Privacy Policy
How getbased handles your data.
Effective 22 June 2026
1. Who runs getbased
getbased is a free, open-source project developed and maintained by an individual (referred to as "the maintainer"). There is no company, no employees, and no sales team. The source code is licensed under the GNU Affero General Public License v3 (AGPL-3.0).
For the purposes of the EU General Data Protection Regulation (GDPR), the maintainer is the Data Controller for the hosted website at getbased.health. When you self-host getbased, you are the controller of your own deployment.
2. What we don't collect
Before listing what might transit, here's what we never do:
- No user account, no login, no email required to use getbased
- No tracking cookies, no advertising pixels, no behavioural ad targeting
- No cross-site or cross-device fingerprinting
- No sale, licensing, or commercial sharing of your health data
- No server-side storage of plaintext health information, lab results, DNA data, chat history, wearable rows, or profile metadata. Optional sync and sharing features may store end-to-end encrypted or password-encrypted ciphertext that getbased cannot read.
- Anonymous, cookieless usage analytics may run on the hosted website/app. They are limited to product usage counts and do not include health data, lab values, DNA data, chat contents, uploaded files, API keys, wearable tokens, or precise profile data. The app shows a first-launch notice and lets you turn analytics off in Settings → Privacy.
3. What stays on your device
Virtually everything you put into getbased is stored locally in your browser:
- Profile data (sex, date of birth, location, context cards) — browser
localStorage - Lab results imported from PDFs or entered manually — browser
localStorage - DNA match data — only the matched SNPs from the curated list (not your full genome); browser
localStorage - Wearable daily data (sleep, HRV, resting HR, readiness when connected) — browser
IndexedDB, per-profile, never syncs - Chat history — browser
localStorage, organised into threads - Backups — browser
IndexedDB(5 most recent) and optionally a folder you choose on your own disk (up to 30 daily snapshots) - API keys / authorization tokens for any service you configure — encrypted at rest with AES-256-GCM when you enable the passphrase option
Health, genetic, biometric-adjacent, and wearable data may qualify as special category personal data under GDPR Article 9. getbased's default design keeps this data on your device; cloud processing only happens when you intentionally enable or use a feature that sends data to a third-party provider, sync relay, encrypted sharing endpoint, or support/security contact.
None of these are sent to getbased's website by default. If you clear your browser storage, uninstall the app, or use the "Clear all data" action in Settings → Data, the data is gone from your device.
4. Third-party services you choose
getbased calls third-party services only when you configure or use the relevant feature. Each has its own privacy policy that governs data handling on its side. Where a provider acts as an infrastructure processor, getbased relies on that provider's data-processing terms and security measures; where you choose an external AI, wearable, relay, or custom endpoint, that provider may act as an independent controller or processor under its own terms.
4.1 AI providers (all optional)
If you enable AI features, your prompts and any data you include in context are sent to the AI provider you chose. This may include health or genetic data if you add it to the AI context. Available providers and their policies:
- PPQ — ppq.ai/privacy
- Routstr — routstr.com (decentralised, no account)
- OpenRouter — openrouter.ai/privacy
- Venice — venice.ai/privacy (end-to-end encrypted between your browser and the Venice enclave)
- Local AI (Ollama, LM Studio, Jan) — runs entirely on your machine; nothing leaves your network
- Custom API — any OpenAI-compatible endpoint you provide; their policy applies
Before calling a cloud AI provider, getbased offers PII obfuscation: email addresses, phone numbers, street addresses, and names detected in imported PDFs are replaced with placeholders. You can enable a local-AI-based obfuscation layer on top of the regex for stronger redaction.
4.2 /api/proxy (the Vercel Edge Function)
The hosted getbased.health deploys a small proxy function on Vercel so the browser can reach AI providers, wearable APIs, token endpoints, and the optional sun/UV relay without CORS errors or exposing hosted OAuth client secrets. The proxy:
- Passes your request through to the allowed provider URL and returns the response
- Does not log request bodies or headers, and does not persist any data
- Does not intentionally store prompts, lab values, genetic data, wearable rows, uploaded files, AI responses, OAuth codes, access/refresh tokens, or authorization payloads
- Has no database attached
- Blocks requests to private / loopback / cloud-metadata IP ranges to prevent abuse
Network operators such as Vercel may process limited operational metadata (for example timestamps, request routing metadata, status codes, and IP addresses) for security, debugging, abuse prevention, and infrastructure operation. getbased is designed so request payloads are held only in memory for the time needed to forward the request and return the response.
All hosted proxy traffic uses HTTPS/TLS in transit. If you self-host, you bypass getbased's hosted proxy entirely and control your own server-side logging and infrastructure.
4.3 Cross-device sync (optional)
Opt-in sync uses Evolu, a CRDT protocol with end-to-end encryption. Your BIP-39 mnemonic derives the encryption key; a relay server relays ciphertext between your devices but cannot read the contents. You can choose the relay (getbased's default, or one you host).
4.4 Wearable integrations (optional)
When you connect a wearable (e.g. Oura), getbased:
- Performs a standard OAuth2 authorisation flow with the vendor; you grant permission directly to the vendor
- Stores the resulting access/refresh tokens in your browser (encrypted when the passphrase option is enabled)
- Fetches daily ring/device metrics via the vendor's public API, through
/api/proxy - Stores raw daily rows only in your browser's
IndexedDB, never on any server - Derives a compact rolling summary (baselines, trend, recent anomalies) that may sync via the E2E-encrypted relay to your other devices, if you have cross-device sync enabled
Disconnecting a wearable wipes its local rows immediately. The vendor retains the data they already have on their side per their own policy; getbased cannot delete it there. To revoke getbased's access, disconnect inside the app and revoke the app on the vendor's site.
