Saetta — Privacy Policy

Effective date: 2026-06-01 · Version: 2026-06-01.1

This is the privacy policy for Saetta, fitness logging and planning software for strength training. Saetta is not a medical device. It does not diagnose, treat, or give medical advice, and it makes no medical interpretation of your data — including any health data you choose to connect.

1. Who we are and how to contact us

Saetta is operated by Yarden Carmel ("we," "us," "our"). We are the controller of the personal data described here.

For any privacy question or to exercise your rights (access, correction, deletion, portability, objection, or any other request), use the contact form at the bottom of this page. We respond within 30 days.

2. What data we collect

We collect only what is described here. Most of it is optional, and several categories are off until you turn them on.

Account data. Your email address and the authentication provider you used to sign in (Google, or email and password). If you sign in with Google, the identifier and email Google returns. We send a verification email to this address to confirm it is yours before your account is activated.
Your training data. The plans, training days, exercises, set logs (reps, weight), sessions, and notes you enter.
Profile details you choose to enter (optional). Your sex, birth year, height, training goal or goals, years of training experience, and where you train (for example, home or a commercial gym). These are optional and you can change or clear them at any time. We use them only to personalise the app. We do not use them to make any health or medical judgement about you.
Approximate location — country only (optional). If you tap "Detect" on the Region field, your device's IP address is used once, on our server, to look up your two-letter country code (for example, IL); the IP address is not stored, and only the country code is saved, and only if you choose to keep it. You can also pick your country from a list, or leave it blank.
Post-workout wellness check-in (off by default; you must turn it on). If you switch this on, after a session you can rate your energy, soreness, motivation, stress, and sleep quality on a 1–5 scale. Because this can describe your health, we treat it as sensitive data and collect it only with your separate, explicit opt-in, which is off by default. It is informational only: we do not score it, interpret it, or derive any health or training recommendation from it. You can turn the check-in off at any time, and turning it off stops any further collection.
Health and fitness data from your watch or phone (off by default; you must turn it on). If you connect Apple Health or Health Connect, Saetta reads — read-only — a limited set of data for your sessions: average and maximum heart rate, active calories, and the metadata of workouts recorded by another app or device. Because this is health data, we collect it only with your separate, explicit opt-in, which is off by default, in addition to the permission your phone's operating system asks for. This data is shown back to you only on your own sessions. We don't write anything back to Apple Health or Health Connect, we don't use it for advertising, and we don't sell or share it. You can disconnect at any time, which stops further reading and removes this data from our servers.
Anonymous usage analytics (off by default; you must turn it on). Which screens you open and which in-app actions you take, as a fixed, limited set of events. It doesn't include your weights, the reps you logged, exercise names you typed, your name, or your email. The full list of events is published and fixed; new categories require a fresh prompt before they are collected.
Crash reports (off by default; you must turn them on). If the app crashes, the technical error, the stack trace, your device model, and your OS version. User-entered text (custom exercise or plan names), your email, and your account ID are scrubbed before a crash report leaves your device.
A device identifier. A random identifier generated on first launch (a UUID — not a hardware ID, not an advertising ID), used only to deduplicate analytics and crash events if you have turned those on. It is a pseudonymous identifier and is treated as personal data.

3. Why we use your data, and our legal basis

To provide the service (performance of a contract). Your account, your training data, your profile, and syncing them so they persist across reinstalls and devices.
Your consent. The post-workout wellness check-in and the health data read from Apple Health or Health Connect are sensitive data, collected only on your separate, explicit opt-in (each off by default). Anonymous usage analytics and crash reporting also run on consent (off by default). You can withdraw any of these at any time in Settings → Privacy & data; withdrawing does not affect anything done before you withdrew.
Our legitimate interests. Deriving your two-letter country code from your IP at the moment you tap "Detect" (the IP is used once and not stored), and keeping the app working and reliable. Where we rely on legitimate interests you have the right to object.
Legal obligation. Where applicable law requires us to retain or disclose specific records.

4. Who else processes your data

Supabase, Inc. — our backend: managed database, authentication, and the functions that receive analytics, crash reports, and privacy requests. Supabase is our sole data processor for your app data, under an executed Data Processing Agreement. Our Supabase project is hosted in the European Union region. Supabase engages its own downstream sub-processors (for example, infrastructure and email providers).
Google LLC — only if you choose Sign in with Google, and only for authentication. Covered under Google's developer terms.
Apple Inc. / Google LLC (Health Connect) — if you connect health data, the data comes from Apple Health or Android Health Connect on your own device, under the operating-system permission you grant. We do not send your health data to them or to anyone else.

