Privacy Policy

Latest Revision: 12/27/21

This policy explains what information we collect when you use Iron & Branch websites, services, mobile applications, products, and content (“Services”). It also has information about how we store, use, transfer, and delete that information. Our aim is not just to comply with privacy law. It’s to earn your trust.

Information We Collect & How We Use It

Iron & Branch doesn’t make money from ads, so we don’t collect data in order to advertise to you. The tracking we do is to make our product work as well as possible. This includes key features like personalizing what posts you see based on what we think you’ll like. So, to give you the best possible experience in using this website, we collect information from your interactions with our Services. Some of this information, you actively tell us (such as your email address, which we use to track your account or communicate with you). Other information, we collect based on actions you take while using this website, such as what pages you view (including how much of a given page and for how long) and your use of product features. This information includes records of those interactions, your Internet Protocol address, information about your device (such as device or browser type), and referral information (how you got to a particular page).

We use this information to:

provide, test, improve, promote and personalize the Services
fight spam and other forms of abuse
generate aggregate, non-identifying information about how people use the Services

When you create an account, and authenticate with a third-party service (like Twitter, Facebook, Apple or Google) we may collect, store, and periodically update information associated with that third-party account, such as your lists of friends or followers. We will never publish something through one of your third-party accounts without your express permission.

Information Disclosure

Iron & Branch won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you to a third-party.

We may transfer your account information with third parties in some circumstances, including: (1) with your consent; (2) to a service provider or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymization, or pseudonymization; (4) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process; (5) when we have a good faith belief that doing so will help prevent imminent harm to someone.

If we are going to share your information in response to legal process, we’ll give you notice so you can challenge it (for example by seeking court intervention), unless we’re prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about users of our services that we believe are improper.

Public Data

Search engines may index your Iron & Branch user profile page, public interactions (such as claps or highlights), and post pages, such that people may find these pages when searching against your name on services like Google, DuckDuckGo, or Bing. Users may also share links to your content on social media platforms such as Facebook or Twitter.

Data Storage

Iron & Branch uses third-party vendors and hosting partners for hardware, software, networking, storage, and related technology we need to run this website. We maintain two types of logs: server logs and event logs. By using the Services, you authorize us to transfer, store, and use your information in the United States and any other country where we operate.

Third-Party Embeds

Some of the content that you see displayed on this site is not hosted by Iron & Branch. These “embeds” are hosted by a third-party and embedded in our web page, so that it appears to be part of that page. For example: YouTube or Vimeo videos, Imgur or Giphy gifs, SoundCloud audio files, Twitter tweets, GitHub code snippets, or Scribd documents that appear within a blog post. These files send data to the hosted site just as if you were visiting that site directly (for example, when you load a blog post page with a YouTube video embedded in it, that video appears because of a pointer to files hosted by YouTube, and in turn YouTube receives data about your activity, such as your IP address and how much of the video you watch).

Iron & Branch doesn’t control what data third parties collect in cases like this, or what they ultimately do with it. So, third-party embeds on our site are not covered by this Privacy Policy. They are covered by the privacy policy of the third-party service (so, when you watch a YouTube video embedded in a blog post, the use of data about your interactions with the video would be covered by YouTube’s privacy policy).

Some embeds may ask you for personal information, such as submitting your email address, through a form linked to from a blog post. We do our best to keep bad actors off of this website. However, if you choose to submit your information to a third party this way, we don’t know what they may do with it. As explained above, their actions are not covered by this Privacy Policy. So, please be careful when you see embedded forms on Iron & Branch asking for your email address or any other personal information. Make sure you understand who you are submitting your information to and what they say they plan to do with it. We suggest that you do not submit your email address or other personal information to any third-party through an embedded form.

When posting on our website, you may not embed a form that allows submission of personal information by users. You must link offsite to a page that allows such submissions by users, and that page’s appearance must be distinct enough from Iron & Branch to ensure it does not cause confusion among users over to whom they are submitting personal information. Failure to do so may lead us to disable the post or take other action to limit or disable your account.

Tracking & Cookies

We use browser cookies and similar technologies to recognize you when you return to our Services. We use them in various ways, for example to log you in, remember your preferences (such as default language), evaluate email effectiveness, allow our paywall and meter to function, and personalize content and other services. Without cookies, our metered paywall would not work, so they are necessary to this website’s basic functionality.

We do not track your visits or activities off of our website. We track your interactions within the Iron & Branch Services (which encompasses ironandbranch.com and custom domains hosted by Iron & Branch).

Some third-party services that we use to provide the Service, such as Google Analytics, may place their own cookies in your browser. This Privacy Policy covers use of cookies by this website only and not the use of cookies by third parties.

Modifying or Deleting Your Personal Information

If you have an Iron & Branch account, you can access, modify or export your personal information, or delete your account here.

To protect information from accidental or malicious destruction, we may maintain residual copies for a brief time period (generally several weeks). But, if you delete your account, your information and content will be unrecoverable after that time. Iron & Branch may preserve and maintain copies of your information beyond this time period when required to do so by law.

