Privacy Policy
Last updated: 19 March 2026
1. Introduction
IronPulse (“we”, “our”, or “us”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights under applicable data protection laws.
2. Data We Collect
- Account data — name, email address, password hash, and account creation timestamp.
- Workout data — exercises, sets, reps, weight, RPE, duration, and personal records from strength training sessions.
- GPS & cardio data — route coordinates, distance, elevation, pace, heart rate, and lap data from cardio sessions.
- Body metrics — body weight, body-fat percentage, and custom measurements you choose to log.
- Progress photos — images you voluntarily upload to track physical progress.
- Health & wearable data — activity data imported from Strava, Garmin Connect, Apple HealthKit, or Google Fit when you connect those integrations.
- Payment data — billing information processed by Stripe. We do not store full card numbers.
- Device & usage data — push notification tokens, IP addresses, and basic analytics to operate the service.
3. How We Use Your Data
- To provide, maintain, and improve the IronPulse service.
- To authenticate you and keep your account secure.
- To process payments and manage your subscription.
- To sync your data across devices.
- To enable social features you opt into (followers, challenges, activity feed).
- To send transactional emails (password resets, magic links, billing receipts).
- To comply with legal obligations.
We do not sell your personal data to third parties or use it for advertising.
4. Data Processors
We engage the following sub-processors to deliver the service. Each is bound by a data processing agreement and appropriate safeguards.
| Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing & subscription management | USA / EU |
| Amazon Web Services (S3) | File storage (progress photos, route files) | EU (eu-west-1) |
| Strava | Activity import (optional integration) | USA |
| Garmin | Activity import (optional integration) | USA |
| Apple HealthKit | Health data import (optional, on-device) | On-device |
| Google Fit | Activity import (optional integration) | USA / EU |
5. Data Retention
We retain your data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required by law to retain it longer (for example, billing records which may be kept for up to 7 years). Aggregated, anonymised data may be retained indefinitely.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — request deletion of your account and associated data.
- Export / Portability — download your workout data in a machine-readable format.
- Objection — object to certain types of processing.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@ironpulse.app.
7. Security
We use industry-standard measures including encryption in transit (TLS), hashed passwords (bcrypt), and access controls to protect your data. Despite these measures, no system is completely secure and we cannot guarantee absolute security.
8. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by a prominent notice in the app. Continued use of IronPulse after the effective date constitutes acceptance of the updated policy.
9. Contact
If you have questions about this Privacy Policy or your data, contact us at privacy@ironpulse.app.