steepl
Book a demo
Trust

Privacy notice

Effective date: 2026-05-20. Plain language; if you need the formal DPA, ask sales.

What this is

steepl provides accounting software to U.S. churches and nonprofits. We hold data on behalf of our customers (the church / nonprofit / firm). We are a data processor for customer-uploaded data and a data controller for our marketing and operational data.

Data we hold on behalf of customers

  • Accounting records: chart of accounts, funds, journal entries, bills, payments, budgets.
  • Donor records: name, household, address, contribution history, restriction notes (where the donor or church provided them).
  • Vendor records: name, address, tax profile (TIN encrypted at rest).
  • Employee records (where customer uses payroll module): name, hire/term dates, pay allocations, housing-allowance designations, SSN encrypted at rest.
  • Attachments: documents the customer uploaded (W-9s, receipts, board resolutions, statements).

How we use it

Solely to operate the service for the customer. We do not sell, rent, or share customer data. We do not use customer data to train AI models without an explicit, opt-in agreement.

Where it lives

Hetzner data centers in Germany (Falkenstein primary; Helsinki standby). Encrypted backups replicate to Hetzner Storage Box. KMS-signed audit anchors store in AWS S3 (Frankfurt) with object-lock retention.

How long we keep it

For the lifetime of the customer subscription, plus 7 years for accounting records (IRS / Pub 1828 retention). Customers can request earlier deletion (subject to legal retention requirements).

Your rights (donor, employee, customer)

  • Access: request a copy of your data.
  • Correction: ask the controlling church / firm to correct it. We assist on request.
  • Deletion: ask the controlling church / firm to delete it. We assist on request.
  • Export: customers can export their full dataset at any time.

Sub-processors

Listed at /trust/sub-processors. We give 30 days' notice before adding any sub-processor that processes regulated customer data.

Contact

Privacy questions: privacy@steepl.co. Security: security@steepl.co.