Privacy Policy

1. Who we are

IRI is a coaching platform built for elite weightlifting coaches. The data controller under GDPR Art. 4(7) is the operator of this platform. Contact: privacy@iri.training.

2. What we collect

• Account: name, email, hashed password.
• Athlete profiles: name, date of birth, body weight, training history.
• Training data: sessions, sets, reps, weights, RPE, video uploads.
• Telemetry: AI proposal acceptance/modification rates, error logs.

3. AI processing

Plan and feedback drafts are generated by an AI provider (Anthropic, OpenAI, Google, or self-hosted Ollama, configurable per deployment). Data sent to these providers is anonymised: athlete names are reduced to initials, and only performance metrics required for the prompt are forwarded. No PII beyond initials is transmitted.

4. Your rights (GDPR Art. 15-22)

• Access — request a copy of your data via GET /api/user/export.
• Erasure — delete your account via DELETE /api/user.
• Rectification — edit profile data in Settings.
• Portability — exports are JSON.
• Object / restrict — email privacy@iri.training.

5. Retention

Active accounts retain training data indefinitely so season-over-season analytics work. Deleted accounts are purged within 30 days. Backup copies are rotated within 90 days.

6. Security

Passwords are bcrypt-hashed. Sessions are HTTP-only cookies. Transport is TLS 1.3. Vulnerability reports: /.well-known/security.txt.