Privacy Policy
Saavu is a wellness app for sauna and cold plunge sessions. We collect the minimum amount of data we need to make the app work, and we never sell or share your health data. This policy explains exactly what we collect, how we use it, and what rights you have.
Contents
- Who we are
- Data we collect
- How we use your data
- What we never do
- Apple HealthKit
- Third-party wearables
- Legal basis (GDPR)
- Who we share data with
- Data retention
- Security
- International transfers
- Your rights
- California (CCPA/CPRA)
- Children
- Push notifications
- Cookies & local storage
- Changes to this policy
- Contact
1. Who we are
Saavu ("Saavu", "we", "our", "us") is the data controller for personal data processed through the Saavu mobile app (iOS, watchOS, Wear OS) and the saavu.app website. You can reach our privacy team at privacy@saavu.app.
2. Data we collect
Account data
- Email address, display name, and authentication credentials (managed by Supabase Auth).
- Authentication identifier from Sign in with Apple or Sign in with Google, if you choose those methods. Apple may issue a private relay email; we treat that as your real email for account purposes only.
Health and fitness data
Read from Apple HealthKit (iOS) or Google Health Connect (Android) only with your explicit per-category permission:
- Heart rate (during and around sauna / cold plunge sessions)
- Heart rate variability (HRV SDNN, measured before and after a session)
- Resting heart rate, for baseline comparison
- Wrist temperature (sleeping wrist temperature on supported Apple Watch models) for overnight recovery insight
- Sleep stages and total sleep duration, used to correlate with sauna performance
- Active energy, basal energy, body mass (optional, used for sweat-loss estimates)
Saavu also writes a single workout sample per session to HealthKit so the session counts toward your Activity rings.
Session data
- Start/end timestamps, duration, number of rounds, phase timings (sauna / cold plunge / rest)
- Optional venue check-ins (which sauna venue you visited)
- Optional pre- and post-session mood selection
- Optional free-text reflection notes
- Recorded heart-rate samples and computed peak / average HR for each round
Location data
If you grant location permission, we use your approximate location (city level or coarser) only to find sauna venues near you. We do not track location in the background and we do not store your precise coordinates after the lookup is complete.
Device and diagnostics data
- Device model, OS version, app version, locale and timezone
- Crash reports and performance traces via Sentry, with personal identifiers (email, JWT, bearer tokens) stripped before they leave your device
Payment data
Subscriptions are processed entirely by Apple (App Store) or Google (Play Billing). We never see your card details. We only receive the subscription status (active / lapsed / canceled) and a tokenised transaction identifier.
3. How we use your data
- To run a sauna or cold plunge session and show your live heart rate during it
- To compute your weekly wellness score, HRV trend, and AI-generated weekly reflection
- To show sauna venues near you, on request
- To send the notifications you opt into (session reminders, streak alerts, weekly summary, nearby nudge, hydration reminder)
- To diagnose crashes and improve reliability (Sentry, with PII stripped)
- To process and renew your subscription via Apple / Google
- To comply with our legal obligations (e.g. responding to lawful requests)
We never
· Sell your personal data to anyone, ever.
· Use your HealthKit data, or any other health data, for advertising or marketing.
· Share individual health data with third parties for any purpose other than the cloud storage we describe below.
· Use your data for medical diagnosis or treatment.
· Run third-party advertising trackers or behavioural advertising SDKs.
4. Apple HealthKit compliance
Saavu uses Apple HealthKit strictly to provide the wellness features described above. In accordance with Apple's App Store Review Guideline 5.1.1(v):
- We do not use HealthKit data, or data derived from HealthKit data, for advertising or similar services.
- We do not disclose HealthKit data to any third party for advertising or data-brokerage purposes.
- We do not sell HealthKit data, or data derived from HealthKit data, to any third party.
- We do not use HealthKit data for any purpose other than providing health, fitness, or research features within Saavu.
HealthKit data is read on-device. Some derived metrics (peak HR per session, HRV per session, etc.) are uploaded to our servers so your sessions sync across devices and feed your wellness score. You can revoke any HealthKit category at any time via iOS Settings → Privacy & Security → Health → Saavu. We will not retain HealthKit data on our servers after you delete your account.
5. Third-party wearables (Whoop, Oura, Garmin, Polar)
If you choose to connect a Whoop, Oura, Garmin, or Polar account, we use the OAuth flow published by that provider. We only request the read-only scopes we need (recovery, HRV, sleep, heart rate). Your credentials for those providers are never sent to Saavu. The provider sends us an access token that we store encrypted at rest.
