Privacy Policy

Last updated: March 18, 2026

1. Introduction

This Privacy Policy describes how Alicia Yanez Consulting LLC ("Company," "we," "us," or "our"), a California limited liability company, collects, uses, stores, and protects your information when you use the IronLift mobile application ("App").

By creating an account or using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, do not use the App.

We are committed to transparency. This policy is written in plain language so you can understand exactly what data we collect, why we collect it, and what we do with it.

2. Information We Collect

2.1 Information You Provide Directly

Data Type	Details	Where Stored
Email address	Provided during account registration	Supabase (cloud)
Account credentials	Password hash, authentication tokens	Supabase (cloud)

2.2 Information Stored Locally on Your Device

The following data is stored exclusively on your device and is never transmitted to our servers or any third party:

Data Type	Details
Workout logs	Exercises, sets, reps, weights, dates
Custom exercises	User-created exercise names and configurations
Workout history	Historical progress and session data

We do not have access to your locally stored workout data. This data is not synced, backed up, or transmitted to any cloud service. If you uninstall the App or lose your device, this data cannot be recovered.

2.3 Information Collected Automatically

When you use the App, the following technical and diagnostic data is collected automatically through Sentry, our error tracking and monitoring service:

Data Type	Purpose
Randomly generated installation ID	Identify unique app installations for error tracking (resets on reinstall; cannot track across apps)
Operating system version and build	Diagnose compatibility issues
Device model, CPU, and GPU details	Diagnose performance issues
App crash reports and error logs	Identify and fix bugs
User behavior events	Understand how features are used to improve the App
HTTP request URLs (sanitized)	Monitor failed network requests; query strings and fragments are removed

2.4 Information We Do NOT Collect

We want to be explicit about what we do not collect:

Location data — We never access your GPS, Wi-Fi, or cellular location.
Apple HealthKit data — The App does not read from or write to HealthKit.
Advertising identifiers (IDFA) — We do not collect Apple's Identifier for Advertisers.
Hardware device identifiers — We do not collect persistent device IDs.
IP addresses — We do not log or store your IP address.
Photos, videos, or media — The App does not access your camera or photo library.
Contacts, calendar, or other personal data — The App does not access other apps or data on your device.
Browsing history or cross-app activity — We do not track you across other apps or websites.

2.5 Push Notification Tokens

If you enable push notifications, we collect your device push token solely to send you:

Workout reminders (e.g., "Exercise this week").
Rest timer notifications (e.g., "Rest timer between sets done").

You can disable push notifications at any time through your device's Settings. We do not use push tokens for advertising or marketing purposes.

3. How We Use Your Information

We use the information we collect for the following purposes only:

Purpose	Data Used
Account authentication	Email, credentials
Providing App functionality	Locally stored workout data
Error tracking and bug fixes	Crash reports, device info, installation ID
App improvement and stability	User behavior events, technical data
Sending workout reminders	Push notification tokens
Responding to support inquiries	Email address
Compliance with legal obligations	Account data as required by law

We do not use your data for:

Advertising or ad targeting.
Selling to third parties.
Building user profiles for marketing.
Cross-app or cross-site tracking.

4. Legal Basis for Processing

If you are located in a jurisdiction that requires a legal basis for processing personal data (such as the European Economic Area under GDPR), our bases are:

Legal Basis	Applies To
Consent	Account creation, push notifications
Contractual necessity	Providing App functionality, account authentication
Legitimate interest	Error tracking, App improvement, security monitoring
Legal obligation	Compliance with applicable laws

5. Third-Party Services

We use the following third-party services that process limited user data:

5.1 Supabase (Authentication)

Purpose: Account registration, email verification, and authentication.
Data processed: Email address, password hash, authentication tokens, account metadata.
Hosting: Amazon Web Services (AWS), United States (US East region).
Privacy policy: supabase.com/privacy

5.2 Sentry (Error Tracking and Monitoring)

Purpose: Crash reporting, error tracking, and monitoring user behavior to improve App stability and performance.
Data processed: Installation ID, device model, OS version, CPU/GPU info, crash logs, user behavior events, sanitized HTTP request URLs.
Hosting: Google Cloud Platform (GCP), United States (us-central1, Council Bluffs, Iowa).
Privacy policy: sentry.io/privacy

5.3 Apple (App Distribution and Notifications)

Purpose: App distribution via App Store, push notification delivery.
Data processed: Push notification tokens, App Store purchase/subscription data (when applicable).
Privacy policy: apple.com/privacy

We do not sell, rent, or share your personal information with any other third parties.

