Privacy Policy

1. Data Controller

IronRoot Fitness ("we," "us," or "our") operates the website at your-domain.com and is the data controller responsible for your personal information.

Business Name: IronRoot Fitness
Website: your-domain.com
Email: [email protected]
Contact: Use the form at your-domain.com/contact

2. Data We Collect

Information You Provide

• Account / Registration: Name, email address, password (hashed), date of birth, fitness goals
• Membership & Payments: Billing name, address, payment card details (processed securely via third-party processors — we do not store full card numbers)
• Enquiries & Support: Name, email, message content submitted via contact or support forms
• Health & Fitness Data (optional): Body metrics, workout logs, progress photos you voluntarily upload or enter
• Newsletter Sign-Up: Email address and preferences

Information Collected Automatically

• IP address, browser type, device identifiers, operating system
• Pages visited, session duration, referral source (via cookies and server logs)
• Geographic location (country / city level, derived from IP)

3. Legal Basis for Processing

Under GDPR Article 6, we process your data on the following grounds:

• Contract: To deliver membership services, process payments, and fulfil bookings you request.
• Legitimate Interests: To improve our website, prevent fraud, and send service-related communications.
• Consent: For marketing emails, analytics cookies, and optional health data. You may withdraw consent at any time.
• Legal Obligation: To comply with tax, accounting, and other statutory requirements.

Where we process special category data (health/fitness information), we rely on your explicit consent (GDPR Article 9(2)(a)).

4. How We Use Your Data

• Create and manage your IronRoot Fitness account and membership
• Process payments and issue receipts or invoices
• Personalise training plans, workout recommendations, and content
• Send transactional emails (booking confirmations, payment receipts)
• Send marketing communications (only with your consent; unsubscribe anytime)
• Respond to support enquiries and improve customer service
• Analyse site usage to improve performance, content, and user experience
• Detect, prevent, and investigate fraud or abuse
• Comply with legal and regulatory obligations

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our website. Cookie categories include:

• Strictly Necessary: Session management, authentication, security. Cannot be disabled.
• Functional: Remember your preferences (language, region, login state).
• Analytics: Measure site traffic and user behaviour (e.g., Google Analytics). Only with consent.
• Marketing: Deliver relevant advertisements across platforms. Only with consent.

6. Third-Party Services

We work with trusted third-party providers who may process data on our behalf:

• Payment Processing: Stripe / PayPal — PCI-DSS compliant; governed by their own privacy policies.
• Analytics: Google Analytics (GA4) — anonymised IP; subject to Google's Privacy Policy.
• Email Marketing: Mailchimp / similar — for newsletters with your consent.
• Hosting & CDN: Reputable hosting providers operating secure, GDPR-compliant infrastructure.
• Social Media Plugins: Facebook, Instagram, YouTube embed buttons may set cookies when you interact with them.

All third-party processors are bound by data processing agreements and may not use your data for their own purposes beyond what is necessary to provide services to us.

7. Data Retention

• Active Accounts: Retained for the duration of your membership plus 12 months after account closure.
• Financial / Transaction Records: 7 years (legal / tax obligation).
• Marketing Data: Until you withdraw consent or unsubscribe.
• Support Correspondence: 3 years after resolution.
• Server Logs: 90 days, then automatically deleted.

After retention periods expire, data is securely deleted or anonymised so it can no longer identify you.

8. Your Rights

Under GDPR and applicable privacy law, you have the following rights regarding your personal data:

To exercise any right, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Data Security

We implement industry-standard security measures including SSL/TLS encryption for data in transit, encrypted storage for sensitive data at rest, access controls and staff training, and regular security assessments. No method of transmission over the internet is 100% secure; however, we are committed to protecting your data using commercially reasonable means.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33–34.

10. International Transfers

Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. Our primary third-party processors (e.g., Google, Stripe) maintain SCCs and relevant certifications.

11. Minors

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users by email or prominent notice on our website. Your continued use of our services after any changes constitutes acceptance of the revised policy.

13. Contact Us