Data Security

We use encryption (HTTPS/TLS) to protect data transmitted to and from our site. However, no data transmission over the Internet is 100% secure, so we can’t guarantee security. You use the Service at your own risk, and you’re responsible for taking reasonable measures to secure your account.

Business Transfers

If we’re involved in a merger, acquisition, bankruptcy, reorganization or sale of assets such that your information would be transferred or become subject to a different privacy policy, we’ll notify you in advance so you can opt out of any such new policy by deleting your account before transfer.

Email from Iron & Branch

Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “transactional” email (unless you delete your account). But, you can opt out of non-administrative emails such as digests, newsletters, and activity notifications through your account page.

When you interact with an email sent from Iron & Branch (such as opening an email or clicking on a particular link in an email), we may receive information about that interaction.

We will NEVER email you to ask for your password or other account information. If you receive such an email, please forward it to us at [email protected] so we can investigate.

Changes to This Policy

We may periodically update this Policy. We’ll notify you about significant changes to it. The most current version of the policy will always be here.

Data Protection Statement for European Union Users

Description of Processing Activity

Iron & Branch collects and stores personal information about its users to customize their experience and enable personalized distribution of content. It shares minimal data with its service providers.

Purposes of Processing

Provide, test, promote, and improve the Services
Gather usage statistics of services
Provide customized reading experience
Publish and distribute user-generated content
Provide access to paid content
Pay authors in Partnership Program for certain content
Fight spam, fraud, and other abuse of services

Public Nature of Personal Data

Logged-in users may choose to interact publicly with the Services in the form of sharing links on connected social media accounts, or writing original comments or reviews. Where such personal data may reveal special category protected data, it is processed on the basis that it is manifestly made public by the user. Additional information on potential consequences of such processing can be found below. If you do not agree to this public usage, do not create an account or use these features of the Services.

Search engines may index your Iron & Branch user profile page, public interactions (such as blog comments), and post pages. Users may also share links to your content on social media platforms such as Facebook or Twitter.

Categories of Personal Data Collected

Logged out users:

IP address
Browser information
DNT status

Logged in users:

Username
Display name
Bio
Avatar image
Email address (non-public)
Session activity (security)
Linked social media accounts (optional)
IP address
Browser information
Posts, responses, or series published by user

Members:

Billing information and history
Bank account for payments
Business information, if applicable

Categories of Recipients

Iron & Branch shares minimal personal data with third-party processors in order to provide the Services. These processors offer at least the same level of data protection as that set out in this statement. This includes the following categories of recipients:

Hosting, Storage, & Other Infrastructure
Security
Analytics
Communication & Support
Payment Processors

Payment Processors

Iron & Branch provides Services in conjunction with several payment processors, including: Square, PayPal, Google Play, and Apple Pay, through which users may pay for Iron & Branch products. Those companies acting as payment processors may collect and store personal data related to your billing information and history in order to provide their services, and may collect and store personal data and business data to prevent fraud and other abuse.

When you delete your Iron & Branch account, we delete your personal data as explained in this policy. However, to delete your payment or billing information, you will need to do so with your payment provider, as Iron & Branch only has minimal secure access to those records as needed to provide the Services.

Use of Algorithms to Personalize User Experience

Iron & Branch collects and stores personal data about its users to customize their experience by displaying content tailored to the preferences and interests indicated by the users (including through their reading history and Services interactions). This does not constitute automated decision-making as that phrase is used in the GDPR because it does not produce any legal effects or similarly significant effects for users. Iron & Branch also moderates content for the purposes of fighting and preventing spam, fraud, and other forms of abuse, and may rely on algorithms as part of doing so.

Cross-Border Transfers

Iron & Branch is hosted in the United States. By using the Services, you authorize us to transfer, store, and use your information in the United States and any other country where we operate. Where your data is disclosed to our processors, it is subject by contract to at least the same level of data protection as that set out in this statement.

Consumer Privacy for California Users

If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information,” as described in the CCPA).

This section provides additional privacy disclosures and informs you of key additional rights as a California resident:

Right to Know Request

Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:

Categories of and specific pieces of personal information we have collected about you.
Categories of sources from which we collect personal information.
Purposes for collecting, using, or selling personal information.
Categories of third parties with which we share personal information.
Categories of personal information disclosed about you for a business purpose.
If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.

To make a verifiable request for information about the personal information we have collected about you, please email us at [email protected].

Right to Delete Request

Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions. You may exercise your right to delete if you have an Iron & Branch account by going to your account page and clicking on ‘Delete account.’

Household Requests

We do not knowingly collect household data. If all the members of a household makes a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.

General Requests Under CCPA

If you do not have an Iron & Branch account, we will not have enough information about you to verify your Right to Know and Right to Delete requests since we do not keep sufficient information to reidentify and link you to a prior visit to this website. You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA.

Requests Made Through Agents

You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

Disclosures of Personal Information for a Business Purpose

In the last 12 months, Iron & Branch has disclosed certain data from the following categories of personal information to the categories of recipients listed above in the ‘Categories of Recipients’ for one or more business purposes: