← Back to Legal Center
Privacy Policy
Effective date: May 19, 2026
Last updated: May 19, 2026
1. Who we are
This Privacy Policy explains how Ironmetrics (the "App"), published by The Big M ("we", "us", "our"), handles personal information when you use the Ironmetrics mobile application.
You can contact us at thebigm1019@gmail.com.
2. What information we collect
We only collect what we need to make the App work for you. Specifically:
Information you provide directly
- Account information — your email address and (optionally) a display name and password. If you sign in with Apple or Google OAuth, we receive a unique identifier and your verified email from those providers.
- Workout data you log — exercises, sets, weights, reps, RPE, notes, programs, templates, gym profiles, warm-up settings, and rest-timer preferences.
- Support correspondence — messages you send to us via the in-app "Report a Bug" or "Feature Request" buttons, or directly to our support email.
Information collected automatically
- Diagnostic and crash data — when crash reporting is enabled, the App sends anonymized error reports (stack traces, device model, OS version, App version) to our error-monitoring provider so we can fix bugs. Crash reports do not include your email, workout content, or any other directly identifying information.
- Authentication metadata — when you sign in, our authentication provider records the timestamp of the session and a hashed session token on your device so you stay signed in.
Information we do not collect
- We do not collect your contacts, photos, location, microphone audio, biometrics, advertising identifiers, browsing activity, or device files.
- We do not sell your data, share it with advertisers, or use it for marketing analytics.
3. How we use your information
We use the information described above to:
- Create and maintain your account.
- Sync your workouts, programs, templates, and settings across your devices.
- Show you analytics and personal records derived from your own workout history.
- Respond to your support requests.
- Diagnose crashes and improve the App's reliability.
- Comply with applicable legal obligations.
We do not use your data for personalized advertising, profile sharing, or third-party analytics beyond crash reporting.
4. Legal basis for processing
Where the GDPR or UK GDPR applies, our legal bases are:
- Performance of a contract — to provide you the App once you create an account.
- Legitimate interest — to keep the App secure, diagnose crashes, and prevent abuse.
- Consent — for any optional crash reporting on devices where the platform requires explicit opt-in.
- Legal obligation — when we must respond to lawful requests.
5. How your data is stored and protected
- Workout data, account information, and authentication metadata are stored in Supabase (a managed Postgres + auth provider, US region) on our behalf.
- All network traffic between the App and our backend is encrypted in transit (TLS).
- Database access is restricted by row-level security policies that scope each row to the user that owns it.
- Crash reports, when enabled, are sent to our error-monitoring provider over TLS.
- Locally on your device, offline workouts queued for sync are stored using the platform's standard local-storage APIs (
AsyncStorage).
We use industry-standard safeguards, but no system is perfectly secure. If you become aware of a vulnerability, please contact us at thebigm1019@gmail.com.
6. Sub-processors
We use the following third parties to operate the App:
| Sub-processor |
Purpose |
Region |
| Supabase, Inc. |
Database, authentication, edge functions |
United States |
| Functional Software, Inc. (Sentry) |
Optional crash reporting |
United States |
| Apple Inc. / Google LLC |
OAuth sign-in (if you use Apple/Google sign-in) |
United States |
| Expo (EAS) |
Over-the-air JavaScript updates |
United States |
These providers process data only on our instructions and under their own privacy and security commitments.
7. Data retention
- Account and workout data — retained while your account exists. If you delete your account (see Section 9), all associated rows are removed within 30 days.
- Authentication sessions — retained until the session expires or you sign out.
- Crash reports — retained for up to 90 days by our crash-reporting provider, then automatically purged.
- Support correspondence — retained for up to 24 months unless you ask us to delete it sooner.
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Receive a copy of your data in a portable format.
- Correct inaccurate information.
- Delete your account and associated data.
- Withdraw any consent you previously gave.
- Lodge a complaint with your local data-protection authority.
You can exercise the access, export, and deletion rights directly from the App (see Section 9). For any other request, email us at thebigm1019@gmail.com and we will respond within 30 days.
9. Exporting and deleting your data
Export
Open Settings → Account & Data → Export Data. The App generates a JSON file containing all of your workouts (including sets and exercise references) and any offline queue, and opens your device's share sheet so you can save or send the file.
Account deletion (in-app)
Open Settings → Profile & Security → Delete Account and confirm. Your auth record is removed and database foreign-key cascades remove all of your workouts, sets, programs, templates, gym profiles, and preferences.
Account deletion request (without the App)
If you cannot use the App for any reason, see our public Data Deletion Request page or email thebigm1019@gmail.com with the subject line "Delete my account" from the address associated with your account. We complete deletion within 30 days and confirm by email.
10. Children's privacy
Ironmetrics is not directed to children under 13 (or under 16 in jurisdictions that require it). We do not knowingly collect personal information from children. If you believe a child has provided us their information, contact thebigm1019@gmail.com and we will delete it.
11. International transfers
Your data is stored in the United States. If you access the App from outside the US, you understand that your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced in the App release notes and reflected in the "Last updated" date at the top of this page. Continuing to use the App after changes take effect means you accept the updated Policy.
13. Contact
Questions about this Policy or your data?
- Email: thebigm1019@gmail.com
- Governing law: New York, United States