Skip to main content

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Sparklab LLC (“we,” “us,” or “our”) operates Sathi.fit, a multi-app health and wellness platform. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website, applications, and related services (collectively, the “Services”).

By using Sathi.fit, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and password. If you sign in through a third-party provider, we may receive your name and email from that provider.

2.2 Health & Biometric Data

With your explicit consent, we collect health and biometric data from connected wearable devices and fitness platforms, including but not limited to:

  • Sleep patterns, duration, stages, and efficiency
  • Heart rate, heart rate variability (HRV), and resting heart rate
  • Activity data including steps, calories, distance, and workouts
  • Readiness and recovery scores
  • Blood oxygen saturation (SpO2) and respiratory rate
  • Skin temperature and stress levels

This data is collected via secure OAuth 2.0 authorization from providers including Oura Ring, Garmin (via the Garmin Connect API), WHOOP, Polar, Suunto, Strava, and other supported providers. Some providers connect directly to Sathi.fit, while others connect through our self-hosted OpenWearables integration platform. We only access data types you explicitly authorize.

2.3 AI Therapist Conversations

If you use our ParentPulse AI therapist feature, the messages you send are processed by a third-party AI service (Anthropic’s Claude API) to generate responses. With your explicit consent, conversation pairs may be stored for your reference. You can revoke this consent and delete all stored conversations at any time.

2.4 Therapy Session Data

If you book sessions with licensed therapists through ParentPulse, we collect booking details, session scheduling information, and payment records. Video therapy sessions are conducted through LiveKit and are not recorded by us.

2.5 Community & Wellbeing Data

If you participate in community features, we collect the content of your posts and replies. Posts may be made anonymously to other users but are associated with your account internally. Wellbeing check-in data (mood, energy, anxiety, sleep quality) is stored linked to your account.

2.6 Payment Information

Payments are processed by Stripe. We do not store your credit card numbers or bank account details. We retain Stripe customer IDs, subscription status, and transaction records.

2.7 Technical & Device Data

We automatically collect technical information such as your browser type, device type, operating system, IP address, and general usage patterns to maintain and improve the Services.

3. How We Collect Data

  • Directly from you: When you create an account, fill out forms, post in the community, or use the AI therapist.
  • From wearable devices: When you connect a wearable provider (Oura, Garmin, WHOOP, Polar, Suunto, Strava) through OAuth 2.0 authorization, you are redirected to the provider’s authorization page where you grant explicit consent for specific data types. We receive your health data via cloud-to-cloud API integration. You can review and revoke this authorization at any time through both our platform and the provider’s own settings.
  • Automatically: Technical data is collected through standard web technologies when you access our Services.

4. How We Use Your Data

  • Providing, maintaining, and improving the Services
  • Displaying your health metrics, trends, and correlations across connected devices
  • Generating AI-powered responses and guidance through the ParentPulse AI therapist
  • Facilitating therapist bookings and video sessions
  • Processing payments and managing subscriptions
  • Sending transactional emails (booking confirmations, notifications)
  • Detecting, preventing, and addressing security issues
  • Complying with legal obligations

We do not sell your personal data or health data to third parties. We do not use your health data for advertising purposes.

5. AI & Machine Learning

Our AI therapist feature uses Anthropic’s Claude API. When you send a message to the AI therapist, your message is transmitted to Anthropic for processing. Important details:

  • Anthropic operates a zero-data-retention policy for API usage — your messages are not used to train their AI models.
  • Conversation logging on our platform is optional and requires your explicit consent. You can enable or disable it at any time.
  • You can delete all your stored AI conversations through the consent settings in your account.
  • We do not use your health data or therapy conversations to train any AI or machine learning models.

6. Third-Party Services

We use the following third-party services to operate Sathi.fit:

ServicePurpose
SupabaseAuthentication and database
StripePayment processing
Anthropic (Claude)AI therapist responses
LiveKitVideo therapy sessions
Garmin Connect APIWearable health data sync (with user OAuth consent)
OpenWearablesWearable data aggregation (self-hosted)
ResendTransactional emails
DeepgramAudio transcription
ElevenLabsText-to-speech

Each third-party service processes data in accordance with their own privacy policies. We select partners who maintain strong privacy and security practices.

