How we handle yourdata.

You give us:

• Identity & account. Name, email address, optional profile photo. If you sign in with Google or Apple, we receive a unique identifier and the email associated with that account; we never see your password.
• Demographics. Date of birth (used to estimate maximum heart rate), gender (optional, used only to seed starting loads and pace defaults when you haven't entered explicit benchmarks), timezone, units preference (kg / lbs, km / miles).
• Athletic background. Self-reported experience level for running and lifting, optional 5K time, optional 1-rep maxes for squat / deadlift / bench, optional weekly running and conditioning volume.
• Schedule. Your work-rotation pattern (standard week, 4-on-4-off, custom), preferred training days, sessions per week, session-duration windows.
• Equipment. Which gym equipment you have access to, organised into one or more “equipment sets” (e.g. home gym + work gym).
• Injuries & preferences. Optional free-text notes about current injuries or limitations, preferences for free weights vs. machines, preferences for training before / after / on work days.
• Training logs. Every set you log: weight used, reps completed, RPE rating, optional notes; for cardio sessions: total time, average heart rate, distance. Skip-session reasons. End-of-week reflections.
• Time trials. Race or time-trial results you choose to log, used to compute your VDOT.
• Communications. The content of any email or message you send us through the contact form.

We generate about you:

• AI-generated weekly plans, including the prompt and response trace stored for each plan so we can audit and improve the system.
• Calculated values: estimated maximum heart rate, current VDOT, suggested progressive-overload weight increases.
• Internal logs of API calls and errors (no full-page screenshots, no key-stroke capture).

Third parties give us, only if you connect them:

• Garmin Connect, Strava, Apple Health — completed activity records (start time, duration, distance, average and maximum heart rate, activity type) and workout-level heart-rate data. Pulled only after you explicitly authorise the integration. You can revoke access at any time from Settings → Integrations.
• Stripe — your subscription status, renewal date, and last four digits of the payment card. We never see or store your full card number, CVV, or billing address; Stripe handles all of that directly.

We do not collect: your contacts, your location (beyond the timezone you chose), your browsing history outside of IronShift, the content of other apps on your device, any biometric identifier, or any information from minors under 13.

We use the data above for these specific purposes, and only these purposes:

• To generate and adjust your program.Your athletic background, schedule, equipment, injury notes, training preferences, and the prior week's logs feed into the AI system that produces your weekly plan.
• To run the app. Authenticate you, show you your own history, calculate progressive-overload suggestions, render dashboards.
• To send you transactional email.Password resets, important account notices, billing receipts. We do not send marketing email unless you explicitly opt in (and as of May 2, 2026 we don't send any marketing email at all).
• To support you. When you email us with a question or bug report, we read your message and may look at your account state to help — only as needed.
• To improve the product. We review aggregate, de-identified data on which prompt versions produce better plans, which sessions get skipped, where users drop off in onboarding. Individual training data is never used to train third-party models, and we never build user-level profiles for marketing or advertising.
• To keep the service safe and compliant.Detect abuse, prevent fraud, respond to legitimate legal requests.

Legal bases (for users in the EU / UK / EEA). We process your data based on: (a) the contract we have with you to provide the IronShift service; (b) your explicit consent for sensitive health-related data and for connecting third-party integrations; and (c) our legitimate interests in operating, securing, and improving the service.

IronShift's program-generation engine uses Claude, an AI system from Anthropic. To generate a weekly plan, we send a structured summary of your training inputs — your stream, athletic background, equipment, injury notes, schedule, prior-week logs, recent reflections — to Anthropic's API along with the prompt that asks the model to produce a plan. Anthropic processes that data to return a response and, per their commercial terms, does not use it to train their models.

We store the full prompt and response for each generated plan in your account's audit trail (the ai_trace field on each weekly plan). This lets us debug bad outputs and iterate on prompts. You can request the deletion of your account and all associated traces at any time.

We do not include your full name, email address, or payment details in prompts. We never send free-text injury notes or end-of-week reflections to any third-party service other than Anthropic's API for the purpose of generating your plan.

We share your data only with the service providers we need to operate IronShift, and only as needed for the listed purpose. We do not sell your personal information to anyone, full stop. We do not share it with advertisers. We do not allow third-party tracking on the site.

Sub-processors:

• Supabase (database, authentication, file storage) — hosts the primary copy of your account data and training logs.
• Vercel (web and API hosting) — runs the IronShift application servers.
• Anthropic (AI program generation) — receives the structured training summary described in the previous section.
• Stripe (payment processing) — receives your card data directly from your browser when you subscribe; we never see it.
• Resend (transactional email delivery) — receives your email address and the email content (e.g. password reset link) so it can be delivered.
• Apple (Sign in with Apple, push notifications via APNs, optional HealthKit integration on iOS) — receives only the data needed to provide each service.
• Google (optional Google Sign-In) — receives the auth handshake when you choose to sign in with Google.
• Garmin, Strava (optional integrations) — receive an OAuth handshake from us only after you explicitly authorise them; we receive activity data from them in return.

