PRIVACY POLICY — ION
Last Updated: 14 February 2026
1. INTRODUCTION
1.1 Who We Are
This Privacy Policy explains how your personal data is collected, used, stored, and protected when you use the ION mobile application (the "App").
The data controller is:
Carlos Martín de Argila Sole proprietor registered in Madrid, Spain 📧 carlosmdalbusinessman@gmail.com
1.2 Scope
This Privacy Policy applies to:
- (a) The ION mobile application for iOS (and any future Apple Watch companion app)
- (b) The website at https://getion.app (the "Website")
- (c) All related services, features, and communications
1.3 Legal Framework
We process personal data in accordance with:
- (a) The General Data Protection Regulation (EU) 2016/679 ("GDPR")
- (b) The Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales ("LOPDGDD") of Spain
- (c) Apple's App Store Guidelines and HealthKit Developer Guidelines
1.4 Agreement
By creating an account or using the App, you acknowledge that you have read and understood this Privacy Policy. Where processing is based on consent, you may withdraw that consent at any time as described in Section 11.
2. DATA WE COLLECT
We collect and process the following categories of personal data:
2.1 Account Registration Data
| Data Point | Required / Optional |
|---|---|
| Email address | Required |
| Password (hashed) | Required |
| Display name | Required |
| Date of birth | Required |
| Height (cm) | Required |
| Weight (kg) | Required |
| Fitness objective | Required |
| Preferred weight unit | Required |
| Preferred distance unit | Required |
| Profile image | Optional |
If you register via Apple Sign-In, we receive your name (if provided) and email address. If you register via Google Sign-In, we receive your name and email address.
2.2 Sleep Onboarding Data
During onboarding, you are asked the following sleep-related questions, and your responses are stored:
- Primary sleep goal
- Pregnancy status
- Whether you train intensely or have a physically demanding job
- Whether you work night or rotating shifts
- Natural sleep profile (short / typical / long sleeper)
- Recommended sleep hours (calculated based on your responses)
- Selected sleep goal hours
- Whether a custom sleep goal was set
2.3 Fitness & Workout Data
- Exercise names, descriptions, types, and configurations (including custom exercises)
- Workout logs: sets, repetitions, weight, time, distance
- Routine names, structure (warm-up, main, cool-down), and scheduling preferences
- Exercise and routine favourites, ordering preferences
2.4 Nutrition Data
- Food log entries (text descriptions, caloric and macronutrient values)
- Food photos (when provided by you), stored on our servers
2.5 Apple HealthKit Data
With your explicit permission, we read the following data from Apple HealthKit:
- Heart rate (
HKQuantityTypeIdentifier.heartRate) - Sleep analysis (
HKCategoryTypeIdentifier.sleepAnalysis) — including sleep sessions and sleep stages
HealthKit data remains on your device. It is not transmitted to our servers, not shared with any third party, and not used for advertising or marketing purposes. We comply fully with Apple's HealthKit guidelines.
2.6 AI Assistant Data
- Text messages you send to the AI Coach
- Images you attach to AI Coach queries (if any)
- AI-generated responses
- Conversation metadata (conversation ID, timestamps)
2.7 Legal Acceptance Records
- Timestamp and version number of your acceptance of the App's Disclaimer and Terms of Service
2.8 Technical Data (Incidental)
We do not actively collect device model, operating system version, or IP addresses within our application code. However, the following infrastructure-level collection may occur:
- Server access logs generated by our hosting infrastructure and reverse proxy (e.g., Cloudflare, Traefik) may contain IP addresses and request metadata
- Third-party service providers (listed in Section 6) may collect technical metadata in accordance with their own privacy policies
3. HOW WE USE YOUR DATA
3.1 Purposes and Legal Bases
Under GDPR Article 6, we process your data on the following legal bases:
| Purpose | Data Used | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Account creation and authentication | Email, password, name, OAuth credentials | 6(1)(b) — Performance of contract |
| Providing core tracking features (workouts, nutrition, progress) | Fitness data, nutrition data, onboarding responses | 6(1)(b) — Performance of contract |
| Displaying sleep and heart rate data from HealthKit | HealthKit data (on-device only) | 6(1)(a) — Explicit consent (HealthKit permission) |
| AI Coach functionality (generating responses) | Chat messages, workout history, routine data | 6(1)(b) — Performance of contract |
| Personalizing sleep recommendations | Sleep onboarding responses, date of birth | 6(1)(b) — Performance of contract |
| Managing subscriptions and entitlements | Account ID, subscription status | 6(1)(b) — Performance of contract |
| Sending transactional emails (verification, password reset) | Email address | 6(1)(b) — Performance of contract |
| Sending scheduled workout reminders | Routine scheduling preferences | 6(1)(a) — Consent (notification permission) |
| Enforcing Terms of Service and preventing abuse | Account data, usage patterns | 6(1)(f) — Legitimate interest |
| Complying with legal obligations | Account data, legal acceptance records | 6(1)(c) — Legal obligation |
3.2 Special Category Data
Your sleep onboarding data includes pregnancy status, which constitutes special category data under GDPR Article 9. We process this data on the basis of your explicit consent (Article 9(2)(a)), which you provide during the onboarding flow. You may withdraw this consent at any time by contacting us (see Section 13), and we will delete the relevant data.
