Privacy Shield Policy

At IronCore Labs, we believe that everyone has a right to their privacy online. We are committed to collecting, using, and keeping only the bare minimum of personal data, and deleting personal data after it is no longer needed. We never sell personal data. If we are obligated to disclose personal data because of a court order or other legal instrument, we will comply with the law after exhausting legal options available to us.

IronCore Labs has certified that we adhere to the principles of the EU-US Privacy Shield and the Swiss-US Privacy Shield, the frameworks developed by the US Department of Commerce and the European Commission and Swiss Administration. These principles were set up to encourage responsible data collection and retention practices by companies based in the United States and doing business with people in the European Economic Area and Switzerland. If there is any disagreement between this privacy policy and your rights under the Privacy Shield principles, then the Privacy Shield principles govern. You can find out more about Privacy Shield by visiting

IronCore Labs is based in the United States, and the Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.

If you have questions about IronCore Labs’ privacy practices related to Privacy Shield, you can contact us at [email protected], or write us at:

IronCore Labs
Privacy Shield Inquiry
1750 30th Street #500
Boulder, CO 80301 USA

If you aren’t satisfied with how we have addressed your Privacy Shield concerns, you can refer your complaints to your local data protection authority, and we will work with them to resolve the issues that you raise. In some circumstances, the Privacy Shield framework gives you the right to invoke binding arbitration if your complaint can’t be resolved in any other way. You can find out more about how and when to invoke binding arbitration by visiting

Controller of Personal Data

When potential customers request that we send them information, they leave their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications, for example on social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately.

Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to delete it at [email protected]. Our customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at [email protected] to delete those conversations. Some of this data may be stored on third party platforms.

Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.

We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.

Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield

If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers

Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information

As IronCore Labs grows, we periodically place job postings for positions in the company. We receive resumés and job applications from people interested in joining us. Those resumés and applications are kept for up to a year after a position is filled so that we can, at our option, contact qualified applicants for new positions. We will, if requested at [email protected], delete a resumé and application from an applicant who no longer wishes to be contacted.

Our Human Resources department maintains personal information on all IronCore Labs employees. Because of US tax laws, we must retain this information. At the time that this Policy was first published, all employees of IronCore Labs are residents of the United States. We do not use information collected for employment purposes for any non-employment-related reasons.

Audit trail logs of customer users and files are stored for a length of time which is under customer control, either 30 days, one year, or unlimited, depending on customer tier.