App Privacy Policy

Saturday: Pro Fuel & Hydration App (by Saturday Inc.) — Last updated March 2026

Our Commitment to Your Privacy

Saturday Inc. ("Saturday," "we," "us," or "our") builds the Saturday: Pro Fuel & Hydration app to help athletes fuel and hydrate better. We collect personal data so we can improve the prescription of fuel and hydration recommendations to you as an individual user. Every piece of data we collect serves that purpose.

We do not sell your data. We do not serve ads. We do not share your data with advertisers. We do not collect advertising identifiers. We exist to help you perform better, and your data stays in service of that goal.

This Privacy Policy explains what we collect, why we collect it, who processes it on our behalf, and what rights you have. If you also use our website (saturday.fit), please see our Website Privacy Policy. If you are a Washington State resident or the app processes your health data, please also see our Health Data Privacy Policy.

Data Controller

Data Controller: Saturday Inc.
8 The Green, STE A, Dover, DE 19901
Contact person: Alex Harrison
Contact email: [email protected]

What We Collect and Why

We collect data to personalize your nutrition, fuel, and hydration recommendations. Here is a complete accounting of what we collect.

Identity & Account Data

We collect your email address, display name, Firebase UID, and authentication method (Google Sign-In, Apple Sign-In, or email/password) so we can create and secure your account, communicate with you, and sync your data across devices.

Health & Biometric Data

We collect health and biometric data so we can calculate personalized fuel, hydration, and electrolyte recommendations tailored to your body and activity level. This includes:

Body data: weight, sex, year of birth
Sweat profile: sweat level, saltiness
Fueling profile: eating disorder flag, weight loss preference, fitness level, satiety, cravings, carb intake range, usual carb consumption
Fueling concerns: gut distress, cramps, faintness, heat tolerance, hunger, thirst, drinking resistance, performance concerns
Sport-specific: swim PR (used for intensity estimation)

Activity Data

We collect data about your athletic activities so we can provide real-time and post-activity fueling analysis. This includes: activity type, duration, intensity, thermal stress, nutrition consumed during activity, notes, and ratings.

Device & Technical Data

We collect app version, operating system version, crash data, and analytics events so we can fix bugs, monitor app stability, and improve the experience for all users.

Location Data (Transient Only)

When you record an activity, we send your GPS coordinates to OpenWeatherMap to retrieve weather data for sweat rate calculations. Your location is used transiently for this API call and is not stored in our database.

Third-Party Sync Data

If you connect a third-party platform, we receive data from that service to provide integrated fueling recommendations:

TrainingPeaks: profile data (name, email, weight, sex, birth month) and workout data (user-initiated OAuth connection)
Intervals.icu: workout data (user-initiated OAuth connection)

What We Do NOT Collect

For clarity and transparency:

We do not collect or store credit card numbers (payments are handled entirely by Apple, Google, or Stripe)
We do not store your location in our database (GPS is used transiently for weather only)
We do not collect or store advertising identifiers
We do not sell data to any third party
We do not share data with advertisers
We do not serve ads of any kind

Third-Party Services

We use the following third-party services to operate and improve the app. Each service receives only the data it needs to perform its function.

Firebase / Google Cloud (Google LLC)

Firebase Authentication: manages your sign-in credentials and account security
Cloud Firestore: stores your profile, activities, and preferences
Firebase Analytics: collects anonymized usage patterns so we can understand how people use the app and what to improve
Firebase Crashlytics: collects crash reports so we can identify and fix bugs quickly
Firebase Performance Monitoring: measures app speed and responsiveness

Klaviyo (Klaviyo, Inc.)

We use Klaviyo for email communications including onboarding, tips, and product updates. Klaviyo receives your name, email, sex, sports, fitness level, seriousness, and subscription status so we can send relevant, personalized messages. You can unsubscribe from any email at any time.

Stripe (Stripe, Inc.)

Stripe processes payments for web-based purchases. We send Stripe your email address to create a checkout session. Stripe handles all credit card data directly — we never see or store your card number.

Apple App Store & Google Play Store

In-app subscriptions are managed entirely by Apple and Google. We receive purchase confirmation receipts but do not have access to your payment method details.

