Skip to content
Saturday 0
  • Home
  • Toolkit
  • Forum
  • Merch
  • 0
  • Sign In
  • Get Saturday

← All legal documents

Activity-Platform Integration Disclosure

Activity-Platform Integrations — Effective June 16, 2026

This disclosure explains what Saturday accesses when you connect a fitness platform or device account, the limited information we write back to your own account, how we use that data (including for machine learning), the legal basis we rely on, your rights, the attribution we display, and how to consent and withdraw. It is an addendum to the App Privacy Policy, the Website Privacy Policy, and the Consumer Health Data Privacy Policy; where this addendum is silent, those policies govern. Where this addendum and a base policy describe the same thing differently, read them together — this addendum adds detail for integrations, it does not narrow the rights the base policies give you.

Saturday Inc. ("Saturday," "we," "us," "our") builds personalized fuel and hydration prescriptions for endurance athletes. To make those prescriptions sharper, you can connect a third-party fitness platform or device account so we can read your training data — and, for two platforms, write your finished fueling plan back onto your own activity. This page tells you — plainly and without overstating it — exactly which platforms connect, what we read from each, what we write back, how we use it, the legal basis for doing so, what we display, how we keep it secure, and how you stay in control.

1. What This Disclosure Covers

This disclosure covers Saturday's activity-platform integrations — connections to services such as Garmin, COROS, Wahoo, intervals.icu, Polar, Suunto, TrainingPeaks, and Apple Health. It does not cover the in-app data you enter yourself (that is the App Privacy Policy and the Consumer Health Data Privacy Policy), nor the Saturday Claude connector and Coach API (that is the Connector & API Privacy Disclosure).

Throughout, "you" and "your" refer to the athlete who connects an account. Each integration is connected and disconnected by you, with your explicit consent, and reads only your own data. Saturday Inc. is the data controller for the connected-platform data described here — we determine the purposes and means of processing it. Each connected platform is an independent controller of the data on its own side.

2. What We Read, Per Platform

Our integrations read your training history: we import completed activities and, where the platform offers it, wellness signals (heart-rate variability, sleep, resting heart rate, recovery). We import these to compute more accurate fuel, hydration, and electrolyte prescriptions for you. We practice data minimization — we do not pull data we don't use, and we do not import anything from a platform you haven't connected. (For the limited data we write back to two platforms, see Section 3.)

PlatformWhat Saturday readsUsed to improve our models?
GarminCompleted activities and their streams (power, heart rate, pace, GPS, temperature), plus wellness (HRV, sleep, resting heart rate).Yes — only with your explicit consent (see Section 5).
COROSCompleted activities and their streams, plus recovery/wellness signals.Yes — with your consent and AI-use disclosure (see Sections 5–6).
intervals.icuPlanned and completed activities, per-second streams, and wellness (HRV, sleep, resting heart rate).Yes.
Apple HealthWorkouts, heart rate, sleep, and active energy from your device, with your on-device permission.Yes — to personalize your own prescriptions.
WahooCompleted activities and their streams (power, normalized power, heart rate).No — served to you only; not used to train our models.
PolarCompleted activities plus Nightly Recharge recovery/HRV.No — served to you only.
SuuntoCompleted activities and their streams, including ambient temperature.No — served to you only.
TrainingPeaksCompleted workouts and structured-training data (e.g. TSS).No — served to you only.

"Served to you only" means the data is shown back to you and used to compute your prescriptions, but it is excluded from the data we use to train our machine-learning models. That distinction is honored in code, not just on paper (see Section 6). We do not connect to, import from, or train on Strava or Oura.

3. What We Write Back (intervals.icu and TrainingPeaks)

Most of our integrations only read. For two platforms — intervals.icu and TrainingPeaks — Saturday can also write a single comment back onto your own activity: the fuel, hydration, and electrolyte plan we calculated for that session, posted as a comment on the matching workout in your account so you can see your plan where you already do your training. This is the only data Saturday writes to a connected platform.

