Privacy Policy

1. Introduction

IronCore Fitness ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you visit our website your-domain.com (the "Site") or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and applicable data protection laws. By using our Site, you consent to the practices described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password (encrypted), profile preferences
• Payment Information: Billing address, credit card details (processed securely through third-party payment processors)
• Fitness Data: Workout history, goals, progress tracking, body measurements (if provided)
• Communications: Messages, inquiries, feedback, and correspondence with us

2.2 Automatically Collected Information

We automatically collect certain technical information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, time spent, click patterns, referral sources
• Location Data: General geographic location based on IP address
• Cookies and Tracking: See Section 4 for detailed information

2.3 Information from Third Parties

We may receive information from:

• Social media platforms (if you connect your accounts)
• Payment processors and financial institutions
• Marketing partners and analytics providers
• Public databases and data enrichment services

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve our fitness services and programs
• Process memberships, payments, and transactions
• Create and manage your account
• Deliver personalized workout plans and recommendations
• Track your fitness progress and goals

3.2 Communication

• Send service-related notifications and updates
• Respond to inquiries and provide customer support
• Send newsletters, promotional materials, and marketing communications (with consent)
• Conduct surveys and gather feedback

3.3 Legal and Business Operations

• Comply with legal obligations and regulations
• Prevent fraud, abuse, and security incidents
• Enforce our terms of service and policies
• Analyze and improve website performance
• Conduct research and statistical analysis

3.4 Legal Basis for Processing (GDPR)

We process your data based on:

• Consent: You have given explicit permission
• Contract: Processing is necessary to fulfill our services
• Legal Obligation: Required by law
• Legitimate Interests: Business purposes that don't override your rights

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files stored on your device that help us improve your experience. We use both session cookies (temporary) and persistent cookies (stored longer-term).

4.2 Types of Cookies We Use

• Essential Cookies: Required for basic site functionality and security
• Performance Cookies: Collect anonymous usage statistics to improve our services
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track advertising effectiveness and deliver relevant ads

4.3 Third-Party Cookies

We use cookies from trusted third-party services:

• Google Analytics: Website traffic analysis
• Social Media Platforms: Social sharing and authentication
• Advertising Networks: Targeted advertising campaigns

4.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect site functionality. Most browsers allow you to:

• View and delete existing cookies
• Block third-party cookies
• Block all cookies (not recommended)
• Clear cookies when closing the browser

5. Third-Party Services and Sharing

5.1 Service Providers

We share data with trusted third-party providers who assist in operating our business:

• Payment Processors: Secure transaction processing (e.g., Stripe, PayPal)
• Cloud Hosting: Data storage and server infrastructure
• Email Services: Marketing and transactional email delivery
• Analytics Providers: Website performance and user behavior analysis
• CRM Platforms: Customer relationship management

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes and government requests
• Enforce our terms and conditions
• Protect our rights, property, and safety
• Prevent fraud or security issues

5.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Restricted access to personal data
• Secure Storage: Encrypted databases and secure servers
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff education on data protection
• Incident Response: Procedures for data breach notification

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Deleted after 3 years of inactivity (with prior notice)
• Transaction Records: Retained for 7 years for legal and accounting purposes
• Marketing Data: Retained until you unsubscribe or object
• Legal Requirements: Retained as required by applicable laws

After the retention period, we securely delete or anonymize your data.

8. Your Privacy Rights

Under GDPR and applicable privacy laws, you have the following rights:

8.1 Access and Portability

• Right to Access: Request a copy of your personal data
• Data Portability: Receive your data in a structured, machine-readable format

8.2 Correction and Deletion

• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")

8.3 Processing Control

• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for marketing communications or data processing

8.4 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects.

8.5 Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe we have violated your privacy rights.

8.6 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Your explicit consent for specific transfers

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

11. Marketing Communications

We may send you promotional emails, newsletters, and special offers. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us directly at [email protected]

Note: Opting out of marketing communications does not affect service-related emails (e.g., account notifications, transaction confirmations).

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and sharing
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
• Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at [email protected] or call our toll-free number.

13. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page
• Update the "Last Updated" date at the top
• Notify you of material changes via email or prominent website notice
• Obtain your consent if required by law

We encourage you to review this policy regularly to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

15. Additional Resources

For more information about data protection and your privacy rights, visit:

• GDPR Official Portal
• California CCPA Information
• FTC Privacy & Security