutions, our products may process data that includes information about students under 13. In these cases:
- We operate under the school consent exception under the Children's Online Privacy Protection Act (COPPA), where the contracting school or district provides consent on behalf of parents
- Student data collected through our educational software products is used exclusively for school-authorized educational purposes
- We do not use student data for advertising, marketing, or any commercial purpose unrelated to the educational service
- We provide schools with the ability to review, request deletion of, and prevent further collection of student information
- Student data is deleted when no longer needed for the educational purpose for which it was collected, or upon direction from the contracting institution
If you believe we have inadvertently collected personal information from a child under 13 outside of the school consent framework, please contact us immediately and we will promptly delete such information.
13 Student Data & FERPA Compliance
When contracted by K-12 school districts or educational institutions, we may have access to student education records protected by the Family Educational Rights and Privacy Act (FERPA). We are committed to the following:
- We act as a school official under the FERPA school official exception, performing institutional services or functions that the school would otherwise use its own employees to perform
- We are under the direct control of the contracting institution with respect to the use and maintenance of education records
- Student education records are used only for the purposes specified in the service agreement with the institution
- We do not re-disclose student education records to third parties without authorization from the contracting institution, except as required by law
- We do not sell student data or use it for data mining, advertising, or any purpose beyond the contracted educational function
- We implement appropriate security measures to protect student records from unauthorized access
- Upon termination of a service agreement, we delete or return all student education records as directed by the contracting institution
14 Government Contract Data
When providing services to government agencies, we comply with all applicable data handling requirements, including:
- Federal Privacy Act of 1974 requirements, when applicable to contracted services involving federal records
- Applicable FAR (Federal Acquisition Regulation) privacy clauses included in government contracts
- State and local government data protection and privacy requirements as specified in applicable contracts
We are prepared to enter into data processing agreements and comply with specific security requirements as mandated by contracting government agencies.
15 Data Breach Notification
In the event of a data breach involving personal information, we will comply with the California Data Breach Notification Law (California Civil Code Section 1798.82), including:
- Notifying affected California residents within 30 calendar days of discovering the breach
- Providing notice that includes: what happened, what information was involved, what we are doing, what you can do, and how to contact us for more information
- Notifying the California Attorney General within 15 calendar days after consumer notification if 500 or more California residents are affected
16 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes:
- The updated policy will be posted on this page with a revised "Effective Date"
- For material changes that affect how we handle previously collected information, we will provide notice via email to affected clients
We encourage you to review this policy periodically.
17 Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, contact us at:
Stecken Services LLC
Email: nstecken@steckenservices.com
Website: steckenservices.com