4.5 Encrypted profile sharing (optional)
If you create a password-protected profile share link, your browser exports the selected profile and encrypts it before upload using AES-GCM with a password-derived key. getbased's /api/share endpoint stores only the encrypted ciphertext envelope in private Vercel Blob storage. The password is not sent to getbased, and the maintainer cannot decrypt the shared profile.
Share links expire automatically, with a maximum lifetime of 30 days. You can also stop sharing from the device that created the link. Anyone with both the link and the password can decrypt and import the shared profile, so keep them separate.
4.6 Knowledge Base (Interpretive Lens)
Documents you add to the on-device Knowledge Base are indexed and embedded locally in your browser using the Origin Private File System (OPFS). Nothing is uploaded. If you use the external-server lens option, the server you point at is under your control and its privacy model is yours.
4.7 Fonts and CDNs
The public website loads Inter, Outfit, and JetBrains Mono from Google Fonts. Google may receive the IP address that fetches them. The app bundles core fonts locally, while some optional libraries such as transformers.js may load from jsdelivr.net on first use and are cached by your browser.
5. Legal basis for processing
- Hosted website, proxy security, abuse prevention, infrastructure logs, and operational metadata: legitimate interests in operating, securing, debugging, and preventing abuse of the service.
- Optional AI, wearable, sync, encrypted sharing, custom endpoint, and external Lens features: your explicit action/request to use that feature. Where health, genetic, or similar special category data is involved, getbased relies on your explicit consent or another Article 9 condition available for your own use of the feature.
- Support emails, GitHub issues, and vulnerability reports: responding to your request and maintaining service security.
- Anonymous cookieless analytics on the hosted website/app: legitimate interests in understanding basic product usage and improving the service, subject to your opt-out controls and applicable local ePrivacy rules.
6. Recipients and processors
Depending on what you use, the following providers may receive limited data:
- Vercel — hosting, Edge Functions, operational metadata, transient proxy handling, and private Blob storage for encrypted profile-share ciphertext.
- Umami — anonymous, cookieless usage analytics for hosted surfaces.
- Evolu sync relay — end-to-end encrypted sync ciphertext and relay metadata when you enable sync.
- AI providers — prompts and selected context you send to the provider you configure.
- Wearable vendors — OAuth authorization, tokens, and wearable API requests for vendors you connect.
- Google Fonts and jsDelivr — font/library fetch metadata such as IP address and browser request metadata on pages or features that load them.
7. Your rights
Under GDPR and most privacy frameworks, you have the rights to access, correct, delete, export, restrict processing, object, withdraw consent, and complain to a supervisory authority. Because getbased stores most data on your own device, you can exercise many of these rights directly, without contacting us:
- Access — the data is visible in the app; you can also export a JSON dump via Settings → Data → Export
- Correct — edit any value inline
- Delete — delete individual records, individual profiles, all local data (Settings → Data → Clear all data), stop active profile-share links from the creating device, and disconnect integrations
- Export / portability — Settings → Data → Export produces a portable JSON file
- Restrict processing — disable the AI context toggle, disconnect any wearable, turn off sync, stop sharing, or avoid cloud providers
- Object — object to processing based on legitimate interests, including hosted analytics
- Withdraw consent — disable optional features, revoke wearable access with the vendor, turn off sync/sharing, or remove provider credentials
- Complain — you may lodge a complaint with your local supervisory authority. In Czechia, this is the Úřad pro ochranu osobních údajů (ÚOOÚ), uoou.gov.cz.
For personal data the maintainer controls (for example, if you email a support request, submit a vulnerability report, or contact through GitHub), you can write to privacy@getbased.health.
8. Children
getbased is not designed for children under 15. This matches the minimum age for consent to information-society services under Czech law (the governing law of the Terms). If you live in an EU Member State with a higher minimum age (16 in several countries under GDPR Article 8), that higher age applies to you. Please do not enter a child's medical data without appropriate guardianship and consent.
9. Security
Measures we apply:
- TLS for all network transit (getbased.health and every third-party service)
- AES-256-GCM passphrase-based encryption for sensitive fields at rest, when you enable it
- End-to-end encryption on cross-device sync
- Strict same-origin handling on the dev server
- Regular security audits of the codebase (see the CHANGELOG for history)
No system is unbreakable. If you discover a vulnerability, please report it via a private GitHub security advisory at github.com/elkimek/get-based/security.
10. International data transfers
If you use the hosted getbased.health, Vercel infrastructure may process operational metadata, proxy requests, and encrypted profile-share ciphertext in regions outside your country. Google Fonts, jsDelivr, Umami, AI providers, wearable vendors, Evolu relays, and custom endpoints may also process request metadata or user-selected payloads outside the EU/EEA depending on their infrastructure and policies.
Do not enable a provider, relay, custom endpoint, or share link unless you are comfortable with that provider's jurisdiction, transfer safeguards, and privacy terms. Self-hosting lets you replace getbased's hosted infrastructure with your own.
11. Changes to this policy
If we update this policy, we'll change the Effective date above and mention it in the app's changelog. Material changes, or changes to the app's built-in privacy version, will also be shown on the app's first launch after the update and the app will ask you to accept the current Terms and Privacy Policy before continuing.
12. Contact
Privacy questions: privacy@getbased.health
Source code, issues, general discussion: github.com/elkimek/get-based