3.3 What We Do NOT Do
- ❌ We do not sell your personal data to anyone
- ❌ We do not use your data for advertising or targeted marketing
- ❌ We do not share HealthKit data with any third party or server
- ❌ We do not use HealthKit data for any purpose other than displaying it to you within the App
- ❌ We do not use your data to build advertising profiles
- ❌ We do not currently use any analytics, tracking, or advertising SDKs
4. AI COACH — DATA PROCESSING DETAILS
Given the sensitivity of AI-mediated data processing, we provide additional transparency here.
4.1 What Data Is Sent to the AI Provider
When you use the AI Coach, the following data may be sent to our AI service provider (currently OpenRouter, which routes requests to various underlying large language model providers):
- Your text message / query
- Any image you attach to a query (sent as encoded image data)
- Recent conversation history from that chat session
- Contextual workout data retrieved via tool calls, which may include:
- Exercise names and details
- Routine names and structure
- Workout history (sets, reps, weight, time, distance)
4.2 What Data Is NOT Sent to the AI Provider
- ❌ HealthKit data (heart rate, sleep analysis)
- ❌ Food photos or nutrition logs
- ❌ Personal profile data (email, date of birth, height, weight)
- ❌ Password or authentication credentials
4.3 AI Provider Data Retention
OpenRouter and its underlying model providers may process and temporarily store data in accordance with their own terms. Some underlying model providers may retain inputs for abuse monitoring or, depending on model and configuration, for model improvement. We do not control the data practices of downstream AI model providers.
We recommend reviewing:
- OpenRouter Privacy Policy: https://openrouter.ai/privacy
4.4 AI Conversations Are Stored
Your AI Coach conversations (messages sent and received) are stored on our servers to enable conversation continuity and history across sessions. These are deleted when you delete your account.
5. DATA STORAGE AND SECURITY
5.1 Where Your Data Is Stored
| Data Type | Storage Location |
|---|---|
| Account data, fitness data, nutrition data, AI conversations | PostgreSQL database on a Virtual Private Server (VPS) hosted by OVHCloud in Beauharnois (BHS), Canada |
| Food photos | Supabase Storage (hosted on the same VPS infrastructure) |
| Profile images | Supabase Storage (hosted on the same VPS infrastructure) |
| HealthKit data (sleep, heart rate) | On your device only — not transmitted to our servers |
5.2 Security Measures
We implement the following measures to protect your data:
- (a) Encryption in transit: All data transmitted between the App and our servers is encrypted using HTTPS/TLS
- (b) Authentication and access control: Supabase Auth with Row Level Security (RLS) policies ensure that each user can only access their own data
- (c) Password hashing: Passwords are hashed before storage and are never stored in plaintext
- (d) Server access control: Server access is restricted via SSH and is limited to the app operator
- (e) Email verification: Account creation requires email verification via one-time password (OTP)
5.3 Security Limitations
In the interest of transparency:
- We do not currently implement encryption at rest at the host or volume level on the VPS
- We do not currently maintain a formal, automated backup schedule (this is being improved)
We continuously work to improve our security posture and will update this Privacy Policy as additional measures are implemented.