  • It is your data, going to your own account. We write only to the activity you own, on the platform you connected, and only the prescription Saturday computed for that activity. We never write to anyone else's account, never post to a public feed or a coach's account, and never alter your activity's underlying training data (power, heart rate, distance, or the workout itself).
  • One comment, kept current — never a flood. Saturday maintains a single canonical comment per activity. If your plan changes, we edit that one comment in place rather than adding another; you will not get duplicate or repeated comments.
  • It is off unless you turn it on, and you can turn it off any time. Write-back is a setting you control in Saturday. Turning it off stops all future write-back immediately; comments already written remain on your activities under your control until you remove them (you can delete them on the platform itself at any time).
  • We do not write to Garmin, COROS, Wahoo, Polar, Suunto, or Apple Health. Those integrations remain read-only.

4. Attribution — Whose Data You're Looking At

When Saturday shows you data — or a prescription derived from data — that came from a connected platform, we attribute the source clearly and no less prominently than our own branding on the same screen:

  • Garmin. Garmin-sourced data and any prescription derived from it is labeled "Powered by Garmin" together with the specific device model that recorded it (for example, "Powered by Garmin — Forerunner 965"). The device model is read from the activity itself, so it is correct for each activity rather than a generic label.
  • COROS. COROS-sourced data is labeled "Powered by COROS" together with the specific device model (for example, "Powered by COROS — PACE 3"). COROS-derived outputs are presented for fitness and performance purposes only and are not medical advice.
  • Wahoo. Wahoo-sourced data is labeled "Powered by Wahoo".
  • Polar, Suunto, TrainingPeaks. Data from these platforms is attributed to its source wherever it is shown.
  • intervals.icu and Apple Health. These do not require source attribution; where a Garmin device recorded an activity that reached us through another platform, the Garmin device attribution still travels with it.

5. AI-Transparency Statement (Garmin and COROS)

This section is the consent predicate for using Garmin or COROS data to improve our models. We will not use your Garmin or COROS data to train our models unless you have given the explicit consent described here.

(a) That we use AI, and for what purpose

Saturday uses machine-learning models to improve the accuracy of its fuel, hydration, and electrolyte recommendations. With your consent, the training data for those models may include the activity and wellness data we import from your Garmin and COROS accounts — in de-identified, aggregated form, as patterns across many athletes, never as a stored profile that the model can recall as "you."

(b) That we ask before we process

We ask for your explicit consent before any of your Garmin or COROS data is used to train our models. Connecting the account to see your data in the app does not, by itself, opt you into model training; training use is a separate, affirmative choice you make. Until you give that consent, your Garmin and COROS data is served back to you only and is excluded from our training set.

(c) That you can withdraw easily

You can withdraw your consent at any time, easily, from your Saturday account settings — and disconnecting the integration also withdraws it. When you withdraw, we stop using that data going forward, delete your identifiable data on the timeline in Section 9, and your residual de-identified influence ages out of our models on the retraining cadence in Section 7.

6. How We Use the Data

  • To serve you. Every connected platform's data is used to compute and show your prescriptions and training context, and — where you enable write-back (Section 3) — to post your plan back to your own intervals.icu or TrainingPeaks activity. This is the default and applies to every source.
  • To improve our models — only where permitted, only with consent. We train our fueling models on data only from sources whose terms permit it: Garmin and COROS (with the consent in Section 5), intervals.icu, and Apple Health. We do not train on Wahoo, Polar, Suunto, or TrainingPeaks data — those are served to you only. We do not connect to or train on Strava or Oura at all.
  • Enforced in code. Each imported activity is stamped with its source and a flag for whether training is permitted. Our training queries read only the permitted rows; serving your own prescriptions reads all of your connected data. This is a mechanical filter, not a promise we have to remember to keep.
  • Wahoo's own use of your data. Separately from how Saturday uses it, Wahoo may use the data it provides for its own business purposes, under Wahoo's own terms. We disclose this because the Wahoo agreement requires it; it does not change how Saturday uses your data (served to you only, never used to train our models).
  • What we never do. We do not sell your data, do not "share" it for cross-context behavioral advertising, do not use it for advertising at all, do not share it with data brokers, do not build leaderboards or cross-athlete benchmarks from a platform's data, and do not use it for any purpose other than those above. Our conversational coaching assistant is not trained on your individual activity or health data.

