Privacy Policy

1. Information We Collect

When you use Ironcode Fitness, we collect the following information:

• Account information: Email address and display name.
• Profile information: The details you give us about yourself when setting up and using the app — including bodyweight, height, gender, age, activity and experience levels, available equipment, fitness goals, training preferences, and nutrition preferences. Bodyweight is used to calculate your calorie and macro targets for your meal plan; we don't track it as a history or chart it over time.
• Training data: Exercise completions, generated workout programs, personal records, and any free-text comments you add to a session.
• Nutrition data: Food logs, meal plans, dietary preferences and allergies you share with the nutrition coach, calorie and macro targets, and any custom foods you log.
• AI conversations: Messages you exchange with the AI coaches are stored so they retain context across sessions. The coaches also keep a short, periodically-updated summary of what they've learned about your training and nutrition preferences, used to keep their responses consistent.
• Achievements and notifications: Personal records, strength-level milestones, streaks, and similar progress markers.
• Push subscriptions: If you opt in to push notifications, the information your browser provides so we can deliver them, plus your timezone (used to respect quiet hours).
• Payment information: Subscription status and billing dates. Card details are handled by our payment processor and never reach our servers.
• Authentication and operational logs: Limited information used to sign you in, prevent abuse of the login flow, monitor service health, and (in aggregate) understand how the app is used so we can improve it. This includes recording when your signed-in app last contacted our servers, so we can show recent activity (see Section 4).

What we don't collect: We do not store details of any injuries, surgeries, or medical conditions on your profile, and we do not feed any such information into the AI coach when generating your program — see our Health and Safety Disclaimer in the Terms of Service. Anything you type into a chat message will be persisted as part of the conversation history.

What's required vs. optional:An email address is required to create an account. Profile details (height, weight, age, equipment, etc.) are needed to generate a meaningful program and meal plan — without them the AI coaches can't do their job. Free-text comments on a session, push notifications, and staying signed in on an installed app are all optional.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Ironcode Fitness service.
• Generate personalised workout programs and meal plans based on your profile.
• Track your workout progress, personal records, and strength level over time.
• Provide AI-powered coaching that retains context across conversations.
• Send service emails (sign-in codes, trial-ending reminders) and, if you opt in, push notifications.
• Process subscription payments and manage your account.
• Keep the service secure and detect abuse.
• Understand how the product is used (in aggregate) so we can improve it.
• If a trainer operates Ironcode Fitness, let them see a summary of your recent activity and engagement — not the full contents of your logs or conversations — so they can support you (see Section 4).

3. AI Features and Data Processing

Ironcode Fitness uses two AI coaches — Coach Taylor for training and Coach Kai for nutrition — to generate personalised programs and respond to your questions. The coaches are powered by a third-party AI provider, which processes your data under their own privacy policy.

What we send the AI provider:The relevant parts of your profile (height, weight, age, experience, goals, equipment, training history, nutrition preferences, etc.) and your chat messages. The coaches also send a short, periodically-updated summary of what they've learned about your preferences so their responses stay consistent across sessions.

What we don't send: We do not send your name or email address to the AI provider, and we do not send injury or medical-condition information into the AI coach when generating your program.

Important: AI-generated advice is for informational purposes only and does not replace professional medical, nutritional, or fitness advice.

4. Privacy of Your Data

Ironcode Fitness is designed as a personal tool for tracking your own fitness, not a social network. Your workout data, food logs, meal plans, personal records, bodyweight history, and AI conversations are not published to other users, and there is no public profile, public activity feed, or social sharing of your activity inside the app. Who can see your data is described below.

Your activity recency and when you last used the app are visible to you (on devices you sign in to) and to Ironcode Fitness staff who operate and maintain the service. If a trainer operates Ironcode Fitness, they can see a summary of your activity on a private trainer dashboard — specifically, roughly when you last trained, logged food, logged weight, and opened the app (shown as an approximate recency such as “today” or “3 days ago,” not a precise log of your usage), plus your current subscription status and how long you've been subscribed. They can also open a private review of your current meal plan (the foods and macros it assigns), your calorie and macro targets, your workout program (exercises, sets, and reps), and the body stats used to compute your targets — your height, weight, age, gender, activity level, and goal. This is the plan you were given, not a record of what you actually ate or which sessions you completed. They do not see the full contents of your food logs, workout notes, or AI conversations.

5. Data Sharing

We do not sell your personal information. We share data only with the service providers that are necessary to operate Ironcode Fitness, in the following categories:

• Hosting, database, and infrastructure — to run the service and store your account.
• Payment processing (Stripe) — to manage your subscription and process payments. Card details are handled by Stripe and never reach our servers.
• AI provider — to generate responses from Coach Taylor and Coach Kai. We send the relevant profile information and chat history; we do not send your name or email address.
• Transactional email — to send sign-in codes, trial-ending reminders, and other service emails.
• Product analytics — to understand how the app is used and improve it. Identified with your account ID once you sign in.
• Push notification delivery — if you opt in, your browser's push service (operated by your browser/OS vendor) delivers the notification payload.
• Public food database — when the nutrition coach looks up an unfamiliar food, we query a public nutritional reference database. We send the food name only; no account information.
• Video delivery — exercise demonstration videos that we host are streamed to your device through a third-party video provider. We do not upload anything you create; this is one-way delivery of our own content.

We're happy to provide the names of the specific service providers we use on request — email info@ironcodefitness.com.

6. Overseas Data Transfer

Some of the service providers in Section 5 are located outside New Zealand, including in the United States and other countries, and may not be subject to New Zealand privacy laws.

By using Ironcode Fitness, you consent to your information being transferred to and processed in those countries. Where we transfer personal information overseas, we take reasonable steps to ensure the receiving party protects it under standards comparable to the New Zealand Privacy Act 2020 (Information Privacy Principle 12).

7. Data Retention and Deletion

We retain your personal information for as long as your account is active. You can delete your account at any time from the app, which immediately and permanently removes your profile, training history, nutrition data, AI conversations, achievements, and any sign-in tokens for your installed apps.

Some information persists after account deletion:

• Operational and security logs: Records used to keep the service running and detect abuse may be retained, with your account identifier removed where practical.
• Billing records: Our payment processor retains billing history independently to comply with tax and financial-record obligations.
• Backups: Encrypted database backups are retained on a rolling window before being automatically purged.
• AI provider logs: Our AI provider may retain copies of conversation contents for a short period for safety and abuse-prevention purposes, governed by their own policies.

8. Data Security

We implement appropriate security measures to protect your information. Sign-in is passwordless — we email you a single-use code or link that expires shortly after being sent. Login codes and sign-in tokens are not stored in a form that can be read back. Your session is held in a cookie that other websites and scripts cannot read. If you choose to stay signed in on an installed app, the sign-in stays valid for a limited period until you sign out. All data is transmitted over HTTPS. Payment information is handled by our payment processor and never touches our servers.

9. Your Rights

Under the New Zealand Privacy Act 2020, you have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Delete your account and associated data (you can do this in-app at any time).
• Request deletion of AI conversation history.
• Export your workout and nutrition data.

To make an access, correction, or export request, email us at info@ironcodefitness.com. We will respond within 20 working days as required by law.

10. Children

Ironcode Fitness is not intended for children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

12. Contact Us

If you have questions about this privacy policy or want to make a privacy-related request, contact us at info@ironcodefitness.com