6. THIRD-PARTY SERVICE PROVIDERS
We use the following third-party service providers ("processors") to operate the App:
| Provider | Purpose | Data Accessed | Location |
|---|---|---|---|
| Supabase | Authentication, database, file storage | Account data, fitness data, nutrition data, photos | Self-hosted on OVH VPS (Canada) |
| OVHCloud | Server hosting (VPS) | All server-stored data (as hosting provider) | Beauharnois, Canada |
| OpenRouter | AI Coach — LLM API routing | Chat messages, conversation history, workout context data | United States (and dependent on underlying model provider) |
| Apple | Sign-In with Apple, HealthKit, In-App Purchases | OAuth credentials, HealthKit data (on-device only), payment data | United States |
| Sign-In with Google | OAuth credentials | United States | |
| Resend | Transactional email delivery (verification, password reset) | Email address, email content | United States |
| Cloudflare | DNS, CDN, and reverse proxy | IP addresses, request metadata (at infrastructure level) | Global |
| RevenueCat | Subscription management and entitlement tracking | User ID, subscription status, purchase receipts | United States |
Each provider processes data solely for the purposes described above and is subject to their own privacy policies and data processing terms.
7. INTERNATIONAL DATA TRANSFERS
7.1 Transfers Outside the EEA
Your personal data is transferred to and processed in the following jurisdictions outside the European Economic Area:
| Destination | Provider(s) | Safeguard |
|---|---|---|
| Canada | OVHCloud (VPS hosting) | European Commission adequacy decision (Commission Decision 2002/2/EC, as maintained under GDPR Article 45) |
| United States | OpenRouter, Apple, Google, Resend, RevenueCat, Cloudflare | EU-U.S. Data Privacy Framework (where certified) and/or Standard Contractual Clauses (SCCs) as provided by each processor |
7.2 Your Rights Regarding Transfers
If you have questions or concerns about international transfers of your data, you may contact us at any time (see Section 13). You also have the right to lodge a complaint with your supervisory authority (see Section 11.2).
8. DATA RETENTION
8.1 General Retention Periods
| Data Category | Retention Period |
|---|---|
| Account and profile data | Retained for as long as your account is active |
| Fitness, nutrition, and workout data | Retained for as long as your account is active |
| AI conversation history | Retained for as long as your account is active |
| Food photos and profile images | Retained for as long as your account is active (or until you delete them) |
| Legal acceptance records (disclaimer timestamp/version) | Retained for as long as your account is active, and may be retained for up to 3 years after account deletion for legal compliance purposes |
| Server infrastructure logs (IP addresses, request metadata) | Retained according to default infrastructure/provider log rotation policies (typically 30–90 days) |
8.2 Account Deletion
When you delete your account through the App:
- (a) Your profile data, fitness data, nutrition data, food photos, profile image, and AI conversations are deleted immediately from our database and storage
- (b) Deletion cascades through all related database records automatically
- (c) There is no grace period — deletion is immediate and irreversible
- (d) Data that has already been transmitted to third-party AI providers is subject to those providers' own retention policies (see Section 4.3)
- (e) Infrastructure logs that may contain your IP address or request metadata will expire according to standard log rotation (typically 30–90 days)
8.3 Free-Tier Locked Data
If you use ION Free, certain data (e.g., exercise sessions beyond the most recent 10, calendar entries beyond 14 days) is stored on our servers but access-limited within the App. This data is not deleted — it is retained and becomes accessible if you upgrade to ION Pro. It is fully deleted if you delete your account.
8.4 Inactive Accounts
We do not currently auto-delete inactive accounts. We reserve the right to introduce an inactivity policy in the future (e.g., deletion after 24 months of inactivity), in which case we will notify you by email before any deletion occurs.
9. CHILDREN'S PRIVACY
9.1 Age Requirement
The App is intended for users aged 14 and older, in accordance with Spain's LOPDGDD. Users between 14 and 18 must have parental or guardian consent.
9.2 Age Verification
During registration, users are required to provide their date of birth. If the date of birth indicates the user is under 14 years of age, account creation is blocked and the user is shown an error message.
9.3 Discovery of Underage Users
If we discover or are informed that we have collected personal data from a child under 14 without verified parental consent, we will take immediate steps to delete that account and all associated data. If you believe a child under 14 has created an account, please contact us immediately at carlosmdalbusinessman@gmail.com.
10. COOKIES AND WEBSITE TRACKING
10.1 The App
The ION App does not use cookies, tracking pixels, or any third-party analytics or advertising SDKs.
10.2 The Website
The website at https://getion.app does not use first-party analytics scripts, tracking pixels, or advertising cookies.
Technical cookies may be set by our hosting infrastructure (e.g., Cloudflare) for security and performance purposes. These are strictly necessary cookies and do not require consent under Article 5(3) of the ePrivacy Directive.
