Privacy Policy

Last updated: July 1, 2026

Overview

Ferrum is operated by ZoalTech Limited, an Irish company ("Ferrum", "ZoalTech", "we", "our", "us"). ZoalTech Limited is the data controller for personal data processed through the Service. We provide a fitness platform that lets independent fitness coaches and creators publish workout programs to their audiences through our mobile app and coach portal. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to the Ferrum mobile app, the Ferrum coach portal at cp.ferrumapp.com, and our marketing site at ferrumapp.com.

Some Ferrum apps are distributed under a coach's own brand. Even when the app appears white-labeled, the underlying service is operated by Ferrum and this policy applies.

Information We Collect

Information You Provide

  • Account information: email address, display name, profile photo, preferred language (English or Arabic), and authentication identifiers from Apple Sign-In, Google Sign-In, or our magic-link email sign-in.
  • Preferences: notification settings, workout reminder time, dark/light mode.
  • Coach profile data (if you register as a coach): your name, display name, tagline, biography, profile photo, social links, and content you upload (programs, workouts, exercises, videos, thumbnails). Coaches may provide both English and Arabic versions of these fields.
  • Coach applications: if you apply to become a coach through our marketing site (the "Get started" form), we collect the name, email address, and any other details you submit so we can evaluate and follow up on your application, even before an account exists.
  • Referral information: if you arrive through a coach's invite link, we record which coach referred you (and, for invites sent by email, the email address the invite was addressed to) so we can connect your account to that coach.
  • Support requests: messages you send to us by email or through our contact form.

Information Generated by Your Use of the App

  • Workout activity: completed workouts, completion timestamps, program progress, and aggregate stats (total workouts, total minutes, current streak, longest streak, last workout date).
  • Subscription status: whether you have an active subscription, the purchase channel (Apple App Store, Google Play, or Stripe — whether you pay on the web or directly inside the app), and a Stripe customer identifier when applicable. We do not store full payment-card details — those are handled by Apple, Google, or Stripe directly.
  • In-app messages: we keep track of which in-app announcements ("broadcasts") you have read so we don't show the same message twice. Broadcasts may include product updates, service alerts, and promotional offers.
  • Acceptance records: the version of these Terms and Privacy Policy you accepted, and the time of acceptance.

Diagnostic Information

  • Crash reports and performance traces collected by Sentry, which include the device model, operating system version, app version, your account identifier, email, and display name. This helps us diagnose problems and improve reliability.
  • Server logs from our backend, which may include your account identifier and the API endpoints you call.
  • Anonymous website usage events recorded when you interact with certain pages on ferrumapp.com — for example, viewing a coach's invite page or submitting the coach application form. Each event records the event type, the coach's public identifier where relevant, the URL you navigated from (referrer), your browser type (user agent), and a timestamp. No cookies are set, no account or email address is associated, and the data is not linked to your identity. We use this to measure how referral links and application forms perform.

We do not collect data from Apple HealthKit or Google Fit, and we do not use third-party advertising or behavioral analytics SDKs (no Google Analytics, no Mixpanel, no Facebook Pixel, no PostHog).

Mobile Permissions

  • Notifications: used to deliver local rest-timer alerts during workouts. You can disable notifications in your device settings at any time.
  • Camera (optional): when you pay for a subscription with a card inside the app, you can choose to scan your payment card with the camera instead of typing the number. The scan is handled on-device by our payment processor (Stripe); we do not receive, store, or transmit camera images. You can always type your card details manually instead.
  • Microphone (Android only, declared but unused): the Android system declares the RECORD_AUDIO permission for compatibility with audio playback libraries. We do not record, store, or transmit any audio.

We do not request access to your photo library, contacts, or location.

Cookies and Similar Technologies

Our marketing site at ferrumapp.com uses only essential cookies needed for the site to function and to remember your language preference. We do not use advertising or analytics cookies. We do collect anonymous, cookieless usage events on our servers when you interact with certain website features (see Diagnostic Information above); because no cookies are set and no personal identifier is stored, these events do not require a cookie-consent banner. The mobile app uses on-device local storage (rather than cookies) to keep you signed in and to remember your preferences.

