Privacy Policy
Plain-English version: we collect what's needed to make Sando work, we don't sell your data, and you can delete it at any time.
1. Who we are
Sando is operated by Bamboo Digital inc., a Québec, Canada company. We are the controller of your personal information under Québec's Act respecting the protection of personal information in the private sector (commonly known as Law 25 / Loi 25) and Canada's PIPEDA.
Our Privacy Officer can be reached at privacy@getsando.com.
2. What we collect
You give us
- Account info: email address, display name, optional profile photo.
- Training data: workouts, sets, reps, weight, RPE, supersets, templates, exercise notes.
- Body data: weight entries, goals, height, age, sex (used to personalize recommendations).
- Nutrition data (Pro): meal entries, including what you typed, said, or photographed, plus the macros we returned.
- Social activity: who you follow, likes, comments, workout cards you choose to share.
We collect automatically
- Device info: device model, OS version, app version, language, time zone.
- Usage analytics: app events (anonymized where possible) to fix bugs and improve features.
- Crash logs: stack traces when the app crashes.
From third parties (only if you opt in)
- Apple Health / Google Fit: weight readings, if you enable sync.
- Apple or Google sign-in: email and public profile, if you choose that login method.
3. Why we collect it
- Run the app: log workouts, track weight, render charts, sync across devices, deliver notifications.
- Personalize: progression recommendations, deload detection, nutrition framing based on your goal.
- Subscriptions: process Pro purchases through Apple or Google billing via RevenueCat.
- Support: respond when you write us, troubleshoot crashes.
- Safety & compliance: prevent abuse, meet legal obligations.
We do not sell your personal information. We do not run third-party advertising in Sando.
4. AI-powered features
Sando uses third-party AI services to power specific features. When you use these features, limited content is sent to the provider listed below. We never send your name, email address, account credentials, or health profile data.
| Provider | Operated by | What we send | Why |
|---|---|---|---|
| Google Gemini | Google LLC | Food entry text, food photos, and metadata | To sort and structure your food log, and to recognize food in photos |
| Perplexity | Perplexity AI, Inc. | Food descriptions you submit (e.g. "two eggs and toast") | To return nutrition estimates |
| Groq (Whisper) | Groq, Inc. | Voice recordings during voice logging | To transcribe speech to text |
Each provider acts as a data processor on Sando's behalf under their respective enterprise data processing terms. They do not use the data we send to train their AI models, and they do not sell or share it with other parties. Sando determines the purpose and means of processing and retains full control over your data.
You must give explicit in-app consent before any data is sent to these AI providers. You can revoke this consent at any time in Settings → Nutrition → AI features. If revoked, AI-powered features are disabled until you re-enable them.
5. Third parties we share with
We use the following processors. Each has a contractual obligation to handle your data only for the purpose we hired them for:
- Supabase: database, authentication, file storage.
- RevenueCat: subscription state across Apple and Google billing.
- Firebase Cloud Messaging (Google): push notifications.
- AI processors: Google Gemini, Perplexity, and Groq (Whisper). See Section 4 for what we send to each and why.
- Sentry: crash and error reporting.
- Mixpanel: product analytics (anonymized where possible).
- Apple, Google: billing, sign-in, distribution platforms.
We may also share information if required by law, to protect rights and safety, or in connection with a business transfer (e.g. acquisition), in which case we'll notify you.
6. Cookies & website analytics
This website (getsando.com) uses cookies and similar technologies for two purposes: product analytics (Mixpanel and Google Analytics 4) and advertising measurement (the Meta Pixel, including its server-side Conversions API).
These technologies load only after you accept them in the consent banner shown on your first visit. If you decline, none of these cookies or trackers are set and no analytics or advertising data is collected. You can change your choice at any time by reopening the cookie banner.
Each provider processes the data it receives under its own privacy policy: Mixpanel, Google Analytics, and Meta. This section concerns the marketing website only; analytics inside the Sando app are covered in Section 2.
7. Your privacy in the social feed
Sando's social feed uses a two-layer privacy model. Both layers apply together, and the stricter one always wins.
Layer 1 - Account-level privacy (Instagram-style)
- Your profile is either public (anyone can follow without approval) or private (people must request to follow you and you approve them).
- The home feed is friends-only: it only shows posts from accounts you follow. There is no public discover feed.
- Changing your profile from public to private removes existing followers' access. You'll need to approve them again.
Layer 2 - Per-workout privacy
On top of your account-level setting, every individual workout has its own privacy setting: public, friends, or private.
- Public workouts can appear in friends' home feeds (subject to your account privacy).
- Friends workouts are visible only to people who follow you.
- Private workouts are never visible to anyone, even people who follow you. They live only in your own history.
You choose what to share. Workouts, weight milestones, and PRs are never posted automatically.
8. Your rights
Under Law 25, PIPEDA, and (if applicable) GDPR, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and your data (see Section 9).
- Portability: receive your data in a structured, machine-readable format.
- Withdraw consent for any optional processing (e.g. Apple Health sync, analytics).
- Lodge a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada.
To exercise any of these rights, email privacy@getsando.com. We respond within 30 days.
9. Retention & deletion
We keep your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are legally required to keep specific records (e.g. tax records for purchases).
You can delete your account from Settings → Account → Delete account in the app, or by emailing us.
10. Security
Data is encrypted in transit (TLS) and at rest on our infrastructure. Passwords are hashed; we never see your plain-text password. Access to production systems is restricted to a small number of engineers and is audit-logged.
No system is perfectly secure. If we ever experience a privacy incident that creates a risk of serious harm to you, we will notify you and the CAI as required by Law 25.
11. Children
Sando is not directed at children under 13 (or under 14 in Québec under Law 25's stricter consent threshold). We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will delete it.
12. International transfers
Several of our processors (Supabase, Google, Apple, Perplexity, Mixpanel, Sentry, RevenueCat) operate infrastructure outside Québec, including in the United States and the European Union. By using Sando, you understand your data may be processed in those jurisdictions under contractual safeguards that meet the requirements of Law 25.
13. Changes to this policy
We may update this Privacy Policy from time to time. We'll change the "Last updated" date at the top, and for material changes we'll notify you in-app before they take effect.
14. Contact us
Privacy Officer
Bamboo Digital inc.
Québec, Canada
Email: privacy@getsando.com
Web: getsando.com/contact