Privacy Policy

How getbased handles your data.

Effective 22 April 2026

1. Who runs getbased

getbased is a free, open-source project developed and maintained by an individual (referred to as "the maintainer"). There is no company, no employees, and no sales team. The source code is licensed under the GNU General Public License v3.

For the purposes of the EU General Data Protection Regulation (GDPR), the maintainer is the Data Controller for the hosted website at getbased.health. When you self-host getbased, you are the controller of your own deployment.

2. What we don't collect

Before listing what might transit, here's what we never do:

• No user account, no login, no email required to use getbased
• No tracking cookies, no advertising pixels, no third-party trackers
• No analytics by default (an opt-in privacy-preserving toggle exists in Settings)
• No cross-site or cross-device fingerprinting
• No sale, licensing, or sharing of your data with anyone, ever
• No server-side storage of your health information, lab results, DNA data, chat history, wearable rows, or profile metadata

3. What stays on your device

Virtually everything you put into getbased is stored locally in your browser:

• Profile data (sex, date of birth, location, context cards) — browser localStorage
• Lab results imported from PDFs or entered manually — browser localStorage
• DNA match data — only the matched SNPs from the curated list (not your full genome); browser localStorage
• Wearable daily data (sleep, HRV, resting HR, readiness when connected) — browser IndexedDB, per-profile, never syncs
• Chat history — browser localStorage, organised into threads
• Backups — browser IndexedDB (5 most recent) and optionally a folder you choose on your own disk (up to 30 daily snapshots)
• API keys / authorization tokens for any service you configure — encrypted at rest with AES-256-GCM when you enable the passphrase option

None of these are sent to getbased's website. If you clear your browser storage, uninstall the app, or use the "Clear all data" action in Settings → Data, the data is gone from your device.

4. Third-party services you choose

getbased calls third-party services only when you configure them. Each has its own privacy policy that governs data handling on their side.

4.1 AI providers (all optional)

If you enable AI features, your prompts and any data you include in context are sent to the AI provider you chose. Available providers and their policies:

• PPQ — ppq.ai/privacy
• Routstr — routstr.com (decentralised, no account)
• OpenRouter — openrouter.ai/privacy
• Venice — venice.ai/privacy (end-to-end encrypted between your browser and the Venice enclave)
• Local AI (Ollama, LM Studio, Jan) — runs entirely on your machine; nothing leaves your network
• Custom API — any OpenAI-compatible endpoint you provide; their policy applies

Before calling a cloud AI provider, getbased offers PII obfuscation: email addresses, phone numbers, street addresses, and names detected in imported PDFs are replaced with placeholders. You can enable a local-AI-based obfuscation layer on top of the regex for stronger redaction.

4.2 /api/proxy (the Vercel Edge Function)

The hosted getbased.health deploys a small proxy function on Vercel so the browser can reach AI providers without CORS errors. The proxy:

• Passes your request through to the allowed provider URL and returns the response
• Does not log request bodies or headers, and does not persist any data
• Has no database attached
• Blocks requests to private / loopback / cloud-metadata IP ranges to prevent abuse

If you self-host, you bypass this entirely.

4.3 Cross-device sync (optional)

Opt-in sync uses Evolu, a CRDT protocol with end-to-end encryption. Your BIP-39 mnemonic derives the encryption key; a relay server relays ciphertext between your devices but cannot read the contents. You can choose the relay (getbased's default, or one you host).

4.4 Wearable integrations (optional)

When you connect a wearable (e.g. Oura), getbased:

• Performs a standard OAuth2 authorisation flow with the vendor; you grant permission directly to the vendor
• Stores the resulting access/refresh tokens in your browser (encrypted when the passphrase option is enabled)
• Fetches daily ring/device metrics via the vendor's public API, through /api/proxy
• Stores raw daily rows only in your browser's IndexedDB, never on any server
• Derives a compact rolling summary (baselines, trend, recent anomalies) that may sync via the E2E-encrypted relay to your other devices, if you have cross-device sync enabled

Disconnecting a wearable wipes its local rows immediately. The vendor retains the data they already have on their side per their own policy; getbased cannot delete it there. To revoke getbased's access, disconnect inside the app and revoke the app on the vendor's site.

4.5 Knowledge Base (Interpretive Lens)

Documents you add to the on-device Knowledge Base are indexed and embedded locally in your browser using the Origin Private File System (OPFS). Nothing is uploaded. If you use the external-server lens option, the server you point at is under your control and its privacy model is yours.

4.6 Fonts and CDNs

getbased loads the Inter, Outfit, and JetBrains Mono fonts from Google Fonts. Google may log the IP address that fetches them. Chart.js, pdf.js, transformers.js (Knowledge Base embedder), and a small number of other libraries load from jsdelivr.net on first use and are cached by your browser.

5. Your rights

Under GDPR and most privacy frameworks, you have the rights to access, correct, delete, export, and restrict processing of your personal data. Because getbased stores your data on your own device, you can exercise all of these rights directly, without contacting us:

• Access — the data is visible in the app; you can also export a JSON dump via Settings → Data → Export
• Correct — edit any value inline
• Delete — delete individual records, individual profiles, or all data (Settings → Data → Clear all data)
• Export / portability — Settings → Data → Export produces a portable JSON file
• Restrict processing — disable the AI context toggle, disconnect any wearable, turn off sync

For personal data the maintainer controls (for example, if you email a support request), you can write to privacy@getbased.health.

6. Children

getbased is not designed for children under 15. This matches the minimum age for consent to information-society services under Czech law (the governing law of the Terms). If you live in an EU Member State with a higher minimum age (16 in several countries under GDPR Article 8), that higher age applies to you. Please do not enter a child's medical data without appropriate guardianship and consent.

7. Security

Measures we apply:

• TLS for all network transit (getbased.health and every third-party service)
• AES-256-GCM passphrase-based encryption for sensitive fields at rest, when you enable it
• End-to-end encryption on cross-device sync
• Strict same-origin handling on the dev server
• Regular security audits of the codebase (see the CHANGELOG for history)

No system is unbreakable. If you discover a vulnerability, please report it via a private GitHub security advisory at github.com/elkimek/get-based/security.

8. International data transfers

If you use the hosted getbased.health, the Vercel Edge Function runs on regional edge nodes operated by Vercel, Inc. Your request may be handled by whichever edge node is closest to you; responses do not persist. Third-party services you choose (AI providers, wearable vendors) may transfer data to their own infrastructure per their policies.

9. Changes to this policy

If we update this policy, we'll change the Effective date above and mention it in the app's changelog. Material changes will also be announced on the app's first launch after the update.

10. Contact

Privacy questions: privacy@getbased.health

Source code, issues, general discussion: github.com/elkimek/get-based