IRONRATED

IronRated — Privacy Policy

Effective date: June 9, 2026 Last updated: June 10, 2026

This document explains what IronRated collects, why, who else sees it, how long we keep it, and how you remove it. Plain English. If something here is unclear, email us at the address in §10 and we'll fix the wording.


1. Who we are

IronRated is an iOS app for community-driven supplement, energy-drink, and gym-food reviews. It's built and operated by Philip Napolitano and Vinny — independent indie developers, not a registered company. Contact details in §10.

When this policy says "we", "us", or "IronRated", it means the two of us. When it says "you", it means the person using the app.


2. What we collect (and only what we collect)

You don't have to give us anything to install the app. You only give us data when you sign up. We collect:

Category What it is Why we collect it
Email address Provided when you sign in. With Sign in with Apple this can be Apple's relay email — we accept either. To identify your account, send password resets, send important account notices.
Display name + handle Public profile fields you choose during sign-up. Shown on your reviews + the leaderboard.
Reviews Star rating, sub-ratings (taste / effectiveness / value), comments, would-buy-again flag, optional store name, optional flavor. This is the app's core feature — what you write is what other lifters see.
Photos Up to 3 per review, plus an optional avatar. We strip EXIF metadata on upload — your phone's location, model, and timestamp don't ride along. So your reviews aren't just text.
Votes + follows Up/down votes on other people's reviews, and who you choose to follow. Drives the leaderboard ranking and your "friends feed".
IP address Captured automatically when you sign up and when rate-limited actions (reviews, votes, uploads) hit our servers. We never use it to determine your location. Anti-abuse only — duplicate-account detection, rate limiting, and anomaly detection. Removed on the first weekly purge after a 30-day retention window (§6).
Support messages The title and text of any bug report, feature suggestion, or content report you send us — Settings → "Report a Bug" / "Suggest a Feature", or a review's "Report" menu. To act on it: fix bugs, weigh feature requests, and review reported content.
Device model + iOS version Only when you tap "Report a Bug" in Settings. So we can reproduce the bug. We don't pull this passively, and we don't attach it to feature suggestions or content reports.
Crash reports Generated by Apple's Crash Organizer when the app crashes. Required for us to fix the crash.

We do not collect: your location (and we don't use your IP address to infer it, either), your contacts, your photo library beyond the ones you upload, your health/fitness data, your device's unique advertising identifier (IDFA), any analytics about how you tap around the app, or anything else not in the table above.


3. Sign in with Apple

We support Sign in with Apple as the primary sign-in. If you use it and pick "Hide my email", Apple gives us a private relay address (...@privaterelay.appleid.com). We treat that exactly like a regular email — it's only used for account-related messages, never marketing.

We also support email-and-password as a fallback. Passwords are hashed by our auth provider (Supabase, see §4) and we never see them in plaintext.


4. Third parties we use

IronRated runs on top of a handful of vendor services. They process data on our behalf and only for the purpose listed.

Vendor What they see Why
Supabase Everything — they host our database, file storage, and authentication. Backend infrastructure. Hosted in the United States.
Apple Apple ID identifiers when you Sign in with Apple. Crash reports if you opt-in to share them in iOS Settings. Authentication + crash reporting.
OpenAI Just the text of your review (no name, no email, no account ID) when we run moderation on submitted reviews. Every review's text is automatically checked before it becomes visible to other users. We use OpenAI's text-moderation API to flag content that violates our community rules (hate, harassment, illegal content).
Hive Moderation Just the photo bytes (no metadata) when you upload a review photo or avatar. We use Hive to flag NSFW imagery before a photo is published.
Anthropic Photos + product name when an admin uses the auto-fill feature to add a new product to the catalog. We use Anthropic's Claude to extract nutrition info from product label photos.

These vendors are bound by their own privacy policies and by contracts that prohibit them from using your data for their own purposes. They do not get to train models on your reviews, your photos, or your account data.

We never sell your data. We never share it with advertisers. We have no advertising on IronRated.


5. Children

IronRated is intended for users age 13 and older. We don't knowingly collect data from anyone under 13. If you're a parent or guardian and you think your child has signed up, email us and we'll delete the account.

We don't have a separate "kids mode" because community-review apps inherently include user-generated content that we can't pre-filter for younger users. This is why the App Store age rating for IronRated is 17+.


6. How long we keep it

Data Retention
Account profile (email, handle, display name) Until you delete your account.
Reviews, photos, votes, follows Until you delete the review/photo/vote/follow, or your account.
Soft-deleted content 30 days, then permanently purged. This grace window exists so you can change your mind.
IP addresses (anti-abuse) Retained 30 days, then removed by our weekly purge job — so within about 37 days.
Support messages (bug reports, suggestions, content reports) Kept while we act on them and for our records; removed or de-identified when your account is purged.
Audit log (admin actions, moderation decisions) Retained indefinitely for community-trust reasons. Tied only to the admin actor, not to you.
Anonymized post-deletion records Records that refer to you (e.g. a vote you cast on someone else's review) keep your user reference set to NULL after account deletion. Your identity is gone; the vote count it contributed to remains.

7. Deleting your account

In the app: Settings → Account → Delete Account. The flow soft-deletes your profile and all your reviews/photos/votes/follows immediately — they vanish from every other user's view. After 30 days, our weekly purge job hard-deletes the underlying rows, the photo files, and your sign-in identity (the authentication record). After that, recovery is no longer possible.

Changed your mind? Email privacy@ironrated.app within the 30-day window and we'll restore the account. There is no self-serve recovery — signing back in won't undo the deletion.

You can also email us at the address in §10 and we'll do it manually.

GDPR / CCPA: if you're in the EU, UK, or California and have the right to request a data export or correction, email us at the address in §10. We'll respond within 30 days.


8. Security

We do our best, but no system is perfectly secure. If you spot a security issue, please email the address in §10 before disclosing it publicly.


9. Changes to this policy

If we change anything material, we'll update the Last updated date at the top and surface a notice inside the app before the change takes effect. If you don't agree with the new version, you can delete your account before it kicks in.


10. Contact

For privacy questions, data requests, account deletion help, or security disclosures:

📧 privacy@ironrated.app

(If you're on iOS and want this email pre-filled, Settings → Account → Contact Support opens it for you.)


IronRated is an independent project. We're two people. We don't have a privacy team — Philip handles every email personally.