11. YOUR RIGHTS UNDER GDPR
11.1 Your Rights
As a data subject under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Right of Access (Art. 15) | You may request a copy of all personal data we hold about you |
| Right to Rectification (Art. 16) | You may request that we correct any inaccurate or incomplete personal data |
| Right to Erasure (Art. 17) | You may request deletion of your personal data; you can also delete your account directly within the App |
| Right to Restriction (Art. 18) | You may request that we restrict processing of your data in certain circumstances |
| Right to Data Portability (Art. 20) | You may request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) |
| Right to Object (Art. 21) | You may object to processing based on legitimate interests |
| Right to Withdraw Consent (Art. 7(3)) | Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing |
| Right Not to Be Subject to Automated Decision-Making (Art. 22) | See Section 11.3 below |
11.2 How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
📧 carlosmdalbusinessman@gmail.com
We will verify your identity before processing your request. We will respond to your request within 30 days of receipt, as required by GDPR Article 12(3). If the request is complex or we receive a large number of requests, we may extend this period by a further 60 days, in which case we will inform you of the extension within the initial 30-day period.
Data portability requests will be fulfilled by manual export from our database in JSON or CSV format.
11.3 Automated Decision-Making
The App does not make any decisions based solely on automated processing that produce legal effects or similarly significant effects on you. The AI Coach provides informational responses only and does not make decisions on your behalf. Sleep recommendations generated during onboarding are suggestions only and have no binding or consequential effect.
11.4 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For users in Spain, the competent authority is:
Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan, 6 28001 Madrid, Spain 🌐 https://www.aepd.es
If you reside in another EU/EEA member state, you may lodge a complaint with your local data protection authority.
12. PUSH NOTIFICATIONS
12.1 How Notifications Work
The App uses local on-device notifications (via iOS UNUserNotificationCenter) to deliver scheduled workout reminders. Notifications are scheduled and triggered entirely on your device.
12.2 No Remote Push Infrastructure
We do not operate a remote push notification service. No push notification tokens are transmitted to or stored on our servers.
12.3 Managing Notifications
You can enable or disable notifications at any time through:
- (a) The App's notification settings
- (b) Your device's iOS Settings → Notifications → ION
13. CONTACT INFORMATION
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
Carlos Martín de Argila Data Controller Madrid, Spain 📧 carlosmdalbusinessman@gmail.com
We aim to respond to all inquiries within 72 hours and to formal GDPR requests within 30 days.
14. CHANGES TO THIS PRIVACY POLICY
14.1 Right to Update
We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you via a prominent in-app notification before the changes take effect.
14.2 Effective Date
The updated Privacy Policy becomes effective on the date indicated in the "Last Updated" line at the top of this document. Your continued use of the App after the effective date constitutes your acknowledgment of the updated Privacy Policy.
14.3 Previous Versions
We will maintain a record of previous versions of this Privacy Policy. You may request a copy of any previous version by contacting us.
15. SUPPLEMENTARY INFORMATION
15.1 Legal Basis Summary Table
For ease of reference, the following table summarizes all processing activities, their purposes, and applicable legal bases:
| # | Processing Activity | Legal Basis |
|---|---|---|
| 1 | Account registration and authentication | Art. 6(1)(b) — Contract |
| 2 | Onboarding data collection (fitness goals, units, sleep preferences) | Art. 6(1)(b) — Contract |
| 3 | Pregnancy status collection (sleep onboarding) | Art. 9(2)(a) — Explicit consent |
| 4 | Workout, exercise, and routine tracking | Art. 6(1)(b) — Contract |
| 5 | Nutrition and food photo logging | Art. 6(1)(b) — Contract |
| 6 | Reading HealthKit data (heart rate, sleep) | Art. 6(1)(a) — Consent (HealthKit permission) |
| 7 | AI Coach — sending workout context to LLM provider | Art. 6(1)(b) — Contract |
| 8 | AI Coach — storing conversation history | Art. 6(1)(b) — Contract |
| 9 | Subscription management (via RevenueCat / Apple) | Art. 6(1)(b) — Contract |
| 10 | Transactional emails (via Resend) | Art. 6(1)(b) — Contract |
| 11 | Local push notifications (workout reminders) | Art. 6(1)(a) — Consent (notification permission) |
| 12 | Infrastructure logging (IP addresses, request metadata) | Art. 6(1)(f) — Legitimate interest (security) |
| 13 | Legal acceptance record keeping | Art. 6(1)(c) — Legal obligation |
| 14 | Enforcing Terms of Service / abuse prevention | Art. 6(1)(f) — Legitimate interest |
| 15 | Responding to GDPR / legal requests | Art. 6(1)(c) — Legal obligation |