Privacy Policy

How we manage your data and protect your privacy.

This policy may be updated from time to time

Actionstep reserves the right to change the provisions of this Policy at any time. We will alert You of changes that have been made by indicating on the Policy the date it was last updated. We encourage You to review this Policy from time to time to make sure that You understand how any Personal Information You provide will be used.

Actionstep processes personal data in two general contexts:

1) as a business engaging with clients, suppliers, prospects, and other stakeholders through a number of channels including its website, email, phone, webinars, advertising, and social media (“Actionstep as a Business”), and

2) as a provider of an online business and practice management services (“Actionstep as a Service Provider”).

For clarity the privacy considerations are presented in each of these contexts.

1. Actionstep as a Service Provider

As a service provider Actionstep allows You to store Your business data in a dedicated database and operate on the data via the Actionstep online application.

You own Your Data

The Data entered, or imported on instruction, by You remains Your property and Actionstep will not use nor make available for use any of this information without Your permission.

You control who has access to Your Data

The Data entered, or imported on instruction, by You is stored securely in a database, or electronic file system, and is only accessible to any person You have authorised to use the Service.

It is Your responsibility to delete login credentials when they are no longer needed.

Actionstep monitors system usage

The Data entered, or imported on instruction, by You is stored securely in a database and is only accessible to persons You have authorised to use the Service. It is Your responsibility to keep Your password safe. Actionstep, Actionstep’s staff and Actionstep’s partners do not have access to Your password.

Actionstep may need to access some of Your Data to resolve system errors or to recreate scenarios to resolve support requests, however this will not be done without first obtaining permission from You.

Actionstep will need to access Your data as a whole for backup, system maintenance, integrity checking, and load-balancing purposes.

Actionstep staff and key commercial partners can access non-identifying and aggregated usage information and transaction volumes in order to better understand how our customers are using the Service so we can improve the system design and where appropriate have the system prompt users with suggestions on ways to improve their own use of the system.

Your Data is sent securely across the Internet

Actionstep’s servers have SSL Certificates so all Data transferred between users and the Service is encrypted. However, the Internet is not in itself a secure environment. Users should only enter, or instruct the importation of, Data to the database within a secure environment. This means that Your browser must support the encryption security used in connection with the Service.

Actionstep does not store Your credit card details

Your credit card details are encrypted and securely stored by payment processors to enable Actionstep to automatically bill Your credit card on a recurring basis. Your credit card details are not stored by the Service and cannot be accessed by Actionstep staff.

Privacy policies of any optional third-party applications the service links to

You may optionally connect the Service to other applications using the Actionstep API, API services such as Zapier, email servers or services, external hyperlinks, or by installing integrations and add-ons from the Actionstep Marketplace. If You do so then You are solely responsible for checking the Privacy Policy of any third-party applications the Service links to and satisfying Yourself that they meet Your needs.

Breaches and complaints

If Actionstep becomes aware that Your Data has been accessed by, or disclosed to, an unauthorised party, then Actionstep will notify You as soon as possible.

Actionstep will cooperate with investigations conducted by the Privacy Commissioner or other duly-authorised government privacy bodies.

If You suspect a breach of privacy please contact Actionstep via email to

Please read our Terms of Use

Use of the Service is subject to Actionstep’s Terms of Use, and this Privacy Policy should be read in conjunction with these Terms of Use. In the event of a conflict or disagreement between this Privacy Policy and the Terms of Use, the Terms of Use will prevail.

2. Actionstep as a Business

When You visit our website or engage in marketing activities such as events and webinars we may collect personal information from You.

What personal information do we collect?

Active Collection

We may collect certain information You voluntarily provide to us which may contain Personal Information. For example, when You fill out a form, submit a comment, or contact us by e-mail or other means.

Automatic Collection

When You visit our website, some information is also automatically collected, such as Your Internet Protocol (IP) address, Your operating system, the browser type, the address of a referring web site, and Your activity on the Sites. We treat this information as personal information if we combine it with or link it to any of the identifying information mentioned above. Otherwise, it is used in the aggregate only (non-identifying).

Your Rights

You can unsubscribe from any marketing communication by following the unsubscribe instructions contained in the communication (usually in the footer section), or send Your request to

Under the European General Data Protection Regulation (also know as “GDPR”) You also have rights which include:

  • knowing what personal data we hold about You;
  • asking us to correct any personal data we hold about You; and
  • asking us to delete or restrict any personal data we hold about You.

You can exercise these rights by sending an email to


A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about You may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes

  • authentication: to identify You when You visit our website and as You navigate our website;
  • personalisation: to store information about Your preferences and to personalise the website for You;
  • analysis: to help us to analyse the use and performance of our website and services; and
  • cookie consent: to store Your preferences in relation to the use of cookies more generally.

Cookies used by our service providers

Our service providers use cookies and those cookies may be stored on Your computer when You visit our website.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at:

We use Hubspot to personalise the website for You and to gather information about website usage. Hubspot’s privacy policy is available at:

We use Intercom to provide in-product customer support and to analyse how our product is used so that we can make improvements to the product. Intercom’s privacy policy is available at:

Google Data

Actionstep’s use of information received, and Actionstep’s transfer of information to any other app, from Google APIs will adhere to Google’s Limited Use Requirements.

Last updated: 20-January-2020