Sauce for Zwift


What is Zwift’s relationship with the Sauce developer? How does Zwift share my personal data with Sauce? What protections are in place to ensure that my personal data is protected?

Many thanks in advance.

Hi. AFAIK after Zwift implemented encryption, Sauce requires a second Zwift login, it acts as a rider watching you. Before encryption, the data was obtained by sniffing the UDP traffic.

1 Like

Add it alongside the open API they turn a blind eye to non-authorised users accessing.

HR, Weight, height all fall under biometric data.

Whilst I’m happy for zwift to have it to support usage… I’d personally rather choose which 3rd parties have access beyond that… plus if you delete your zwift account you would like to confirm that the data is deleted from everywhere, I don’t believe that is currently possible.

1 Like

Where in Zwift’s terms and conditions with Sauce do sauce provide protection to Zwift users to prevent unauthorised access to my data?

I think Sauce can only see what anyone else riding Zwift can see. So no height; and weight only if they do some mental arithmetic based on your W/kg and power if someone spectates you. In that sense it’s no different from someone streaming Zwift or putting footage in a YouTube video. Maybe less of an intrusion, as at least people using Sauce are on Zwift, while people watching a stream or video might know nothing about it.

1 Like

Way back when we rode outside, we were also exposed to the “risk” of someone else seeing us ( even with HR and power not showing on a screen ) :wink::grin:


I can pair my cycling computer to your heart rate and power if I want though! Just need to stay close enough :slight_smile:

Oh yes… I actually had some thoughts if something like that is going on in the team cars at the big tours ( once you nailed the ID of a unit the same rider probably uses that one ever day )


On the outdoor front, there is a device called a NPE Wasp that will collate multiple Ant+ streams at the same time, which is what some teams use…

Though back to this thread, Data usage & protection by a software company is something different and as its now a legal requirement due to GDPR probably should have some consideration given to it.


That’s exactly it. An unofficial third party is pro easing my data without my permission and I’d like to know more about how they use it and store it.

That’s anonymised. Okay with that!

Can you explicitly say that Sauce does not process the data on its servers or store it on its servers in any way?

No, but I don’t much care either. The data it can access is data anyone using Zwift can see.

It’d be easy enough to watch the data and see if Sauce does transmit anything outside of the computer it’s running on, and what that data is. I don’t think it would need to in order to do what it does.

TBH I never read Zwift’s terms and conditions. I suppose Sauce is an “unauthorized app” (if something like that is mentioned), it simulates an official Zwift client.

I believe Sauce only displays the data locally, it doesn’t upload to its servers (if those exist), but it surely could to it.

1 Like

I think Sauce is all local - There is a question over what it does with the data stream and if it writes it anywhere, but its the same information that zwift uses.

Access to the API on the other hand and what those users do with the data they scrape/mine who knows.

1 Like

I do. It’s not about people seeing it, it’s about what is processed and what is stored.

I’m interested to know what data you think they have access to, and how they might make ill use of it.

I’m not all about open access to all data; I refuse tracking and marketing cookies and use ad blockers like anyone else, but I don’t really see what Sauce might do that would have a detrimental impact on me.

I suppose they could store comments I make, but other than that I can’t think of anything.

One possible example for the US: your health care insurance policy provider knows that your cardiologist advised you to limit your heart rate because you had to disclose that to get the policy. They obtain your heart rate data from an easily accessible source and cancel your policy. Perhaps unlikely, but here we are in a crappy world.


That’s the point. I want to know. The fact we’re have this discussion about assumptions proves the point. We don’t know and we should. We should also be able to opt out of a third party having access to our data should we chose.

1 Like

You can’t opt out of me seeing your data by viewing you and recording whatever I see. There is no ‘prevent people from watching me’ option in Zwift. Maybe you could request that as a feature, but I’m pretty sure that is not necessary as a GDPR requirement, and you opt in to it via the terms and conditions. There is a total opt-out… cancelling your subscription.