You can revoke a wearable connection any time inside the app (Settings → Wearables) or directly from the provider's account settings. Disconnecting stops new data syncing immediately; historical sessions that have already been imported remain in your Saavu history.
6. Legal basis for processing (GDPR / UK GDPR)
| What | Lawful basis |
|---|---|
| Running your account & sessions | Performance of contract |
| Health data | Explicit consent (Art. 9(2)(a)) |
| Location lookup | Explicit consent |
| Diagnostics & crash reports | Legitimate interest (app reliability) |
| Subscription billing | Performance of contract |
| Marketing emails (opt-in only) | Consent, withdrawable any time |
7. Who we share data with
We use a small number of trusted processors to run Saavu. Each is bound by a written data-processing agreement.
| Processor | Purpose | Region |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Frankfurt) |
| Sentry | Crash reports & performance traces (PII-stripped) | EU |
| Apple App Store / Google Play | App distribution & subscription billing | Global |
| Whoop / Oura / Garmin / Polar | Third-party wearable sync, only if you connect | Provider-dependent |
We do not share, sell, rent, or barter personal data with any other party. We may disclose data if compelled by a valid legal process (warrant, subpoena, court order); we will challenge overbroad requests and notify you where lawful.
8. Data retention
- Active accounts: retained while the account is open.
- Deleted accounts: immediate soft-delete; hard-delete (including all session data, HealthKit-derived data on our servers, and wearable tokens) within 30 days.
- Crash reports: 90 days, then auto-purged by Sentry.
- Server logs: 30 days, IP addresses truncated after 7 days.
- Backups: rolling 30-day backups, then permanently deleted.
9. Security
- All transit is TLS 1.2+ (HTTPS).
- Databases are encrypted at rest (AES-256).
- Row-level security at the database level. Users can only access their own rows.
- Passwords are hashed with bcrypt; we never store them in plaintext.
- Authentication uses short-lived JWTs and refresh tokens; tokens can be revoked from any device.
- Wearable OAuth tokens are encrypted at rest.
- OAuth state tokens are HMAC-SHA256 signed to prevent CSRF.
10. International data transfers
Saavu's primary data centre is in the European Union (Frankfurt). Some processors (Apple, Google, Sentry) may transfer limited data outside the EU/UK. Where they do, we rely on European Commission adequacy decisions, the EU-US Data Privacy Framework, or Standard Contractual Clauses approved by the European Commission.
11. Your rights
Under GDPR, UK GDPR, and equivalent laws you have the right to:
- Access: see what we hold (Settings → Export Data, in-app).
- Portability: receive your data in a machine-readable JSON file.
- Rectification: correct anything inaccurate.
- Erasure: delete your account (Settings → Account → Delete Account). Soft-delete is instant; hard-delete is within 30 days.
- Restriction: ask us to pause processing while a dispute is resolved.
- Objection: object to legitimate-interest processing.
- Withdraw consent: at any time, with no impact on lawful processing before withdrawal.
- Complain: to your local data protection authority (e.g. the UK ICO, or the supervisory authority where you live).
Email privacy@saavu.app to exercise any of these rights. We aim to respond within 30 days.
12. California Privacy Rights (CCPA / CPRA)
If you live in California you have the right to know what categories of personal information we collect, to delete it, to correct it, and to opt out of "sale" or "sharing" for cross-context behavioural advertising. We do not sell or share personal information for cross-context behavioural advertising. There is no "Do Not Sell or Share My Personal Information" link because there is nothing to opt out of. You may still exercise your access, deletion, and correction rights as described above. You will not be discriminated against for exercising any privacy right.
13. Children
Saavu is rated 17+ on the App Store because heat exposure and cold immersion carry adult-level health considerations. Saavu is not directed at children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@saavu.app and we will delete it.
14. Push notifications
Push notifications are off by default. You can enable any of the eight notification categories individually (session reminders, streak alerts, weekly summary, nearby nudge, hydration, and three others) in Settings → Notifications. Disable any at any time, in the app or via your phone's system Settings.
15. Cookies and on-device storage
The Saavu app stores configuration, your recent session cache, and authentication tokens on your device using MMKV (a fast key-value store) and iOS Keychain / Android Keystore for secrets. saavu.app uses a single first-party session cookie when you submit the early-access form. We do not run third-party advertising or analytics cookies on the website.
16. Changes to this policy
We will post any material change here and update the "Last updated" date. If a change is substantive, for example a new category of data, we will notify you in the app before the change takes effect.
17. Contact
Privacy: privacy@saavu.app
General: hello@saavu.app
Postal: Saavu, care of the contact email above. We will provide a full postal address on written request.