We may also share data when legally required: in response to a valid subpoena, court order, or other lawful request; to protect the safety of our users or the public; or in connection with a corporate transaction (merger, acquisition, asset sale), in which case we will give advance notice and you will have the option to delete your account before any transfer takes effect.

IronShift's primary database is hosted by Supabase in North America. The application is hosted by Vercel, which operates a global edge network; the serverless functions that talk to your database run in North America. Stripe stores payment data in its own jurisdictions per its published policy. If you are outside North America (in the EU, UK, EEA, or elsewhere), your data is transferred to and processed in North America under the same standards described in this policy.

We keep your account data for as long as your account is active. When you delete your account, we permanently remove your profile, training logs, weekly plans, AI traces, time trials, integration tokens, and any associated data within 30 days, except where:

• Backups containing your data may persist in encrypted form for up to 90 days before they roll out of the retention window.
• Billing records (Stripe invoices, receipts, tax records) are retained as required by applicable tax and accounting law — typically 7 years.
• Aggregate, de-identified usage data (e.g. “how many users completed onboarding last month”) is retained indefinitely; this data cannot be linked back to you.

If you stop using the app without deleting your account, we'll keep your data so it's there if you come back. We may send a single email after long periods of inactivity asking whether you'd like to keep your account or have it deleted.

You have the following rights over your personal information. We honour these rights regardless of where you live, even though some are formally guaranteed only in certain jurisdictions (the EU's GDPR, the UK's UK GDPR, California's CCPA / CPRA, Canada's PIPEDA, etc.).

• Access. Get a copy of the personal data we hold about you.
• Correction. Fix anything that's inaccurate. Most fields you can edit yourself in Settings; for anything you can't, email us.
• Deletion. Delete your account and all associated data. We provide a self-serve account deletion flow inside the app; if you can't reach it for any reason, email us and we'll do it manually.
• Portability. Receive your training logs and account data in a machine-readable format you can use elsewhere.
• Withdraw consent. Disconnect any third-party integration, opt out of email, or revoke any other consent you previously gave.
• Object / restrict. Ask us to stop specific processing of your data, such as legitimate- interests-based processing.
• Complaint. Lodge a complaint with your local data-protection authority. In Canada that's the Office of the Privacy Commissioner; in the UK the ICO; in the EU your member-state DPA; in California the CPPA.

To exercise any of these rights, email info@ironshift.app from the address tied to your account. We respond within 30 days; if we need longer for a complex request, we'll tell you and explain why. We don't charge a fee for any of these requests, and we don't treat you differently for exercising them.

IronShift uses a small number of cookies and equivalent browser-storage techniques, all of them strictly necessary for the app to work. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics beacons.

• Authentication cookies. Set by Supabase when you sign in. They identify your session and let you stay signed in across reloads. HttpOnly, Secure, SameSite=Lax.
• Preference storage. Your unit preference, last-viewed week, and a small amount of session-cache data live in IndexedDB on your device so the app feels fast and works briefly offline.
• Push-notification token (iOS app only).When you grant notification permission, the device-bound push token is stored so we can send the notifications you've opted into.

We protect your data with industry-standard practices: encrypted-in-transit connections (HTTPS / TLS 1.2+) for every request; encrypted-at-rest storage for the database and file uploads; row-level security policies in the database that scope every read and write to the authenticated user; service-role API access restricted to server-side cron jobs with secret-protected endpoints; no plaintext passwords stored anywhere; strict input validation on every API surface.

No system is perfect. If we ever discover a security incident that affects your personal information, we will notify you without undue delay and explain what happened, what we're doing about it, and what you can do.

IronShift is intended for adults serious about their training. We do not knowingly collect information from children under 13 (or under 16 in the EU / UK / EEA). If you believe a child has provided us with personal information, contact us and we will delete the account and data promptly.

If you access IronShift from outside North America, your data is transferred to and processed in North America for the purposes described above. We rely on standard contractual clauses, adequacy decisions where applicable, and the contractual commitments of our sub-processors to ensure your data receives an equivalent level of protection wherever it is processed.

We will update this page when our practices change. The effective date at the top of the page reflects the date of the most recent material change. If a change is significant — for example, a new category of data we collect, or a new sub-processor handling sensitive data — we will notify existing users by email and (where applicable) ask for fresh consent before the change takes effect for them. Minor edits to clarify wording, fix typos, or update an address are made silently.

For privacy questions, data-rights requests, or anything else covered above, reach us at info@ironshift.app. For everything else, the same address works — every email gets read.