Google / Apple Sign-In

If you choose to sign in with Google or Apple, the authentication provider shares your name and email with us to create your account. Apple Sign-In allows you to hide your email address.

TrainingPeaks (Peaksware, LLC)

If you choose to connect TrainingPeaks, we exchange workout and nutrition data bidirectionally so you can see fueling recommendations alongside your training plan. This connection is user-initiated via OAuth and can be disconnected at any time.

Intervals.icu

If you choose to connect Intervals.icu, we exchange workout and nutrition data bidirectionally. This connection is user-initiated via OAuth and can be disconnected at any time.

OpenWeatherMap (OpenWeather Ltd)

We send your GPS coordinates to OpenWeatherMap at the time of activity to retrieve temperature, humidity, and weather conditions for sweat rate calculations. Your coordinates are sent transiently and are not stored by us.

Open Food Facts

When you scan a product barcode, we query the Open Food Facts database to look up nutrition information. Open Food Facts receives the barcode only.

Google Gemini AI (Google LLC)

When you photograph a nutrition label, we send the photo and relevant user context to Google's Gemini AI to extract text and nutrition data. This enables you to quickly log nutrition from product packaging.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract performance: Processing your account, activity, and health data is necessary to provide the fueling and hydration service you signed up for.
Consent: Health/biometric data processing and email marketing are based on your explicit consent, which you can withdraw at any time.
Legitimate interest: Analytics, crash reporting, and performance monitoring help us maintain and improve the service for all users.
Legal obligation: We retain purchase records as required by tax and accounting law.

Automated Decision-Making

The app uses algorithms to generate personalized nutrition, fuel, and hydration recommendations based on your profile data, activity data, and environmental conditions. These recommendations are the core purpose of the service. They are not used to make decisions that produce legal effects or similarly significant effects on you. You can always override or ignore any recommendation, and you can contact us if you have questions about how your recommendations are calculated.

Data Retention

We retain your data for specific periods based on necessity and legal requirements:

Account & profile data: retained for the duration of your account, plus 30 days after account deletion
Activity data: retained for the duration of your account, deleted when your account is deleted
Purchase records: 7 years after purchase (tax and legal requirements)
Error logs & crash data: 90 days
Deleted user records (email address and trial expiry date only): 2 years after deletion (anti-abuse prevention)
Analytics data: per Google Analytics retention settings

Once a retention period expires, personal data is deleted. After deletion, rights of access, erasure, rectification, and data portability cannot be exercised for data that no longer exists.

Account Deletion

You can permanently delete your account in the app: Menu > Profile > "Permanently Delete Your Account." Deletion requires triple confirmation and re-authentication to prevent accidental loss.

When you delete your account, we delete:

Your user profile and all preferences
All activity data
Your Firebase Authentication account

We retain the following after deletion as described in Data Retention above: purchase records (7 years, legal requirement), your email address and trial expiry date (2 years, anti-abuse), and error logs (90 days).

Note: Account deletion does not currently automatically propagate to all third-party services (such as Klaviyo or Stripe). We are working to automate this. In the meantime, you may contact us at [email protected] to request manual removal from third-party systems.

International Data Transfers

Saturday Inc. is based in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring data from the EEA, UK, and Switzerland to the US. Our third-party service providers (Google, Klaviyo, Stripe) also maintain appropriate data transfer mechanisms.

Children's Privacy

The Saturday app is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use the app or provide any personal information. If we learn that we have collected data from a user under 16, we will delete it promptly. Parents or guardians who believe their child has provided data to us should contact [email protected].

Data Security

We implement appropriate technical and organizational security measures to protect your data, including encryption in transit (TLS) and at rest, Firebase security rules restricting data access to authenticated users, and access controls limiting employee access to personal data. No system is perfectly secure, but we take reasonable steps to protect your information.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach (as required by GDPR) or within the timeframe required by applicable state law. We will also notify relevant supervisory authorities as required by law.

Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request that inaccurate data be corrected.
Deletion: Request that we delete your personal data (subject to legal retention requirements).
Portability: Receive your data in a structured, commonly used, machine-readable format.
Restrict processing: Request that we limit how we use your data.
Object to processing: Object to processing based on legitimate interests or for direct marketing.
Withdraw consent: Where processing is based on consent, withdraw it at any time.
Lodge a complaint: File a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days (or sooner if required by applicable law). These requests are free of charge.

Appeal Process

If we deny a privacy rights request, we will explain why. You may appeal the decision by emailing [email protected] with "Appeal" in the subject line. We will respond to appeals within 60 days. If you are not satisfied with the outcome, you may contact your state attorney general or relevant data protection authority.

Information for California Residents (CPRA)

This section applies to California residents under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CPRA"). These provisions supplement the rest of this privacy policy.

Categories of Personal Information Collected

Identifiers: name, email address, Firebase UID
Sensitive personal information: health data (weight, sex, biometric indicators used for fueling recommendations)
Internet or electronic network activity: app usage data, analytics events, crash reports
Geolocation data: precise location (transient, for weather only — not stored)
Inferences: fueling recommendations derived from your profile and activity data

How We Use Sensitive Personal Information

We use sensitive personal information (health and biometric data) solely to provide the fueling and hydration service you requested. We do not use sensitive personal information for advertising, profiling for unrelated purposes, or any purpose other than delivering and improving the core service.

Sale and Sharing

We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Your California Privacy Rights

Right to know: what personal information we collect, use, disclose, and sell
Right to delete: request deletion of personal information
Right to correct: request correction of inaccurate personal information
Right to limit sensitive personal information: direct us to limit the use of sensitive personal information to what is necessary for the service
Right to opt out of sale/sharing: we do not sell or share, but you may exercise this right at any time
Right to non-discrimination: we will not discriminate against you for exercising these rights

To exercise these rights, email [email protected]. We will confirm receipt within 10 business days and respond within 45 days, with a possible extension to 90 days if necessary.

Global Privacy Control

We recognize and honor the Global Privacy Control (GPC) signal. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information.

Information for Residents of Other US States

Residents of Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights similar to those described above, including the rights to access, correct, delete, and port your data, and to opt out of the sale of personal information, targeted advertising, and profiling. To exercise these rights, email [email protected].

If we deny your request, you have the right to appeal. See the Appeal Process section above.

Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) provides consumers the right to opt out of the sale of personal information. We do not sell your personal information. If you wish to submit an opt-out request, contact [email protected].

Additional Disclosures for European Data Subjects (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in the Your Rights section above. Additionally:

You have the right to lodge a complaint with your local supervisory authority.
Data transfers outside the EEA are protected by Standard Contractual Clauses (see International Data Transfers above).
We will respond to rights requests within 30 days.

Global Privacy Control & Do Not Track

We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out preference. If your browser sends a GPC signal, we treat it as an opt-out of the sale or sharing of personal information.

Regarding the older "Do Not Track" (DNT) browser signal: there is no industry-wide consensus on how to respond to DNT. We do not currently alter our data practices in response to DNT signals, but we do honor GPC as described above.

Health Data Privacy

The Saturday app processes health-related data to provide its core fueling and hydration recommendation service. For residents of Washington State and other jurisdictions with specific health data privacy requirements, please see our standalone Health Data Privacy Policy for additional disclosures under the My Health My Data Act (MHMDA) and similar laws.

Changes to This Privacy Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via email or an in-app notice before the changes take effect. Your continued use of the app after changes constitutes acceptance, but we will seek new consent where required by law.

Contact Us

Questions, concerns, or requests regarding this Privacy Policy should be directed to:

Saturday Inc.
8 The Green, STE A, Dover, DE 19901
[email protected]

Definitions

Personal Data: Any information that directly or indirectly identifies or could identify a natural person.
Usage Data: Information collected automatically through the app, including device type, operating system, app version, analytics events, and crash data.
User: The individual using the app.
Data Controller: Saturday Inc., which determines the purposes and means of processing personal data.
Data Processor: A third party that processes personal data on behalf of the Data Controller (e.g., Firebase, Klaviyo, Stripe).
Health Data: Data related to your physical health, body measurements, or biometric indicators, collected to provide the fueling and hydration service.