6. Data Sharing and Disclosure

We do not sell your personal information. We may disclose your information only in the following limited circumstances:

Service providers: To Supabase and Sentry as described in Section 5, solely for the purposes stated.
Legal requirements: If required by law, subpoena, court order, or governmental regulation.
Safety: To protect the rights, safety, or property of Alicia Yanez Consulting LLC, our users, or the public.
Business transfer: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you via email before your data is transferred and becomes subject to a different privacy policy.

7. Data Retention

We retain your data according to the following schedule:

Data Type	Retention Period	Details
Account auth data (email, credentials)	Active account + 30 days after deletion request	Deleted from Supabase within 30 days of account deletion request
Sentry diagnostic data (crash reports, behavior events)	90 days	Automatically purged per Sentry's default retention policy
Push notification tokens	Until disabled or account deleted	Token is invalidated upon opt-out or account deletion
Locally stored workout data	Until you uninstall the App	Entirely under your control; we have no access to this data

After the retention periods above, data is permanently deleted and cannot be recovered.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information:

Authentication data is encrypted in transit (TLS/SSL) and at rest by Supabase.
Passwords are hashed using industry-standard algorithms; we never store plaintext passwords.
Sentry data is transmitted over encrypted connections and stored on secured Google Cloud infrastructure.
Locally stored data on your device is protected by your device's native security (passcode, Face ID, Touch ID).

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

9. Your Rights and Choices

9.1 All Users

Regardless of your location, you have the right to:

Access your account information — View the email associated with your account within the App.
Delete your account — Request account deletion by contacting us at mariogj@ironlift.net. Your Supabase auth data will be deleted within 30 days.
Disable push notifications — Turn off notifications at any time via your device's Settings.
Delete local data — Remove all locally stored workout data by uninstalling the App.

9.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know — You may request details about the categories and specific pieces of personal information we have collected about you.
Right to delete — You may request deletion of your personal information, subject to certain exceptions.
Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.
Right to opt out of sale — We do not sell your personal information, so this right does not apply.

To exercise any CCPA rights, contact us at mariogj@ironlift.net. We will verify your identity before processing your request and respond within 45 days.

9.3 European Economic Area Residents (GDPR)

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):

Right of access — Request a copy of your personal data.
Right to rectification — Request correction of inaccurate data.
Right to erasure — Request deletion of your personal data.
Right to restrict processing — Request limitation of how we process your data.
Right to data portability — Request your data in a structured, machine-readable format.
Right to object — Object to processing based on legitimate interests.
Right to withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at mariogj@ironlift.net. We will respond within 30 days.

10. International Data Transfers

Your account and diagnostic data is processed in the United States:

Supabase: AWS, US East region (North Virginia).
Sentry: GCP, us-central1 (Council Bluffs, Iowa).

If you are located outside the United States, your data will be transferred to and processed in the United States. By using the App, you consent to this transfer. The United States may not provide the same level of data protection as your home country.

11. Children's Privacy

The App is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13, we will:

Promptly delete the account and all associated data.
Take steps to prevent further collection from that individual.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, contact us immediately at mariogj@ironlift.net.

Users between 13 and 18 should have their parent or legal guardian review this Privacy Policy.

12. Apple App Tracking Transparency

We do not track you across other companies' apps or websites. The App does not use Apple's Identifier for Advertisers (IDFA) or participate in any cross-app tracking.

The App does not trigger Apple's App Tracking Transparency (ATT) prompt because no cross-app or cross-site tracking occurs.

13. Future Subscriptions

When we introduce paid subscriptions in the future:

Payment processing will be handled entirely by Apple through the App Store. We will not directly collect or store your payment information (credit card numbers, billing addresses, etc.).
Apple's payment data practices are governed by Apple's own privacy policy.
This Privacy Policy will be updated before subscriptions launch to reflect any changes in data collection or processing.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top of this policy.
We will notify you via the App or through the email address associated with your account.
Continued use of the App after notification constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Alicia Yanez Consulting LLC
Email: mariogj@ironlift.net

We aim to respond to all privacy-related inquiries within 30 days.