Legal
Privacy policy
Last updated: April 24, 2026
This policy explains what information Ionworks Technologies Inc. (“Ionworks,” “we,” “us”) collects, how we use it, and the choices you have. It covers our marketing site at ionworks.com, the Ionworks app at app.ionworks.com, and the documentation site at docs.ionworks.com(collectively, the “Service”).
We are the data controller for personal data processed through the Service. For questions about this policy, email support@ionworks.com.
Information we collect
From visitors to ionworks.com
- Usage data — IP address, browser, device, referrer, pages visited, time on page. Collected by Google Analytics (only after consent in the EU/UK/EEA/Switzerland) and by Vercel Analytics (cookieless and aggregated).
- Company identification — we use Reb2b to associate visit IP addresses with publicly available company information (e.g. company name, industry, size). Used to inform B2B outreach.
- Information you submit — when you book a demo via Calendly or email us, we receive your name, email address, and any details you choose to share.
From users of the Ionworks app
- Account information — email address and password (stored hashed by our auth provider Supabase), organization membership, role, and account preferences.
- Customer-uploaded data — battery cycler files (parquet, CSV, MATLAB), cell specifications, measurement metadata, cycler protocols, experiment templates, simulation inputs and outputs, parameterization results, optimization runs, and any project notes you add.
- Usage data — page views, feature usage, and user identifiers, collected by PostHog for product analytics. PostHog is configured to track only signed-in users.
- Diagnostic data — stack traces, request metadata, and user identifiers captured by Sentry when errors occur. Application logs (Logfire) include request metadata such as IP address, user agent, and endpoint.
- AI inputs — when you use AI-assisted features (e.g. protocol planning, title generation), the prompts and inputs you submit are sent to one or more third-party large language model providers for processing. The providers we use may change over time; current providers are listed in the sub-processors table below.
- Billing information — if you subscribe to a paid plan, payment details are collected and processed directly by Stripe. We store only the customer ID and subscription status, not card numbers.
How we use information
- To provide, operate, and improve the Service.
- To run simulations, parameterizations, and other compute jobs you initiate, and to return the results to your account.
- To authenticate users and secure accounts.
- To respond to support requests, sales inquiries, and demo bookings.
- To monitor for errors, performance issues, and abuse.
- To send transactional messages (account verification, password reset, billing notices).
- To comply with legal obligations and enforce our agreements.
For users in the EU, UK, EEA, and Switzerland, our lawful bases are: performance of a contract (running the Service you signed up for), legitimate interests (security, product improvement, B2B outreach), consent (analytics and marketing cookies), and legal obligation.
Customer-uploaded data
Battery data and other content you upload to the app belong to you. We process this data solely to operate the Service for your organization.
The app is multi-tenant. Each row of customer data is associated with an organization, and database row-level security enforces that data is only readable by members of that organization.
Cookies and similar technologies
The marketing site at ionworks.com sets the following cookies:
cc-region— functional. Records whether your request originated from a region where consent is required (EU, EEA, UK, Switzerland) so we can show or skip the consent banner. Set on every page request.cc_cookie— functional. Records your consent preferences so the banner is not shown again._ga,_ga_*,_gid— Google Analytics. Only set if you accept analytics cookies.
Reb2b operates server-side from your IP address and does not set cookies in your browser. It performs company-level identification only (matching IP ranges to publicly available business records); it does not build individual user profiles. In the EU, EEA, UK, and Switzerland, Reb2b runs only when you accept marketing cookies. For visitors elsewhere, it runs automatically.
You can change your cookie choices at any time using the “Cookie preferences” link in the footer.
The Ionworks app uses Supabase JWT tokens for authentication rather than session cookies. PostHog may set first-party cookies for product analytics on signed-in users.
