IRON3
Download
← Home

Legal

GDPR & Data Protection

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, this page explains your rights under the General Data Protection Regulation and how we protect them.

Last updated: April 18, 2026

This page supplements our Privacy Policy with information specific to data protection regulations applicable in the EEA, UK, and Switzerland.

1. Data Controller

The data controller responsible for your personal data is:

Vibe Digital LLC
1001 D MAIN ST, STE 600
KALISPELL, MT 59901-1498
United States

Data protection contact: contact@iron3.app

2. Legal Bases for Processing

We process your personal data under the following legal bases:

  • Performance of a contract. Processing necessary to provide the IRON3 Service you signed up for — account management, session tracking, preparation plans, data synchronization with connected devices, and event calendars.
  • Legitimate interests. Improving the Service, troubleshooting bugs, preventing fraud, and ensuring platform security — where these interests do not override your fundamental rights.
  • Consent. Where required — for example, optional marketing communications or connecting third-party fitness devices. You may withdraw consent at any time.
  • Legal obligation. Processing required to comply with applicable laws, such as tax or accounting requirements.

3. Your Data Subject Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15). Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16). Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17).Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Right to data portability (Art. 20). Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to restriction (Art. 18). Request that we limit processing of your data in certain circumstances.
  • Right to object (Art. 21). Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7). Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decision-making (Art. 22). IRON3 does not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

4. How to Exercise Your Rights

To exercise any of the rights above, email us at contact@iron3.app with the subject line “GDPR Request.” We will verify your identity and respond within 30 days. If your request is complex or we receive a high volume, we may extend this by an additional 60 days with notice.

There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

5. International Data Transfers

IRON3 is operated from the United States. When your personal data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all sub-processors.
  • Encryption in transit and at rest for all personal data.

6. Sub-Processors

We use the following categories of sub-processors:

  • Hosting and database: Supabase (cloud infrastructure and authentication).
  • Device integrations: Garmin, Apple, COROS, Suunto, and Wahoo APIs — data exchanged only with your explicit authorization.
  • Email delivery: Transactional email service for account notifications and service communications.
  • Error monitoring: Crash reporting and diagnostics tools for app stability.

7. Cookies

The iron3.app marketing website uses only essential cookies necessary for basic site functionality (e.g., navigation, security). We do not use third-party advertising or behavioral tracking cookies on this site. No cookie consent banner is required for strictly necessary cookies under ePrivacy regulations; however, should we add non-essential cookies in the future, we will implement a consent mechanism before deployment.

8. Data Retention

We retain personal data as follows:

  • Active accounts: Data is retained for the lifetime of your account.
  • Deleted accounts: Personal data is erased or anonymized within 30 days of account deletion, except where retention is required by law.
  • Support correspondence: Retained for up to 2 years after resolution for quality assurance and legal compliance.
  • Billing and transaction records: Retained as required by tax and accounting regulations (typically 7 years).

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EEA data protection authorities is available at edpb.europa.eu.

We encourage you to contact us first at contact@iron3.app so we can attempt to resolve any concerns directly.

10. Changes to This Page

We may update this GDPR information as our practices evolve or regulations change. Updates will be reflected with a revised “Last updated” date at the top of this page.

11. Contact

For any data protection inquiries:

Vibe Digital LLC
1001 D MAIN ST, STE 600
KALISPELL, MT 59901-1498
United States

Email: contact@iron3.app
Phone: +1 (917) 730-4472