Privacy Policy
Effective Date: September 21, 2025
1. Introduction
Ironsmith.io ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, websites, and products.
This policy applies to all Ironsmith.io products and services, including but not limited to our software solutions, web applications, and professional services. Product-specific privacy practices are detailed in Section 11.
By using any Ironsmith.io service, you consent to the data practices described in this policy.
2.1 Information You Provide Directly
- Account Information: Name, email address, and authentication credentials
- Profile Information: Preferences, settings, and customization options
- Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
- Communications: Feedback, support requests, and correspondence
- User Content: Data you create, upload, or share through our services
2.2 Information Collected Automatically
- Usage Data: Features accessed, actions taken, and interaction patterns
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP addresses, access times, pages viewed, and referring URLs
- Authentication Tokens: Secure session tokens for maintaining login state
2.3 Information from Third Parties
- OAuth Providers: Basic profile information when you authenticate via third-party services
- Payment Processors: Transaction confirmations and subscription status from Stripe
We use collected information for the following purposes:
- Service Delivery: Provide, maintain, and improve our products and services
- Account Management: Authenticate users, manage subscriptions, and provide customer support
- Communication: Send service updates, security alerts, and respond to inquiries
- Personalization: Customize user experience based on preferences and usage patterns
- Security: Detect, prevent, and address fraud, abuse, and security issues
- Analytics: Understand usage trends and improve service performance
- Legal Compliance: Meet legal obligations and enforce our terms of service
- Product Development: Develop new features and services
We do not sell, rent, or trade your personal information to third parties.
We may share your information only in the following circumstances:
4.1 Service Providers
We work with trusted third-party services that help us operate our business:
- Amazon Web Services (AWS): Cloud infrastructure and data storage
- AWS Cognito: Authentication and user management
- Stripe: Payment processing and subscription management
- CloudFront: Content delivery network for performance
4.2 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
4.3 Business Transfers
If Ironsmith.io is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.4 Consent
We may share your information with your explicit consent for specific purposes.
5. Data Security and Storage
5.1 Security Measures
- Encryption: TLS/SSL for data in transit, AES-256 for data at rest
- Access Controls: Role-based access controls and authentication requirements
- Infrastructure: Secure AWS infrastructure with regular security updates
- Monitoring: Continuous monitoring for security threats and anomalies
- Compliance: Adherence to industry security standards and best practices
5.2 Data Location
Your data is primarily stored on AWS servers located in the United States. We use CloudFront CDN for global content delivery, which may temporarily cache non-sensitive data in various geographic locations.
6. Data Retention
- Active Accounts: We retain your information for as long as your account is active
- Post-Termination: Personal data is deleted within 90 days after account closure
- Legal Requirements: Some data may be retained longer if required by law
- Aggregated Data: De-identified aggregate data may be retained indefinitely
- Backups: Backup copies may persist for up to 180 days
7. Your Rights and Choices
7.1 Access and Control
- Access: Request a copy of your personal information
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request limitation of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
7.2 California Privacy Rights (CCPA)
California residents have additional rights including:
- Right to know about personal information collected, used, and disclosed
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
7.3 European Privacy Rights (GDPR)
EU/EEA residents have rights under GDPR including:
- Right to be informed about data processing
- Right of access to personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to provide and improve our services. For comprehensive information about our cookie usage, please refer to our Cookie Policy.
8.1 Summary of Cookie Usage
We use the following categories of cookies:
- Essential Cookies: Required for authentication and core functionality
- Functional Cookies: Remember your preferences and settings
- Performance Cookies: Help us understand how our services are used
8.2 Third-Party Services
Third-party services we use may set their own cookies:
- AWS Cognito: Authentication cookies
- Stripe: Payment processing cookies
- CloudFront: Performance optimization cookies
8.3 Cookie Management
You can control cookies through your browser settings or through your account preferences. For detailed instructions on managing cookies, please see our Cookie Policy. Note that disabling essential cookies may prevent you from using our services.
9. International Data Transfers
If you access our services from outside the United States:
- Your information will be transferred to and processed in the United States
- The U.S. may have different data protection laws than your jurisdiction
- By using our services, you consent to this transfer
- We implement appropriate safeguards for international transfers as required by applicable law
10. Children's Privacy
Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
11. Product-Specific Privacy Practices
11.1 Flavor Forge
Flavor Forge is our AI-powered recipe generation and ingredient management application. In addition to the general practices above:
Additional Information Collected:
- Recipe Data: Recipes you create, save, modify, and share
- Ingredient Lists: Ingredient inventories and shopping lists
- Dietary Preferences: Custom cooking instructions and dietary restrictions
- AI Interactions: Prompts and preferences for recipe generation
- Shared Content: Recipe sharing preferences and recipient information
Specific Uses:
- Generate personalized AI-powered recipes based on your preferences
- Manage and organize your ingredient inventories
- Enable recipe sharing with designated recipients
- Track recipe generation credits and subscription usage
Data Export:
You can export your recipes in PDF format and ingredient lists in CSV format at any time through the application.
11.2 WISPShield
WISPShield helps CPA firms maintain compliance with information security regulations. Specific privacy practices for WISPShield users will be detailed here when applicable.
11.3 Future Products
As we introduce new products, product-specific privacy practices will be added to this section.
12. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process personal data based on:
- Contract: Processing necessary to provide our services under our agreement with you
- Legitimate Interests: Processing for business operations, security, and service improvement
- Consent: Where you have provided explicit consent for specific processing
- Legal Obligations: Processing required to comply with applicable laws
- Vital Interests: Processing necessary to protect vital interests (rare circumstances)
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page with an updated effective date
- Sending email notification to registered users for significant changes
- Providing notice through our applications
Your continued use after changes constitutes acceptance of the revised policy.