7. Legal Basis, Automated Decisions, and Our Models

Legal basis for processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to read your connected activities and compute the prescriptions you signed up for, and to write your plan back where you've enabled it.
  • Your explicit consent (Art. 6(1)(a) and, because activity and wellness data are health data and therefore special-category data, Art. 9(2)(a)) — to connect each integration in the first place, and, separately, to use Garmin or COROS data to improve our models (Section 5). Your consent to connect a health-data integration is asked for specifically and on its own; it is not bundled into general terms, and you can withdraw it at any time without affecting the lawfulness of processing done before you withdrew.
  • Legitimate interests (Art. 6(1)(f)) — only for narrow operational purposes such as securing the integration, preventing abuse, and keeping idempotent write-back from duplicating, where those interests are not overridden by your rights.

Automated decision-making and profiling (Art. 13(2)(f) / Art. 22)

Saturday's prescriptions are produced by algorithms that profile your training and wellness data to estimate your fluid, sodium, and carbohydrate needs — that is the core function you asked for. The meaningful logic, in plain terms: we combine your body metrics and stated preferences with the intensity, duration, and environmental conditions of each session (and, with consent, model-learned patterns across many athletes) to compute a recommended intake. These recommendations are guidance you can always override or ignore; they are not used to make decisions that produce legal effects or similarly significant effects on you, so they do not constitute solely-automated decision-making under Article 22. If you have questions about how your recommendations are calculated, or want a human to review them, you can contact us.

Your data and our models

Saturday improves its fueling recommendations using machine-learning models trained on de-identified, aggregated data — patterns across many athletes, never a stored profile of you that the model can recall. We can't reach into a model that has already been trained and pull one person back out; no one can. Instead, we retrain our models on a regular monthly cadence from data that no longer includes you, so any small residual influence from your de-identified data ages out completely within at most one retraining cycle — under 90 days, and typically about 30. This is consistent with data-protection guidance that the personal data must be erased, while aggregated or anonymized derivatives that cannot be re-linked to you fall outside the erasure obligation. We only ever train on data from sources whose terms permit it, and we honor each source's own deletion rules.

8. Consent & Withdrawal — Every Source

You connect each integration yourself through that platform's own authorization screen, which shows you what you are granting before you grant it. We obtain your affirmative consent before we collect from a connected source, and a separate affirmative choice governs each model-training and write-back use. You can withdraw at any time:

  • Disconnect in Saturday from your account settings — this revokes the connection and triggers deletion (Section 9).
  • Revoke at the source — you can also revoke Saturday's access from the platform's own connected-apps settings; we treat an upstream revocation the same as an in-app disconnect.
  • Withdraw model-training consent for Garmin and COROS separately, without disconnecting, from your Saturday account settings (Section 5c).
  • Turn off write-back for intervals.icu and TrainingPeaks separately, without disconnecting, from your Saturday account settings (Section 3).

9. Deletion, Retention & Your Rights

When you ask us to delete your account or disconnect an integration, we delete your identifiable data within 24 hours — the raw activity and wellness data we received, the copies in our database and analytics warehouse, the personalized features we derived from it, and your stored access credentials for that platform. Our deletion engine targets under an hour; 24 hours is the outer guarantee that absorbs retries and provider round-trips. We also immediately fire the platform's disconnect/deauthorization so it stops sending us new data. Disconnecting a single integration deletes that platform's imported data and revokes that connection; full account deletion deletes everything.

  • Per-platform commitments we honor. COROS data is deleted or de-identified within 24 hours of disconnection, with retention capped at 90 days; Wahoo data is deleted on disconnection (and within 48 hours of a Wahoo request); Garmin data is purged — including from backups — when you close your account or withdraw consent. We adopt the tightest of these (24 hours) as our single, uniform promise to you.
  • Retention. Connected-platform data is retained only while your account and that integration are active, then deleted on the 24-hour timeline above. We do not keep an integration's data after you disconnect it, beyond the brief window the deletion engine needs to complete.
  • Your rights (GDPR / UK GDPR). You have the right to access the data we hold about you (Art. 15); to rectify inaccurate data (Art. 16); to erase it (Art. 17); to restrict our processing (Art. 18); to data portability — receive the data you gave us in a structured, commonly used, machine-readable format and have it sent to another controller where technically feasible (Art. 20); and to object to processing, including any processing based on legitimate interests (Art. 21). Where processing is based on consent, you can withdraw that consent at any time. You also have the right to lodge a complaint with your local supervisory authority (data protection authority).
  • Your rights (US state law). Depending on your state, you have rights to know, access, delete, and correct your data, to opt out of any sale or "sharing," and to limit the use of sensitive personal information. Saturday does not sell your data and does not use it for cross-context behavioral advertising, so there is nothing to opt out of — but you may exercise the right at any time. Health and biometric data are treated as sensitive personal information and are used only to provide and improve the fueling service you requested.
  • Consumer health data (Washington MHMDA, Nevada SB 370, Connecticut). Connected activity and wellness data is "consumer health data" under these laws. We collect and share it only with your affirmative consent or as strictly necessary to provide the service you requested; we never sell it (a sale would require your separate signed authorization, which we do not seek because we do not sell). You may confirm what we collect and with whom we share it, withdraw consent, and request deletion, and you may appeal a declined request. Our dedicated Consumer Health Data Privacy Policy governs these rights in full.
  • How to exercise them. You can disconnect any integration and request deletion, export, or correction from your Saturday account settings, or by contacting us using the details at the foot of this page. We confirm receipt and respond within the timelines the applicable law requires (for example, within 30 days under the GDPR and within 45 days under US state privacy laws, with an extension only where the law allows). We will not discriminate against you for exercising any of these rights, though withdrawing consent for an integration will end the personalization that depended on it.

