Ironmind.ai
Ironmind.ai
  • Home
  • News
  • Ambassador Program
  • Products
  • API Hub
  • Pilot Program
  • Clients
  • About
  • Careers

Ironmind.ai Privacy Statement: Use of Wearable Health and Activity Data

Effective Date: June 10, 2025

Last Updated:October 8, 2025


At Ironmind.ai Inc., we are committed to protecting the privacy and security of all users, including athletes, coaches, and organizational partners. This Privacy Policy describes how we collect, use, and disclose personal health and activity data through our platform at www.ironmind.ai.


By using our services and connecting your wearable device or other health data source, you agree to the terms outlined in this policy.


1. Who We Are

Ironmind Inc. (“Ironmind,” “we,” “our,” or “us”) is a Delaware-registered C-Corp headquartered in San Francisco, California. We build AI-powered tools for mental and physical performance optimization, primarily targeting athletes, military personnel, coaches, and clinical partners.


This policy applies to data collected via our website, APIs, and associated applications and services.


2. What We Collect

When you authorize Ironmind to access your wearable or connected data source, we may collect and process the following information:

  • Biometric and physiological data (e.g., heart rate, HRV, sleep, respiration rate, stress levels)
  • Physical activity and training logs (e.g., workout type, duration, performance data, GPS movement patterns)
  • Device and session metadata (e.g., device type, firmware version, sync timestamps)
  • This data is retrieved only with explicit user consent and is used to generate insights, alerts, and mental performance recommendations within the Ironmind platform.


3. How We Use This Data

We use wearable and self-reported data to:

  • Deliver personalized mental and physical performance feedback
  • Generate AI-powered analytics on stress, recovery, and readiness
  • Support clinicians, coaches, or organizations (only when authorized by the user)
  • Improve product accuracy and validate outcomes through aggregated, anonymized analysis
  • Maintain service functionality and enhance user experience
  • We do not sell, lease, or commercialize individual health data to third parties.


4. How We Share and Protect Your Data

We may share your data only under the following circumstances:

  • With authorized partners (e.g., clinicians or coaches) after explicit consent
  • With trusted third-party service providers who process data under strict confidentiality and security agreements
  • When required by law, regulation, or legal process
  • In the context of a merger, acquisition, or asset transfer, under appropriate confidentiality protections
  • In fully anonymized or aggregated form for research and performance analytics
  • All personal data is encrypted in transit and at rest. Ironmind adheres to the principles of HIPAA, GDPR, and ISO 27001-aligned data security practices.


5. Data Governance, Hosting, and Retention

Ironmind stores and processes data using secure Google Cloud Platform (GCP, US West region) infrastructure certified under SOC 2, ISO 27001, and HIPAA compliance standards.

  • Access to identifiable data is restricted to authorized personnel under least-privilege access controls.
  • Internal access is logged and periodically reviewed.
  • Data is retained for 24 months after last account activity, after which it is anonymized or permanently deleted from active and backup systems within 90 days.
  • We review and update this policy and our security practices annually or as required by applicable law.


6. AI Data Processing and Anonymization

To improve our AI-powered analytics (e.g., GritScore™ and GritOS insights), Ironmind may use anonymized or pseudonymized data.

  • Personal identifiers (name, email, device IDs) are removed or replaced with hashed tokens prior to model training.
  • No identifiable information is used for algorithmic development or validation without prior consent.


7. User Rights and Controls

You can access, manage, or revoke data sharing at any time by logging into your Ironmind account or disconnecting your wearable integration.

You have the right to:

  • View and access your data
  • Request correction or deletion of personal information
  • Withdraw your consent at any time
  • Request export of your data in a machine-readable format

To exercise your rights, please contact us at privacy@ironmind.ai.


8. Breach Notification

In the unlikely event of a data breach affecting your personal information, Ironmind will:

  • Notify affected users and relevant authorities within 72 hours, consistent with GDPR Article 33 and HIPAA breach notification requirements.
  • Provide information about the nature of the breach, affected data categories, and remedial measures taken.


9. Children and Minors

Ironmind is not designed for users under the age of 18 without the consent and supervision of a parent, guardian, or authorized school representative. We do not knowingly collect data from minors.


10. Policy Updates

This Privacy Policy may be updated periodically. Material changes will be communicated to users via email or in-app notice at least 14 days before new terms take effect. The latest version will always be available at www.ironmind.ai/privacy.


11. Contact Information

  • Privacy Officer – Ironmind.ai Inc.
  • San Francisco, CA, USA
  • Email: privacy@ironmind.ai
  • Website: https://www.ironmind.ai

  • News
  • Ambassador Program
  • Products
  • API Hub
  • Pilot Program
  • Clients
  • About
  • Careers
  • Privacy

Ironmind.ai

San Francisco | Hong Kong | Taiwan | Australia

Copyright © 2025 Ironmind.ai - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept