Privacy Policy
Last updated: June 4, 2026
1. Introduction
ION is a personal leadership development platform operated by KTW Digital Group, LLC ("we," "us," or "our"), based in Colorado, USA. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
ION is a personal coaching and productivity tool. It is not a licensed mental health service, therapy practice, or medical provider. The AI features in ION are designed for personal reflection and growth, not clinical treatment.
By creating an account or using ION, you agree to the collection and use of information as described in this policy.
2. Information We Collect
(a) Account Information
- Email address (required for account creation)
- Full name (required)
- Phone number (optional, for SMS reminders)
- Timezone (defaults to America/Denver)
(b) Self-Reported Content
You provide content directly when using ION. This includes daily entries (priorities, appreciations, wins, lessons), weekly plans and reviews, monthly missions and milestones, annual targets, identity statements, core values, beliefs, and roles vision text.
(c) Assessment Data
ION includes self-assessment tools. We store your responses to 80 assessment questions across four life domains (Mind, Body, Heart, Soul), your scores, AI-guided reflection transcripts, calibration question responses, and personality profile data inferred by our AI from your calibration answers.
(d) AI-Generated Data
Our AI system generates data based on your usage. This includes personalized insights (patterns, blindspots, reinforcements), extracted entities (people, themes, and places mentioned in your entries), energy scores derived from your behavioral data, and full conversation histories with the AI coaching feature.
(e) Notification Preferences
We store your reminder preferences, including preferred times, channels (email or SMS), and which reminders you have enabled or disabled.
(f) Automatically Collected Information
We collect standard server logs (IP address, browser type, timestamps) for security and debugging purposes. We also use Vercel Web Analytics to understand aggregate, privacy-respecting usage of the platform, such as page views and overall traffic. It does not use cookies, does not track you across other websites, and is not used for advertising. We do not sell or share your personal information with third parties for their own purposes.
(g) Sensitive Information
ION's Core 4 framework covers Soul (faith, prayer, and purpose) and Body (health, fitness, sleep, mood, and energy). Because of this, some of the content you choose to enter may reveal your religious or spiritual beliefs or information about your physical or mental wellbeing. Several US state privacy laws treat this as sensitive personal information. We collect it only because it is part of the personal-development content you choose to provide, we use it solely to operate ION and generate your insights and coaching, and we do not sell it, share it for advertising, or use it for any purpose other than providing the service to you. Providing this information is optional, and you can delete it at any time. See Section 8 for additional rights regarding consumer health data.
3. How We Use Your Data
We use your information to:
- Provide and operate the ION platform
- Generate personalized AI insights, coaching responses, and assessments
- Send reminders and notifications you have opted into
- Calculate scores, trends, and energy metrics from your behavioral data
- Improve the platform and fix issues
- Communicate with you about your account or service updates
We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4 below, where those third parties process data solely to provide the ION service.
SMS / Text Messaging
If you provide your phone number and opt in to SMS notifications, we use it solely to send the reminders and account notifications you have enabled in your Settings. We do not sell, rent, or share your phone number or SMS opt-in data with third parties for their own marketing purposes. SMS opt-in consent is never shared with any third party for marketing.
Message frequency varies based on the reminders and notifications you enable. Message and data rates may apply. You can opt out at any time by replying STOP to any message, or by disabling SMS in your Settings. Reply HELP for assistance, or contact support@ion.coach.
Phone number collection is optional. We do not collect phone numbers at registration; SMS is enabled only if you choose to add a number and turn on SMS notifications in your account Settings.
4. Third-Party Services
ION relies on the following third-party services to operate. Each service processes data only as needed to deliver its function.
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All account and content data |
| Vercel | Web hosting, deployment, and privacy-respecting usage analytics (no cookies) | Server requests, logs, anonymized usage data |
| Anthropic (Claude API) | AI features (insights, coaching, reflections) | Text content sent for AI processing |
| Resend | Email delivery | Email address, message content |
| Twilio | SMS delivery (carrier-required A2P 10DLC compliance) | Phone number, message content |
| Sentry | Error monitoring and diagnostics | Technical error and request context |
| Upstash (Redis) | Rate limiting to protect the service | IP address or account identifier, request counts |
| Google Workspace | Support email (inbound messages to support@ion.coach) | Email address and the content you send us |
AI processing disclosure: When you use AI features (coaching, insights, reflections), your text content is sent to Anthropic's Claude API for processing. Anthropic processes this data under their own API terms. As of this writing, Anthropic does not use API data for model training by default. We recommend reviewing Anthropic's policies for the most current information.
5. Data Storage and Security
Your data is stored on Supabase infrastructure in the United States. We implement the following security measures:
- Encryption in transit (TLS/HTTPS for all connections)
- Encryption at rest (AES-256 via Supabase PostgreSQL)
- Row-level security on all database tables (your data is isolated to your account)
- Rate limiting on all API endpoints
- Input sanitization on all AI requests to prevent prompt injection
- HMAC signature verification on all incoming webhooks
No system is perfectly secure. We take reasonable measures to protect your data, but cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you within 72 hours.
6. Your Rights
You have the following rights regarding your data:
- Access: You can view all your data within the app at any time.
- Export: You can download a complete copy of all your data in JSON format from the Settings page.
- Correction: You can edit any self-reported data (entries, targets, identity, values) directly in the app.
- Deletion: You can permanently delete your account and all associated data from the Settings page. Deletion is processed within 30 days.
- Objection: You can disable any notification channel or AI feature at any time.
To exercise any of these rights, use the controls in your Settings page or contact us at the email address below.
7. Your State Privacy Rights
Depending on where you live, state privacy laws (including in California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others) give you specific rights over your personal information. We extend the core of these rights to all ION users regardless of location.
Categories of information and how we handle it
- What we collect: the categories in Section 2 (account identifiers, the content you provide, assessment and AI-generated data, notification preferences, server logs, and the sensitive information in Section 2(g)).
- Sources: directly from you, and automatically from your use of the app (server logs).
- Why we use it: the purposes in Section 3, to provide ION and generate your insights and coaching.
- Who we disclose it to: only the service providers in Section 4, solely to operate ION. We do not sell or share it.
Your rights
- The right to know and access the personal information we hold about you
- The right to correct inaccurate information
- The right to delete your information
- The right to a portable copy of your information
- The right to opt out of the sale of your information, sharing for targeted advertising, and profiling with legal effects (we do none of these, so there is nothing to opt out of, but you may still tell us)
- The right to limit the use of your sensitive information (we already use it only to provide the service)
How to exercise your rights, and appeals
Use the controls in Settings to access, export, correct, or delete your data, or email us at support@ion.coach. We verify requests through your account login. You may use an authorized agent to submit a request; we may ask the agent for proof of authorization and ask you to verify your identity. If we deny your request, you may appeal by emailing support@ion.coach with "Appeal" in the subject line, and we will respond within the time your state law requires. You may also contact your state Attorney General.
No sale, no sharing, no targeted advertising
We do not sell your personal information, we do not share it for cross-context behavioral or targeted advertising, and we do not use it for advertising profiling. Because we do not sell or share personal information, there is no "Do Not Sell or Share My Personal Information" action you need to take, and we honor recognized opt-out preference signals such as Global Privacy Control to the extent they apply.
8. Consumer Health Data (Washington and Similar Laws)
Some information you enter in ION, such as Body-domain content about your physical or mental wellbeing, mood, and energy, may be "consumer health data" under Washington's My Health My Data Act and similar laws in Nevada and Connecticut. We do not sell consumer health data and do not share it for advertising. We maintain a separate Consumer Health Data Privacy Policy that describes what we collect, how we use and protect it, the consent we rely on, and how to exercise your rights, including withdrawing consent.
9. Data Retention
- Active accounts: Your data is retained for as long as your account is active.
- Deleted accounts: When you delete your account, all personal data is permanently removed from our databases within 30 days.
- Server logs: Standard server logs are retained for 90 days, then automatically purged.
10. Children's Privacy
ION is designed for adults. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected data from a minor, we will delete that data promptly. If you believe a minor has provided us with personal information, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice within the app at least 30 days before the changes take effect. Continued use of ION after the effective date constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions or requests, contact us at:
Email: support@ion.coach
We will respond to all privacy requests within 30 days.