7. Data Sharing

We may share your information in the following circumstances:

  • Service providers: With the third-party services listed above, solely for operating the Services.
  • Therapists: When you book a session, relevant booking details are shared with your selected therapist.
  • Legal requirements: When required by law, regulation, legal process, or government request.
  • Safety: When necessary to protect the rights, property, or safety of our users or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

8. Organizational & Business Accounts

When your employer or organization provides you access to Sathi.fit through a business subscription, the following data practices apply:

What your employer CAN see

  • Aggregate, anonymized wellness statistics across the team (e.g., average engagement rates, popular features)
  • Number of active seats and overall platform usage metrics
  • Aggregate program ROI indicators (participation rates, feature adoption)

What your employer CANNOT see

  • Your individual health data or wearable metrics
  • Your AI therapy or meditation conversations
  • Your personal wellness scores, mood tracking, or journal entries
  • Your nutrition logs, bloodwork results, or hydration data
  • Any activity or content within your personal account

Your control

You retain full control over your personal data regardless of your employer’s subscription status. You can delete data, disconnect wearables, and manage your privacy settings independently. If your employer’s business subscription ends, your personal account persists and reverts to the Free plan — no data is deleted or transferred.

We will never share your individual health data with your employer. This commitment is non-negotiable, regardless of subscription tier or contractual arrangement.

9. Wearable Data — Disconnection & Deletion

When you disconnect a wearable provider (e.g., Garmin, Oura, WHOOP):

  • We immediately stop collecting new data from that provider.
  • Your existing historical data is retained for 30 days to allow reconnection without data loss.
  • After 30 days, all health data from that provider is permanently deleted from our systems.
  • You can request immediate deletion of all provider data at any time by contacting privacy@sathi.fit.
  • Disconnecting on our platform revokes the OAuth token with the provider. You can additionally revoke access from the provider’s own settings (e.g., Garmin Connect → Connected Apps, Oura → Connected Services).

10. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Health data: Retained while your wearable provider is connected. Deleted within 30 days of provider disconnection.
  • AI conversations: Deletable immediately by you at any time. Auto-purged within 90 days of account deletion.
  • Payment records: Retained for 7 years as required by applicable financial regulations.
  • Community posts: Retained until deleted by you or removed by our moderation team. Purged within 30 days of account deletion.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest in our database
  • Row-level security policies ensuring users can only access their own data
  • Secure OAuth 2.0 token management for wearable connections
  • Webhook signature verification for payment processing
  • Regular security reviews of our infrastructure

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Disconnect any wearable provider and stop data collection
  • Delete your AI therapist conversation history
  • Object to or restrict certain processing activities

To exercise any of these rights, please contact us at privacy@sathi.fit.

13. Children’s Privacy

Sathi.fit is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

14. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place for international data transfers, including contractual protections with our service providers.

15. Legal Compliance

We are committed to complying with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) — for users in the European Economic Area. You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.
  • India Digital Personal Data Protection Act (DPDPA) 2023 — for users in India. We process personal data only with your consent and for legitimate purposes as defined under the Act.
  • Information Technology Act, 2000 (India) — we implement reasonable security practices as required under Section 43A and the IT (Reasonable Security Practices and Procedures) Rules, 2011.
  • California Consumer Privacy Act (CCPA) — for California residents. We do not sell your personal information. You have the right to know, delete, and opt out.

For jurisdiction-specific requests, contact privacy@sathi.fit.

16. Cookies & Tracking

We use essential cookies for authentication and session management. We do not currently use third-party analytics, advertising trackers, or non-essential cookies. If this changes, we will update this policy and provide appropriate notice and controls.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Your continued use of the Services after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Sparklab LLC

Email: privacy@sathi.fit

Website: sathi.fit