Privacy Policy

Effective Date: May 27, 2026 · Last updated: June 10, 2026

Iron & Grace ("we," "our," or "the App") is a faith-based fitness application. This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

Account Information. When you create an account we collect your email address and password. Your password is managed by Firebase Authentication and is never stored in plain text.

Profile Information. Name, age, gender, and training preferences (style, split, days per week, equipment, improvement goals) that you provide during onboarding.

Workout Data. Exercises performed, sets, reps, weight, rate of perceived exertion (RIR), workout duration, personal records, and session notes.

Body Metrics. Body weight and macronutrient entries you choose to log.

AI Coach Conversations. When you use the in-app AI coach feature, the following data is transmitted to Anthropic (the company behind Claude AI) via a secure server-side proxy to generate personalized responses:

• The messages you type in the chat
• Your training history summary (recent workouts, active plan, personality preference)
• Your weekly check-in data when relevant to the conversation

Anthropic does not use your conversations to train their AI models per their commercial API terms. Anthropic's data handling practices are governed by their privacy policy available at https://www.anthropic.com/privacy. You will be asked to provide consent to this data sharing the first time you open the AI Coach feature in the app.

Content Preferences. Faith content depth, voice and music preferences, and app personality selection.

Device Information. Push notification tokens (to send workout reminders and milestone alerts). We do not collect device IDs, IP addresses, or location data.

Payment Information. Subscriptions are processed by Apple (App Store) and managed through RevenueCat. We never receive or store your credit card number, billing address, or other payment details.

Weekly Check-in Emails. When you send a weekly update, your name, training stats, and any progress photos you attach are emailed — via our email provider, Resend — to the recipient addresses you designate (such as your own email and your coach's). The contents of these emails are not stored on our servers.

Crash & Diagnostic Data. If the App encounters an error, we collect crash reports and basic diagnostic information (device model, operating system version, app version, and non-identifying error context) through Sentry to diagnose and fix problems. We do not enable collection of your IP address or precise location.

2. How We Use Your Information

• To provide and personalize the App experience (workout tracking, progress analytics, AI coaching, content recommendations)
• To track your achievements and training streaks
• To send push notifications you have opted into (reminders, PR celebrations, streak milestones)
• To generate AI coach responses tailored to your training history and preferences
• To process and manage your subscription

3. Data Storage & Security

Your data is stored in Google Firebase (Firestore) under your unique user ID. Firestore security rules ensure that only you can read and write your own data. All data is transmitted over HTTPS. Profile photos are stored locally on your device only and are not uploaded to our servers. Progress photos you attach to a weekly check-in are likewise not stored on our servers, but are transmitted through our email provider (Resend) to the recipients you choose.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Data is shared only with:

• Firebase / Google Cloud — infrastructure and authentication
• Anthropic — AI coach message processing (via server-side proxy; no direct client-to-Anthropic communication)
• RevenueCat — subscription management
• Resend — delivery of the weekly check-in and feedback emails you choose to send
• Sentry — crash and diagnostic reporting to keep the App stable
• Apple / Google — payment processing through their respective app stores

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be removed from our systems within 30 days. Anonymized, aggregated data may be retained for analytics.

6. Your Rights

You may:

• Access and update your profile information within the App at any time
• Permanently delete your account directly within the App. Navigate to Profile → Account → Delete Account. When you delete your account, all your personal data including workout history, plan information, AI coach conversations, and saved preferences will be permanently removed within 30 days. This action cannot be undone.
• Opt out of push notifications through your device Settings
• Request a copy of your data by contacting us at support@iron-and-grace.com
• Withdraw consent for AI Coach data sharing at any time by disabling the feature in the App

7. Children's Privacy

Iron & Grace is not directed at children under 13. We do not knowingly collect information from children under 13. If we learn we have collected such data, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Your continued use of the App after changes constitutes acceptance.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: support@iron-and-grace.com