We don't share your personal data for advertising. We don't sell your account, your identity, your individual training logs, or any health data.

De-identified, aggregated training statistics (off by default; you must turn it on)

Separately from everything above, you can choose to contribute your training data to de-identified, aggregated statistics — for example, how common an exercise is, or typical rep ranges across many lifters. This is off by default; nothing is contributed unless you turn it on in Settings → Privacy & data, and you can turn it off at any time.

Only your training logs (exercises, sets, reps, weight) can ever enter these statistics — never your account, your identity, or any single one of your sessions on its own.
We contribute only coarse group figures computed across large numbers of lifters, with small groups suppressed so that no figure can be traced back to you. We never share row-level or per-user data, and we never share a pseudonymous copy of your logs.
Health and fitness data is excluded entirely. Heart rate, calories, workout metadata, and anything read from Apple Health or Health Connect, and your wellness check-ins, can never enter these statistics — not even in aggregated or de-identified form.
If your account is private, or you have asked us to delete your data, you are excluded.

This does not change the line above: we still do not sell your account, your identity, your individual training logs, or any health data. These statistics are group figures only, and only if you opt in.

5. Where your data is stored and transferred

Our backend is hosted in the European Union region. If you are in Israel, the transfer between Israel and the EU relies on the EU's adequacy decision for Israel. For users elsewhere, the relevant cross-border transfer mechanism applies as described to you at sign-up for your region.

6. How long we keep data

Account, training, and profile data — kept while your account exists. When you delete your account, it is erased promptly (see §7 — account deletion is an immediate hard erasure, not the routine 90-day sync cleanup).
Wellness check-in and connected health data — kept while the feature is switched on / your watch or phone is connected. Turning the wellness check-in off, disconnecting health, or deleting your account removes this data from our servers (soft-deleted, then swept within 90 days).
Country code — kept as part of your profile until you change or clear it, or delete your account.
Routine soft-deleted records — when you delete an individual plan or session, it is tombstoned for sync and hard-deleted from the server within 90 days.
Analytics and crash events — kept up to 90 days, then deleted. If you turn analytics or crash reporting off, the events already collected stay on our servers under our legitimate interest in keeping the app reliable, and the unsent buffer on your device is purged immediately; you can erase them entirely by deleting your account.
Backups. Our backend provider keeps encrypted backups for disaster recovery. A deletion may remain in a backup until that backup is rotated out on the provider's normal schedule, and is not restored into the live system.

7. Your rights and how to use them

You can, at any time:

Export your data — Settings → Privacy & data → Export my data produces a machine-readable copy of your training history.
Delete your account — Settings → Privacy & data → Delete account. A deliberate, confirmed action that immediately and permanently erases your account, profile, plans, sessions, sets, wellness ratings, connected health data, and any analytics/crash events linked to you, on our servers and on your device. It is not recoverable. (Backups follow the rotation in §6.)
Access, correct, or restrict your data, object to processing, or request portability — most data is directly editable in the app; for anything else, use the contact form below.
Withdraw any consent — the wellness check-in, connected health, analytics, and crash reporting can each be turned off in Settings → Privacy & data at any time.

For EU/EEA/UK users: you also have the right to lodge a complaint with your local data protection authority. For Israeli users: you have access and correction rights under the Privacy Protection Law (including amendment 13) and may contact the Privacy Protection Authority. For California users: you have the right to know the categories of personal information we collect, to access and delete it, and to opt out of any sale or sharing — and we do not sell or share your personal information.

All requests that are not self-service go through the contact form at the bottom of this page. We respond within 30 days.

8. Children

Saetta is not directed to children. You must be at least 18 to use Saetta. We do not knowingly collect data from anyone under 18. If you believe someone under 18 has used Saetta, contact us via the form below and we will delete the data.

9. Changes to this policy, and how we tell you

We may update this policy, and the version and effective date at the top change when we do. If a change is material, we will notify you in the app before it takes effect — for example, if we introduce a new category of data, add a processor, move data outside the EU region, or extend a retention period. Where the change concerns data you turned on by consent, you will be re-prompted before it applies to you.

10. Effective date and version

This version: 2026-06-01.1. Effective date: 2026-06-01.

11. Israel-specific note

Saetta is operated in compliance with the Israeli Privacy Protection Law 5741-1981, including amendment 13 (effective 2024-08-14). Providing your data is voluntary, not a legal duty. You have access and correction rights and may contact the Privacy Protection Authority.

Make a privacy request

Use this form for any access, correction, deletion, portability, or other privacy request. We respond within 30 days. We do not publish an email address — this form is how you reach us.