← Back

Sauna Score — Privacy Policy

Last updated: May 30, 2026

Introduction

Sauna Score is a product of Gaialab ("Gaialab", "we", "us", or "our"). We respect your privacy and is committed to handling your information with the smallest reasonable footprint. This Privacy Policy explains what information the Sauna Score mobile application ("the Service") collects, how it is used, and the choices you have.

The Service is designed to keep your health and practice data on your device by default. We do not maintain a copy of your Apple Health data on our servers and we do not sell or share it. Where the Service does collect anything beyond the device, that processing is described below.

By installing or using the Service you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. What Information Do We Collect?

1.1 Information you provide directly

The Service operates without an account in its current release. Information you actively provide is limited to:

All of the above is persisted in the operating system's local on-device storage (AsyncStorage on iOS). It is not transmitted to our servers.

1.2 Apple Health (HealthKit) data

With your permission, the Service reads the following data types from Apple Health to compute the Sauna Score, the Response score, the Sleep Score, and the Readiness chip:

Apple HealthKit reads happen on your device. The Service does not transmit your Apple Health data to our servers or any third party. Computations against this data run locally inside the app.

The Service also writes the following back to Apple Health:

You can grant or revoke any of these permissions at any time from Settings → Health → Data Access & Devices → Sauna Score on your iOS device.

1.3 Information automatically collected

The Service uses Firebase Analytics (operated by Google) to understand which features are used and to improve the product. The SDK is configured to collect:

We have disabled Firebase's collection of the Apple Advertising Identifier (IDFA) and we do not use Firebase Analytics audiences, advertising features, or Google Signals.

App Store crash reports come to us in the aggregated, anonymized form Apple chooses to surface. We do not run a third-party crash-reporting SDK.

1.4 What we do NOT collect

2. How Do We Process Your Information?

Your information is processed only for:

3. Legal Bases for Processing

Where the GDPR or equivalent regimes apply, we rely on the following legal bases:

4. Sharing Your Information

The Service is built so that we do not need to share your data in order to operate.

4.1 Apple Health remains with you

Apple Health data read by the Service is processed on your device. It is not transmitted to our servers or shared with any third party by us.

4.2 Third-party service providers (limited)

Two third parties process information for the Service:

We do not sell information to third parties.

4.3 Business transfers

If we are involved in a merger, acquisition, or sale of assets, your information may transfer to the successor entity. Where required by law, we will notify you in advance and you will be free to delete the app before the transfer takes effect.

4.4 Legal requirements

We may disclose information when required by law or in response to valid legal process. We will challenge requests we believe to be overbroad.

5. Cookies and Tracking Technologies

The Service is a native mobile application and does not use cookies. We do not employ cross-site tracking, cross-app tracking, or advertising identifiers.

6. Social Login

The current release does not require an account. Future releases may offer Sign in with Apple or Google sign-in. If introduced, that provider will share only the minimum profile information you authorize, and this Policy will be updated accordingly before the feature ships.

7. International Data Transfers

Two limited transfer paths exist:

By using the Service you consent to such limited transfers. We will not transfer Apple Health data internationally because we do not transmit it at all.

8. How Long Do We Keep Your Information?

Deleting your data

Because your sessions and preferences live on your device, deleting them is a single action:

9. How Do We Keep Your Information Safe?

We use commercially reasonable measures to protect information, including:

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Privacy Rights

10.1 General rights

Subject to applicable law you may:

For any question about these rights, contact hello@gaialab.io.

10.2 California residents (CCPA / CPRA)

You have the right to know what personal information we collect, request deletion, opt out of "sales" (we do not sell), and not be discriminated against for exercising these rights.

10.3 European Economic Area, UK, and Switzerland (GDPR / UK GDPR)

You have GDPR rights of access, rectification, erasure, restriction, data portability, and objection, and the right to lodge a complaint with your local data protection authority.

11. Do-Not-Track Signals

The Service is a native mobile application and does not currently respond to browser Do-Not-Track signals.

12. Children's Privacy

The Service is not directed to children under 13 and we do not knowingly collect information from children under 13. Sauna practice carries real physiological risk and should be supervised by a responsible adult for any minor. If you believe a child has provided us with information, contact hello@gaialab.io and we will delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document will reflect any changes. Where the change is material we will provide notice in-app or by other appropriate means before it takes effect.

14. Contact Us

Service: Sauna Score Operator: Gaialab Email: hello@gaialab.io Website: https://saunascore.com