Privacy Policy
Effective Date: [DATE]
Iron Within Operations LLC ("Iron Within," "we") operates ironwithinoperations.com and provides 1:1 performance and operations consulting. This Privacy Policy explains what we collect, why we collect it, and who we share it with.
We are a small practice. Our default is to collect the minimum needed to deliver the engagement and to be specific about every third party that touches client data.
1. What We Collect
We collect the following categories of information:
- Identity and contact: name, email address, phone number.
- Intake responses: the answers you provide on intake forms — training history, current routine, schedule constraints, goals, prior injuries you choose to disclose, work and lifestyle context relevant to the engagement.
- Scheduling information: the dates and times you book, time zone, and any notes you add to a calendar event.
- AI scoping chat transcripts: the text of conversations you have with our pre-sale AI scoping tool on the site.
- Payment information: processed by Stripe. We see the last 4 digits of the card, the cardholder name, and the billing email — we do not store full card numbers, expiration, or CVV.
- Session notes: notes we write during or after sessions to track plan progress, action items, and adjustments.
- Communications: email correspondence, messages on any agreed async channel during a retainer.
- Basic site analytics: pages viewed, referring URL, anonymized IP, device type. Used for site improvement.
We do not collect Social Security numbers, government ID numbers, or financial account numbers.
2. How We Collect It
- Intake forms filled in on the site or in a linked form tool when you start an engagement.
- AI scoping chat when you choose to use the free pre-sale tool on the site.
- Scheduling tool (Calendly) when you book a discovery call or session.
- Payment when you complete checkout via Stripe.
- Direct communication — what you email, message, or share in sessions.
- Site visit — standard request logs and analytics on page loads.
3. Why We Collect It
- To deliver the service — performance audits, training plans, retainer check-ins, multi-week sprints, and accountability work all depend on the intake and session context.
- To schedule sessions — calendar invites, reminders, reschedules.
- To process payments — charging your card, issuing refunds, sending receipts.
- To communicate with you — engagement updates, plan adjustments, replies to your questions.
- To improve our methodology — in aggregated, de-identified form. We do not sell or share identifiable client data for outside research or marketing.
- To meet legal and tax obligations — retention of invoices and engagement records as required.
4. Third Parties
We share data only with the named subprocessors below, each for a specific purpose. We do not sell client data. We do not share client data with advertising networks.
| Subprocessor | Purpose | What they receive |
|---|---|---|
| Stripe | Payment processing | Name, email, billing address, card details entered into Stripe's secure form |
| Calendly | Scheduling | Name, email, time zone, any notes you add to the booking |
| Resend | Transactional email delivery (receipts, reschedule notices, engagement updates) | Name, email, message content we send |
| Vercel | Website and form hosting | Standard request logs and any data submitted through the site |
| Google Workspace | Founder email and calendar | Email correspondence, calendar entries |
| OpenAI | Powers the AI scoping chat on the site | The text content of your scoping conversations |
Each subprocessor has its own privacy policy and security practices. We choose subprocessors that handle business-grade data appropriately, and we limit what each one receives to what it needs.
5. AI Scoping Chat — Important Disclosure
The free scoping chat on ironwithinoperations.com is powered by OpenAI. When you type in the scoping chat:
- Your conversation contents are sent to OpenAI to generate the response.
- OpenAI may process and temporarily store these contents per their own terms.
- The conversation may be retained on our side so we can review scoping outcomes and improve the tool.
Do not enter payment card numbers, government identification, prescription details, specific medical diagnoses, or other sensitive personal information into the scoping chat. The chat is a goal-articulation tool, not a secure intake channel. For an engagement, we use a separate intake process.
If you have any concern about the scoping chat, you can skip it and email support@ironwithinoperations.com to begin a conversation directly.
6. Cookies and Analytics
We use the minimum cookies needed for the site to function — for example, to keep your session active on a form, or to remember a UI preference. We use basic, privacy-respecting page analytics to understand traffic patterns (which pages are visited, where visitors arrive from). We do not run advertising trackers, retargeting pixels, or third-party marketing cookies on this site.
If a cookie banner is required by your jurisdiction, you will see one on your first visit.
7. Data Retention
- Active client records — intake responses, session notes, deliverables, invoices — are retained for the duration of the engagement plus 3 years, to meet tax and legal recordkeeping obligations.
- Intake-only records (someone who filled in an intake but did not start an engagement) are purged after 12 months.
- AI scoping chat transcripts are retained for up to 12 months and then purged unless tied to a started engagement.
- Payment records are retained as long as required by Stripe and US tax law (typically 7 years).
- General site analytics are kept in aggregated form only.
You can request earlier deletion of your records at any time — see Your Rights below.
8. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold on you.
- Correct — ask us to correct anything that is inaccurate.
- Delete — request deletion of your records, subject to legal retention requirements (e.g., invoices we must keep for tax purposes).
- Export — receive your intake responses, plans, and session notes in a portable format.
- Withdraw consent — stop the engagement at any time. See the Refund Policy for financial terms.
To exercise any of these rights, email support@ironwithinoperations.com from the email tied to your account. We will respond within 30 days.
9. Children
Iron Within is not directed to anyone under 18. We do not knowingly collect data from minors. If we learn we have collected information from a person under 18, we will delete it. If you believe a minor has provided information to us, contact support@ironwithinoperations.com.
10. International Users
Iron Within is a US-based practice and currently serves clients in the United States. If you access the site from outside the US, your information will be transferred to and processed in the US. Engagements with clients outside the US are evaluated case by case.
11. Security
We use commercially reasonable security practices:
- TLS encryption in transit for the site, intake forms, and email.
- Limited admin access — only the founder accesses client records day to day.
- Reputable, business-grade subprocessors (named above) rather than ad-hoc tools.
- We do not store payment card numbers on our systems.
No system is perfectly secure. If a security incident affects your data, we will notify affected clients without unreasonable delay and describe what happened and what we are doing about it.
12. Changes to This Policy
We will update this Privacy Policy as the practice evolves — for example, if we add a new subprocessor or change a retention period. The Effective Date at the top reflects the current version. For material changes, active clients will receive an email notice.
13. Contact
For privacy questions, data requests, or to report a concern:
Email: support@ironwithinoperations.com Entity: Iron Within Operations LLC
We respond to privacy email within 2 business days.