Sub-processors
We use the following third-party services to operate the Service. Each is bound by their own privacy commitments.
| Provider | Purpose | Data | Region |
|---|---|---|---|
| Vercel | Hosting for ionworks.com, Vercel Analytics, Speed Insights | Request metadata, IP address, page performance metrics | United States |
| Google Analytics 4 | Marketing site usage analytics (consent-gated) | Page views, IP, device, browser, referrer | United States |
| Reb2b | B2B visitor company identification on ionworks.com | IP address; matched to publicly available company data | United States |
| Calendly | Demo scheduling | Name, email, scheduling availability you submit | United States |
| Supabase | App authentication, database, file storage for customer-uploaded data | Account credentials, profile, uploaded files, app data | United States (us-east-1) |
| Porter | Kubernetes deployment and orchestration for the app backend | Application runtime data and logs | United States |
| Anyscale | Distributed compute (Ray) for simulations and parameterization | Compute job inputs and outputs derived from your data | United States |
| Sentry | Error monitoring for the app | Stack traces, request metadata, user ID | United States |
| Logfire (Pydantic) | Structured logging and observability for the app backend | Application logs, request metadata | United States |
| PostHog | In-app product analytics for signed-in users | User ID, email, page views, feature usage | United States |
| OpenAI | Large language model provider for AI-assisted features in the app | Prompts and inputs you submit to AI features | United States |
| Anthropic | Large language model provider for AI-assisted features in the app | Prompts and inputs you submit to AI features | United States |
| Stripe | Payment processing for paid subscriptions | Billing details, payment method (handled directly by Stripe) | United States |
How we share information
We do not sell personal data. We share information only in these cases:
- With sub-processors listed above, who process data on our behalf under contractual obligations.
- With your organization — other members of your organization in the app can see data and activity within shared projects.
- To comply with law — in response to valid legal process, or to protect the rights, property, or safety of Ionworks, our users, or others.
- In a business transfer — if Ionworks is involved in a merger, acquisition, or asset sale, personal data may be transferred. We will notify you before personal data becomes subject to a different privacy policy.
Data retention
For app customers, retention of customer-uploaded data and account information is governed by your Master Subscription and Services Agreement (MSA) or order form. We retain account data and Customer Content while your account is active. Upon account closure or termination, we delete Customer Content from production systems within 30 days (or as specified in your MSA), and backups are overwritten within an additional 90 days.
Marketing site analytics are retained for 14 months (Google Analytics) or according to provider defaults (Vercel Analytics, Reb2b). Reb2b visitor data is retained for up to 12 months.
Diagnostic and logging data (Sentry, Logfire) is retained for up to 90 days. PostHog product analytics data is retained for up to 24 months.
Security
We protect data with industry-standard measures: encryption in transit (TLS), encryption at rest for customer data in storage, role-based access controls, database row-level security, audit logging, and monitoring.
Ionworks maintains a SOC 2 Type 1 attestation. Our current security controls, attestation reports, and sub-processor list are available at our trust center: security.ionworks.com.
No system can guarantee absolute security. Please report suspected vulnerabilities to security@ionworks.com.
International data transfers
Ionworks operates from the United States, and our sub-processors process data primarily in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers from the EU, UK, and Switzerland.
Your rights
Depending on your location, you may have the right to access, correct, delete, port, restrict, or object to our processing of your personal data, and to withdraw consent. To exercise any of these rights, email legal@ionworks.com. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before responding.
EU, UK, EEA, Switzerland (GDPR / UK GDPR / FADP)
You have the rights listed above. You may also lodge a complaint with your local data protection authority. Our lawful bases are described under “How we use information”.
We do not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
California (CCPA / CPRA) and other US state privacy laws
California residents and residents of other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have the right to know what categories of personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell personal information for monetary value. The B2B company identification we perform via Reb2b may qualify as “sharing” under California law; you can opt out via the “Do Not Sell or Share My Personal Information” link in the footer or by emailing legal@ionworks.com.
Children
The Service is not intended for and is not directed at children under 18. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it.
Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes, we will provide additional notice (for example, by email or in-app banner) before the change takes effect.
Contact
Ionworks Technologies Inc.
5831 Forward Ave
Pittsburgh, PA 15217
United States
Email: support@ionworks.com