10. Security, Sub-Processors & International Transfers

Security of processing

We protect connected-platform data with appropriate technical and organizational measures: encryption in transit (TLS) and at rest, per-user encryption of your stored platform credentials, Firestore security rules and access controls that limit who and what can read your data, and request-signing and replay protection on the webhooks platforms send us. No system is perfectly secure, but we take reasonable, current steps to protect your information.

Sub-processors

Connected-platform data flows only between the platform's API, Saturday's API, and Saturday's existing infrastructure. Our sub-processors for this data are Google Cloud (application hosting, data storage, and our analytics warehouse) and Google Cloud Vertex AI (the model service used for on-demand AI reports), each acting as a processor on our behalf under a data-processing agreement. We do not introduce a new third-party data path for your connected data, and we do not redistribute it. The connected platforms themselves (Garmin, COROS, Wahoo, intervals.icu, Polar, Suunto, TrainingPeaks, Apple) are independent controllers of the data on their side, not Saturday's sub-processors.

International data transfers

Saturday Inc. is based in the United States and our servers are located in the US. If you connect an integration from outside the US, your connected-platform data will be transferred to and processed in the US. For transfers from the EEA, UK, and Switzerland, we rely on the European Commission Standard Contractual Clauses (Module 1: Controller-to-Controller, 2021) and the UK International Data Transfer Addendum (2022) as the legal mechanism, we have conducted Schrems II adequacy assessments, and we apply supplementary measures where appropriate. Our sub-processors maintain their own appropriate transfer mechanisms.

11. Children's Data

Saturday and its integrations are not directed to children under 16, and we do not knowingly let a child under 16 connect a fitness platform or device account. If we learn that we have collected connected-platform data from a child under 16, we will delete it promptly. A parent or guardian who believes their child has connected an account should contact us using the details at the foot of this page.

12. Data Breach Notification

In the event of a breach affecting connected-platform data that poses a risk to your rights, we will notify affected users without undue delay and no later than 72 hours after becoming aware (as required by the GDPR), and we will notify the relevant supervisory authorities as required. As a provider of a health service not covered by HIPAA, we also comply with the US FTC Health Breach Notification Rule and applicable state breach-notification laws, including notifying affected individuals and regulators within the timelines those laws require.

13. Changes to This Disclosure

If we add a new integration, change what an existing one reads or writes, or change how we use connected data, we will update this page and its effective date, and — where the change is material — tell you in the app before it takes effect and seek renewed consent where the law requires it.

Contact

For questions or requests regarding this document:
Saturday Inc.
8 The Green, STE A, Dover, DE 19901
support@saturdaymorning.fit

© 2026 Saturday Inc. — All rights reserved.

Saturday Inc.

Built by athletes. For athletes. saturday.fit
Navigate
  • Home
  • Toolkit
  • For Coaches
  • Community Forum
  • Integrations
  • Merch
  • Get Saturday →
  • Support
  • Legal
  • Changelog
  • LLM? Read llms.txt
Learn With Us
Language
  • English
  • Español
  • Français
  • Português
  • Deutsch
  • 日本語
© 2026 Saturday Inc. All rights reserved. — saturday.fit Made with obsession, not venture capital. 🧡