Privacy Policy

Effective Date: April 28, 2026

Iron & Grace ("we," "our," or "the App") is a faith-based fitness application. This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

Account Information. When you create an account we collect your email address and password. Your password is managed by Firebase Authentication and is never stored in plain text.

Profile Information. Name, age, gender, and training preferences (style, split, days per week, equipment, improvement goals) that you provide during onboarding.

Workout Data. Exercises performed, sets, reps, weight, rate of perceived exertion (RIR), workout duration, personal records, and session notes.

Body Metrics. Body weight and macronutrient entries you choose to log.

AI Coach Conversations. Messages you send to the in-app AI coach are transmitted to Anthropic's API via a secure server-side proxy to generate responses. We do not use your conversations to train AI models. Anthropic's data handling is governed by their privacy policy.

Heart Rate Data. If you connect a Bluetooth heart rate monitor, heart rate readings are collected during workouts. This data stays on your device and in your private Firestore record.

Content Preferences. Faith content depth, voice and music preferences, and app personality selection.

Device Information. Push notification tokens (to send workout reminders and milestone alerts). We do not collect device IDs, IP addresses, or location data.

Payment Information. Subscriptions are processed by Apple (App Store) and managed through RevenueCat. We never receive or store your credit card number, billing address, or other payment details.

2. How We Use Your Information

• To provide and personalize the App experience (workout tracking, progress analytics, AI coaching, content recommendations)
• To track your achievements and training streaks
• To send push notifications you have opted into (reminders, PR celebrations, streak milestones)
• To generate AI coach responses tailored to your training history and preferences
• To process and manage your subscription

3. Data Storage & Security

Your data is stored in Google Firebase (Firestore) under your unique user ID. Firestore security rules ensure that only you can read and write your own data. All data is transmitted over HTTPS. Profile photos are stored locally on your device only and are not uploaded to our servers.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Data is shared only with:

• Firebase / Google Cloud — infrastructure and authentication
• Anthropic — AI coach message processing (via server-side proxy; no direct client-to-Anthropic communication)
• RevenueCat — subscription management
• Apple / Google — payment processing through their respective app stores

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be removed from our systems within 30 days. Anonymized, aggregated data may be retained for analytics.

6. Your Rights

You may:

• Access and update your profile information within the App
• Delete your account by contacting us (see below)
• Opt out of push notifications through your device settings
• Request a copy of your data by contacting us

7. Children's Privacy

Iron & Grace is not directed at children under 13. We do not knowingly collect information from children under 13. If we learn we have collected such data, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Your continued use of the App after changes constitutes acceptance.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: support@ironandgrace.app