Privacy Policy

Effective date: April 16, 2026

1. Information We Collect

When you use IronZ, we collect:

• Account information: Email address, name, and password (encrypted via Supabase Auth — we never store plaintext passwords).
• Profile data: Age, weight, height, gender, fitness thresholds (swim CSS, bike FTP, run pace), and training goals you provide.
• Training data: Workouts, training plans, race events, and schedule information you enter.
• Nutrition data: Meals you log (calorie, protein, carb, and fat values), food preferences, and allergies.
• Usage data: AI feature usage counts for rate limiting. We do not track analytics, page views, or behavioral data.

2. How We Use Your Information

• To provide and personalize the training and nutrition features of the App.
• To generate AI-powered coaching responses tailored to your profile.
• To analyze meal photos for nutritional estimates (see Section 4).
• To sync your data across devices.
• To enforce rate limits on AI features.
• To improve the App's training philosophy and exercise library (aggregated, anonymized data only).

3. Data Storage

Your data is stored in Supabase (hosted on AWS). Data is encrypted in transit (TLS) and at rest. A local copy of your data is cached in your browser's local storage for faster access. This local cache is cleared when you sign out or when a different user signs in on the same device.

4. AI Features, Meal Photos & Third Parties

When you use AI coaching features, your question and relevant profile context are sent to Anthropic's Claude API to generate a response. We send only the minimum context needed for the specific question — not your full training history.

Meal photo analysis: When you use the photo meal logging feature, your photo is sent directly to Anthropic's API for nutritional analysis. IronZ does not store, save, or retain your meal photos — the image is transmitted for analysis and discarded immediately after the nutritional estimate is returned. Only the resulting calorie, protein, carb, and fat values are saved to your account. However, the image does transit through our Supabase Edge Function infrastructure and is received by Anthropic's API.

Anthropic data retention: Anthropic may temporarily retain API inputs (including meal photos and coaching queries) for up to 30 days for abuse and safety monitoring, in accordance with their privacy policy and API data usage policy. IronZ does not control Anthropic's retention practices.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase: Database hosting, authentication, and Edge Function infrastructure.
• Anthropic: AI coaching responses and meal photo nutritional analysis.
• Law enforcement: Only if required by applicable law.

6. Your Rights

You have the right to:

• Access your data through the App's settings and export features.
• Correct your profile information at any time.
• Delete your account and all associated data by contacting us at ironzsupport@gmail.com. We will process deletion requests within 30 days.
• Withdraw consent for data processing by deleting your account.
• Opt out of AI features by choosing not to use AI coaching or photo meal logging. Core training and nutrition tracking features work without AI.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days. Anonymized, aggregated data used for improving the App may be retained indefinitely. Note that data already transmitted to Anthropic's API is subject to Anthropic's own retention schedule.

8. Children's Privacy

IronZ is not intended for users under 16. We do not knowingly collect data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it promptly.

9. Security

We implement reasonable security measures including encrypted data transmission (TLS), encrypted storage at rest, secure authentication via Supabase Auth, and per-user data isolation. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email to the address associated with your account at least 14 days before the changes take effect.

11. Contact

Questions about privacy? Contact us at ironzsupport@gmail.com.