How We Use Your Information

  • To create and authenticate your account and keep you signed in.
  • To deliver workout programs, track your progress, and personalize your experience.
  • To process subscription purchases and renewals.
  • To send transactional emails such as magic-link sign-in messages.
  • To deliver in-app announcements, including product updates, service alerts, and promotional offers.
  • To connect your account to the coach who referred you and to evaluate coach applications.
  • To trigger local rest-timer notifications during a workout.
  • To measure how our referral links and application forms perform (using anonymous, cookieless usage events).
  • To diagnose crashes, fix bugs, and improve performance.
  • To enforce our Terms of Service and protect against fraud or abuse.
  • To comply with legal obligations.

How We Share Information

With Coaches

If you subscribe to a coach's programs, the coach can see aggregated activity metrics about their subscribers (such as total active users and weekly completions) through the coach portal. Coaches do not see individually identified workout activity, your email, or your contact information through these aggregate dashboards.

With Service Providers

We rely on the following processors to operate the service. Each processes only the data needed for their specific function and is bound by their own privacy commitments:

Provider Purpose Data shared
Google Firebase (Auth, Firestore, Cloud Functions) Authentication, database, server-side logic Account, preferences, workout history, coach content
Cloudflare R2 Storage and delivery of videos, images, profile photos Media files uploaded by coaches and users
Stripe Web subscription payments and coach payouts Email, name, payment-card details (handled by Stripe), Stripe customer ID
RevenueCat In-app purchase management on iOS and Android App Store / Play Store purchase identifiers and entitlement status
Apple App Store / Google Play In-app purchase processing Payment information governed by Apple's and Google's policies
Resend Sending transactional email (sign-in links) Email address and message content
Sentry Crash reporting and performance monitoring Device/OS info, account identifier, email, display name, error context

Legal and Safety

We may share information when we believe in good faith that it is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce our Terms, prevent fraud, or protect the rights, property, or safety of Ferrum, our users, or others.

Business Transfers

If Ferrum is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide choices where required by law.

We Do Not Sell Your Personal Information

We do not sell or rent your personal information, and we do not share it with advertising networks for cross-context behavioral advertising.

Account Access by Ferrum Staff

Authorized Ferrum administrators may temporarily impersonate a coach account to provide support or troubleshoot issues. When this happens, the coach portal displays an impersonation banner and the action is logged. Administrators cannot impersonate other administrators.

Legal Basis (EEA / UK Users)

If you are in the European Economic Area, the United Kingdom, or another region with equivalent data-protection laws, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

  • Performance of a contract — to provide the Service you signed up for, including authentication, delivering programs, and tracking your progress.
  • Legitimate interests — to keep the Service secure, prevent fraud and abuse, diagnose crashes, and improve the product. We balance these interests against your rights.
  • Consent — for any processing that requires it (you can withdraw consent at any time).
  • Legal obligations — to comply with tax, accounting, and other applicable laws.

International Data Transfers

We are based in Ireland and personal data is processed within the European Economic Area where possible. Several of our service providers (Google, Stripe, Sentry, RevenueCat, Resend, Cloudflare) process data in the United States and other regions. When data is transferred outside the EEA or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or, for U.S. providers, certification under the EU–U.S. Data Privacy Framework where available.

Data Retention

  • Account, profile, and workout-history data are retained for as long as your account is active.
  • When you delete your account, we delete or anonymize your personal data within 30 days, except where we must keep it to comply with legal, tax, or accounting obligations (typically up to 7 years for payment records).
  • Crash reports and server logs are typically retained for up to 90 days.

Your Rights

Depending on where you live, you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@ferrumapp.com. We will respond within the timeframe required by applicable law. EEA and UK users have the right to lodge a complaint with their local supervisory authority — in Ireland, this is the Data Protection Commission (www.dataprotection.ie).

Security

We use industry-standard safeguards to protect your information, including TLS encryption for data in transit, encrypted-at-rest storage in Google Firebase and Cloudflare R2, signed URLs with limited validity for video access, and strict access controls for our staff. No system can be guaranteed completely secure, but we work hard to protect your data and will notify you in the event of a breach involving your personal information as required by law.

Children's Privacy

Ferrum is not directed to children under 13 (or under 16 in the European Economic Area and the United Kingdom). We do not knowingly collect personal information from children below these ages. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date and, where appropriate, notify you in the app or by email. Your continued use of Ferrum after the update means you accept the revised policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

ZoalTech Limited

Registered in Ireland

support@ferrumapp.com