Privacy Policy

Effective: May 6, 2026 · Last updated: May 6, 2026

This Privacy Policy explains how Black Iron Nutrition LLC ("Black Iron Nutrition", "we", "us", or "our") collects, uses, stores, and shares information when you use our coaching service through the website at tools.blackironnutrition.com and the Black Iron Nutrition mobile application (collectively, the "Service").

By creating an account or using the Service, you agree to the practices described here. If you don't agree, please don't use the Service.

1. Information we collect

Account information

Coaching and health information

Wearable and third-party app data

If you connect a wearable device or nutrition-tracking app (Garmin, Oura, Fitbit, Whoop, Coros, Polar, Suunto, Withings, MyFitnessPal, Cronometer, MacrosFirst, etc.) we receive the following from that integration:

We only receive data for the categories the integration supports and that you authorize.

Apple HealthKit (iOS only)

Our iOS app may read health and fitness data from Apple HealthKit if you grant permission. Categories may include: workouts, active energy, steps, distance, sleep analysis, body mass, body fat percentage, heart rate, heart rate variability, and dietary data (calories, macronutrients).

Per Apple's HealthKit policy:

You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → Black Iron Nutrition.

Mobile app permissions

The mobile app may request the following permissions:

All permissions are optional; the app works (with reduced functionality) if you decline any of them.

Payment information

Subscription billing is handled by Stripe. We do not store full credit card numbers on our servers. We do retain:

Usage and technical information

We do not use third-party analytics, advertising, or tracking SDKs. We do not sell your data.

2. Not a HIPAA-covered entity

Black Iron Nutrition is a coaching service, not a healthcare provider, health plan, or healthcare clearinghouse. We are not a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act (HIPAA). The health and fitness information you share with us is not Protected Health Information (PHI) and is not covered by HIPAA.

We treat the health and fitness information you share as sensitive personal data and protect it with the security and disclosure practices described in this policy.

3. How we use your information

4. How we share your information

We share data with the following service providers strictly to operate the Service:

Inside Black Iron Nutrition, your data is accessible to:

We may disclose information when required by law, in response to valid legal process, or to protect rights, property, or safety. We do not sell or rent personal information to third parties.

5. Children

The Service is intended for users 18 years of age and older. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it.

6. Cookies and similar technologies

On the website, we use a small number of strictly-necessary technologies to keep you logged in and secure:

On the mobile app, we use bearer tokens (stored securely in iOS Keychain / Android Keystore) for authentication, plus an Expo push-notification token (if you grant notification permission).

We do not use third-party advertising cookies, cross-site trackers, fingerprinting libraries, or "Like"/"Share" buttons that report back to social networks. We honor "Do Not Track" (DNT) browser signals — although since we don't track in the first place, the practical effect is the same either way.

7. Data retention

We retain your account, coaching, and health information for as long as your account is active. After cancellation, your data is preserved so you can resume coaching with your prior history intact. You may request deletion at any time (see Section 9).

When you request deletion, we will permanently remove your account, photos (from R2 storage), and dependent records (check-ins, measurements, messages, Terra data, etc.) within 30 days. Some information may be retained for longer where required by law (e.g., financial records for tax purposes) or in anonymized backup snapshots that age out automatically.

Server logs and email delivery logs are retained for up to 12 months. Push notification tokens are retained while your mobile session is active and rotated when you log out.

8. Security

No system is perfectly secure. We will notify affected users in accordance with applicable law if we learn of a breach affecting their personal information.

9. Your rights

You can:

10. International users

The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries where our service providers operate. By using the Service you consent to that transfer.

11. California, Virginia, and other state privacy rights

Residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and Utah) have specific rights regarding their personal information:

We do not sell or share personal information for targeted advertising, and we do not use sensitive personal information beyond providing you the coaching service. We treat health and fitness data, payment information, and account credentials as sensitive personal data.

To exercise any of these rights, contact us using Section 13. We may need to verify your identity before fulfilling the request. We will respond within the timeframes required by your state's law (typically 30-45 days). You can designate an authorized agent to make a request on your behalf, subject to verification.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated to active clients by email.

13. Contact

Black Iron Nutrition LLC
Privacy questions / data requests: admin@blackironnutrition.com

Please use the subject line "Privacy Request" to help us route your message quickly.