Privacy Policy

1. Introduction

Reardon Web Development DBA The Irons Academy (“we,” “us,” or “our”) operates the website at ironsacademy.com (“the Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

By creating an account or using the Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.

2. Information We Collect

Information You Provide Directly

• Account information: First name, last name, email address, and password when you create an account.
• Profile information: Department name, organization type, city, and state that you optionally provide.
• Study preferences: Selected certifications, target exams, and study focus areas.
• Study activity data: Flashcard review history, confidence ratings, exam scores, session durations, study streaks, and progress metrics.
• Payment information: Billing details processed securely through Stripe. We do not store your full credit card number, CVC, or expiration date on our servers. We retain only the card brand (e.g., Visa) and last four digits for your reference.
• Communications: Any information you provide when contacting us for support or feedback.

Information Collected Automatically

• Usage data: Pages visited, features used, session duration, and interaction patterns.
• Device information: Browser type, operating system, and device type.
• Error and performance data: Application errors, performance metrics, and diagnostic data collected via Sentry to improve Platform reliability.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Platform: Deliver study content, track your progress, manage your account, and process payments.
• Personalize your experience: Generate AI-powered study recommendations based on your study performance data. When generating recommendations, we send anonymized study metrics (scores, confidence levels, review history) to OpenAI. No personally identifiable information (name, email, payment data) is included in AI requests.
• Spaced repetition scheduling: Calculate optimal review intervals for flashcards based on your confidence ratings and review history.
• Process transactions: Manage subscriptions, process payments, and handle billing inquiries through Stripe.
• Communicate with you: Send service-related communications such as account verification, subscription confirmations, billing receipts, and important Platform updates.
• Improve the Platform: Analyze usage trends and error data to fix bugs, improve features, and enhance overall performance.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.

4. Third-Party Services

We use the following third-party services that may process your data in accordance with their own privacy policies:

• Supabase: Authentication, database hosting, and data storage. Data is hosted in the United States. See Supabase's Privacy Policy.
• Stripe: Payment processing and subscription management. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
• OpenAI: AI-powered study recommendations. Only anonymized study performance data is shared. See OpenAI's Privacy Policy.
• Sentry: Error monitoring and performance tracking. See Sentry's Privacy Policy.
• Vercel: Website hosting and deployment. See Vercel's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5. Cookies and Similar Technologies

We use cookies and similar technologies strictly for essential Platform functionality:

• Authentication cookies: To keep you signed in and maintain your session.
• Security cookies: To support secure payment processing through Stripe.
• Preference cookies: To remember your display settings (e.g., light/dark mode).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

6. Data Retention

We retain your account and study data for as long as your account is active or as needed to provide you with the Platform's services.

• You can request deletion of your data at any time through your account settings or by contacting us.
• Upon account deletion, we remove your personal data within 30 days.
• We may retain certain data where required by law (e.g., billing records for tax purposes) or to resolve disputes.
• Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit via TLS/SSL.
• Encryption at rest for sensitive data stored in our database.
• Secure authentication with hashed passwords (managed by Supabase Auth).
• Role-based access controls limiting data access to authorized personnel.
• PCI DSS compliant payment processing through Stripe.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within seventy-two (72) hours of becoming aware of the breach, in accordance with applicable law. Notification will include the nature of the breach, the types of data affected, and steps we are taking to address it.

9. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data.
• Export: Export your study data in a portable format via your account settings.
• Opt out: Opt out of non-essential communications at any time through your notification preferences.

To exercise any of these rights, contact us at info@ironsacademy.com. We will respond to requests within 30 days.

10. Do Not Sell My Information

We do not sell your personal information. We have never sold personal information, and we have no plans to do so. This applies to all users regardless of their state of residence.

11. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date above. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Platform after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your data rights, please contact us at:

Reardon Web Development DBA The Irons Academy
Email: info@ironsacademy.com