Privacy Policy

Introduction

Saunafy is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Saunafy mobile application and related services (collectively, the "Service").

This Privacy Policy is especially important because Saunafy processes sensitive health and wellness data to provide personalized recovery insights and recommendations.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Health and Fitness Data

HealthKit Integration:

We integrate with Apple HealthKit to access the following health data (only with your explicit permission):

• Heart Rate Data: Real-time and historical heart rate measurements
• Heart Rate Variability (HRV): SDNN measurements for recovery analysis
• Resting Heart Rate: Daily resting heart rate values
• Sleep Analysis: Sleep duration, quality, and patterns
• Active Energy Burned: Calorie expenditure during activities
• Workout Data: Exercise sessions and fitness activities

Session-Specific Data:

• Recovery session details (type, duration, temperature)
• Real-time biometric data during sessions
• User-provided recovery ratings and notes
• Session performance metrics and summaries
• Potentially dangerous activity records
• High-risk thermal therapy exposures

1.2 Personal Information

Account Information:

• Name and email address
• Profile preferences and settings
• Account creation and login credentials
• Subscription and payment information
• Age and health condition indicators

2. How We Use Your Information

2.1 Core App Functionality

Session Tracking:

• Record and analyze recovery sessions
• Provide real-time biometric monitoring
• Calculate session summaries and insights
• Sync data between iPhone and Apple Watch

Recovery Analysis:

• Generate personalized recovery readiness scores
• Analyze health data trends and patterns
• Provide AI-powered insights and recommendations
• Correlate sleep, stress, and recovery metrics

2.2 Artificial Intelligence and Machine Learning

AI Processing (Local and Cloud):

• Train algorithms on your health patterns
• Generate personalized recovery insights
• Predict optimal session timing and intensity
• Adapt recommendations based on your progress
• Analyze high-risk activity patterns
• Identify potentially dangerous behaviors

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

Firebase Services (Google):

• Cloud storage and database management
• User authentication and account management
• Analytics and performance monitoring
• Crash reporting and error tracking
• Subject to Google's data access and government cooperation policies

Apple Services:

• HealthKit data integration
• App Store and subscription management
• Push notification delivery
• iCloud backup and sync
• Subject to Apple's law enforcement cooperation policies

3.2 Legal and Government Disclosure

We may disclose your information when:

• Required by law, regulation, or court order
• Responding to government requests or investigations
• Cooperating with law enforcement agencies
• Complying with national security requirements
• Protecting against fraud or illegal activities
• Enforcing our Terms of Service

4. Your Privacy Rights and Choices

4.1 HealthKit and Health Data Permissions

Granular Control:

• Enable or disable specific health data types
• Revoke HealthKit permissions at any time
• Control data sharing with Apple Health
• Manage workout data writing permissions
• Monitor which apps access your health data
• Review health data sharing history

4.2 Comprehensive Data Access and Control

Your Rights Include:

• Access: Request copies of your personal data in machine-readable format
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data (subject to legal retention)
• Portability: Export your data in standard formats
• Restriction: Limit processing of your personal data
• Object: Object to processing based on legitimate interests
• Automated Decision Making: Request human review of algorithmic decisions

5. Security and Data Protection

5.1 Comprehensive Security Measures

Encryption and Protection:

• End-to-end encryption for data transmission
• AES-256 encryption for stored data
• Secure communication protocols (HTTPS/TLS)
• Encrypted local database storage
• Hardware security modules for key management
• Regular encryption key rotation

5.2 Security Limitations and Risks

6. Contact Information

6.1 Privacy Contacts

• General Privacy Questions: privacy@saunafy.com
• Data Subject Requests: rights@saunafy.com
• Security Concerns: security@saunafy.com
• GDPR Inquiries: gdpr@saunafy.com
• CCPA Requests: ccpa@saunafy.com

6.2 Response Timeframes

• General Privacy Questions: 5 business days
• Data Access Requests: 30 days (extendable to 60 days)
• Data Deletion Requests: 30 days (confirmation within 72 hours)
• Security Incidents: 24 hours for acknowledgment
• Urgent Privacy Concerns: Same business day

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

This Privacy Policy represents our comprehensive commitment to protecting your privacy while acknowledging the inherent risks of health data processing and extreme activity tracking. Privacy protection is an ongoing effort, and we continuously work to improve our privacy program.

For questions, concerns, or suggestions about our privacy practices, please contact our privacy team at privacy@saunafy.com.