Privacy Policy

How getbased handles your data.

Effective 22 June 2026

In one sentence: getbased is a local-first application. Your health data lives in your browser on your own devices by default. No account, no central plaintext health database. Data leaves your device only when you use a network feature — AI providers, wearables, sync, encrypted profile sharing, support/security contact, or hosted-site/app telemetry described below.

1. Who runs getbased

getbased is a free, open-source project developed and maintained by an individual (referred to as "the maintainer"). There is no company, no employees, and no sales team. The source code is licensed under the GNU Affero General Public License v3 (AGPL-3.0).

For the purposes of the EU General Data Protection Regulation (GDPR), the maintainer is the Data Controller for the hosted website at getbased.health. When you self-host getbased, you are the controller of your own deployment.

2. What we don't collect

Before listing what might transit, here's what we never do:

3. What stays on your device

Virtually everything you put into getbased is stored locally in your browser:

Health, genetic, biometric-adjacent, and wearable data may qualify as special category personal data under GDPR Article 9. getbased's default design keeps this data on your device; cloud processing only happens when you intentionally enable or use a feature that sends data to a third-party provider, sync relay, encrypted sharing endpoint, or support/security contact.

None of these are sent to getbased's website by default. If you clear your browser storage, uninstall the app, or use the "Clear all data" action in Settings → Data, the data is gone from your device.

4. Third-party services you choose

getbased calls third-party services only when you configure or use the relevant feature. Each has its own privacy policy that governs data handling on its side. Where a provider acts as an infrastructure processor, getbased relies on that provider's data-processing terms and security measures; where you choose an external AI, wearable, relay, or custom endpoint, that provider may act as an independent controller or processor under its own terms.

4.1 AI providers (all optional)

If you enable AI features, your prompts and any data you include in context are sent to the AI provider you chose. This may include health or genetic data if you add it to the AI context. Available providers and their policies:

Before calling a cloud AI provider, getbased offers PII obfuscation: email addresses, phone numbers, street addresses, and names detected in imported PDFs are replaced with placeholders. You can enable a local-AI-based obfuscation layer on top of the regex for stronger redaction.

4.2 /api/proxy (the Vercel Edge Function)

The hosted getbased.health deploys a small proxy function on Vercel so the browser can reach AI providers, wearable APIs, token endpoints, and the optional sun/UV relay without CORS errors or exposing hosted OAuth client secrets. The proxy:

Network operators such as Vercel may process limited operational metadata (for example timestamps, request routing metadata, status codes, and IP addresses) for security, debugging, abuse prevention, and infrastructure operation. getbased is designed so request payloads are held only in memory for the time needed to forward the request and return the response.

All hosted proxy traffic uses HTTPS/TLS in transit. If you self-host, you bypass getbased's hosted proxy entirely and control your own server-side logging and infrastructure.

4.3 Cross-device sync (optional)

Opt-in sync uses Evolu, a CRDT protocol with end-to-end encryption. Your BIP-39 mnemonic derives the encryption key; a relay server relays ciphertext between your devices but cannot read the contents. You can choose the relay (getbased's default, or one you host).

4.4 Wearable integrations (optional)

When you connect a wearable (e.g. Oura), getbased:

Disconnecting a wearable wipes its local rows immediately. The vendor retains the data they already have on their side per their own policy; getbased cannot delete it there. To revoke getbased's access, disconnect inside the app and revoke the app on the vendor's site.

4.5 Encrypted profile sharing (optional)

If you create a password-protected profile share link, your browser exports the selected profile and encrypts it before upload using AES-GCM with a password-derived key. getbased's /api/share endpoint stores only the encrypted ciphertext envelope in private Vercel Blob storage. The password is not sent to getbased, and the maintainer cannot decrypt the shared profile.

Share links expire automatically, with a maximum lifetime of 30 days. You can also stop sharing from the device that created the link. Anyone with both the link and the password can decrypt and import the shared profile, so keep them separate.

4.6 Knowledge Base (Interpretive Lens)

Documents you add to the on-device Knowledge Base are indexed and embedded locally in your browser using the Origin Private File System (OPFS). Nothing is uploaded. If you use the external-server lens option, the server you point at is under your control and its privacy model is yours.

4.7 Fonts and CDNs

The public website loads Inter, Outfit, and JetBrains Mono from Google Fonts. Google may receive the IP address that fetches them. The app bundles core fonts locally, while some optional libraries such as transformers.js may load from jsdelivr.net on first use and are cached by your browser.

5. Legal basis for processing

6. Recipients and processors

Depending on what you use, the following providers may receive limited data:

7. Your rights

Under GDPR and most privacy frameworks, you have the rights to access, correct, delete, export, restrict processing, object, withdraw consent, and complain to a supervisory authority. Because getbased stores most data on your own device, you can exercise many of these rights directly, without contacting us:

For personal data the maintainer controls (for example, if you email a support request, submit a vulnerability report, or contact through GitHub), you can write to privacy@getbased.health.

8. Children

getbased is not designed for children under 15. This matches the minimum age for consent to information-society services under Czech law (the governing law of the Terms). If you live in an EU Member State with a higher minimum age (16 in several countries under GDPR Article 8), that higher age applies to you. Please do not enter a child's medical data without appropriate guardianship and consent.

9. Security

Measures we apply:

No system is unbreakable. If you discover a vulnerability, please report it via a private GitHub security advisory at github.com/elkimek/get-based/security.

10. International data transfers

If you use the hosted getbased.health, Vercel infrastructure may process operational metadata, proxy requests, and encrypted profile-share ciphertext in regions outside your country. Google Fonts, jsDelivr, Umami, AI providers, wearable vendors, Evolu relays, and custom endpoints may also process request metadata or user-selected payloads outside the EU/EEA depending on their infrastructure and policies.

Do not enable a provider, relay, custom endpoint, or share link unless you are comfortable with that provider's jurisdiction, transfer safeguards, and privacy terms. Self-hosting lets you replace getbased's hosted infrastructure with your own.

11. Changes to this policy

If we update this policy, we'll change the Effective date above and mention it in the app's changelog. Material changes, or changes to the app's built-in privacy version, will also be shown on the app's first launch after the update and the app will ask you to accept the current Terms and Privacy Policy before continuing.

12. Contact

Privacy questions: privacy@getbased.health

Source code, issues, general discussion: github.com/elkimek/get-based