Privacy Policy

Effective March 19, 2026

1. Introduction

This Privacy Policy describes how Baseline Health App LLC (“Company,” “we,” “us,” or “our”), a Florida limited liability company, collects, uses, and protects information in connection with the Baseline mobile application (“App”), the Baseline Apple Watch companion app, the Baseline coach dashboard at baselinehealthapp.com/coach, and associated web properties at baselinehealthapp.com (collectively, the “Service”).

Baseline is a health and fitness platform that calculates a daily readiness score from biometric data collected through Apple HealthKit, provides AI-powered coaching insights, and offers a coaching platform where personal trainers can monitor client readiness and manage training programs. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Questions about this policy can be directed to support@baselinehealthapp.com.

2. Information We Collect

HealthKit Data

With your explicit permission, Baseline reads the following data types from Apple HealthKit:

Heart rate variability (HRV / SDNN), resting heart rate, heart rate, sleep analysis (duration, stages, efficiency), step count, active energy burned, basal energy burned, respiratory rate, wrist temperature during sleep (Apple Watch, iOS 16+), body mass, body fat percentage, lean body mass, and workout data (type, duration, energy).

If you enable cycle tracking, Baseline additionally reads: menstrual flow, intermenstrual bleeding (spotting), ovulation test results, basal body temperature, and symptoms including abdominal cramps, bloating, fatigue, headache, and mood changes.

With your permission, Baseline can write the following data to HealthKit: workout records and body mass measurements.

Profile Information

Information you provide directly, including name, biological sex, date of birth, height, weight, fitness goals, and training preferences. This data is stored locally on your device. Your name, age, sex, height, weight, goal weight, and cycle phase (if enabled) may be included in requests to our AI services to personalize coaching responses (see Section 4).

Workout Data

Exercises, sets, reps, weights, and personal records you log within the App. This data is stored locally on your device using Apple's SwiftData framework. Workout history summaries (type, date, duration, exercise count) may be included in AI coaching requests.

Body Composition and Lab Data

Data you enter manually or scan using the in-app camera (InBody scan results, lab report panels). When you use the scan feature, the captured image is transmitted to our OCR processing service for text extraction (see Section 4). Scanned images are not stored on our servers after processing is complete.

Account Information

When you create an account, we collect and store your Apple ID-associated email address (via Sign in with Apple) or your email address and encrypted password (via email registration on the web dashboard), a unique user identifier issued by our authentication service (AWS Cognito), your display name, and your selected role (athlete or coach). Account data is stored in our cloud database (AWS DynamoDB) and our authentication service (AWS Cognito).

Computed Readiness Scores

When you have an account and are signed in, your daily computed scores are synced to our cloud database. These scores include: Baseline score, sleep score, recovery score, stress score, training score, body score, and labs score. These are integer values computed entirely on your device from HealthKit data. They are not raw HealthKit samples. Raw HealthKit data (individual heart rate readings, minute-by-minute sleep records, step counts, temperature readings) is never transmitted to our servers.

Computed readiness scores, while derived from HealthKit data rather than constituting raw HealthKit samples, contain health-related information about your physical state. We treat these scores with the same care as other health data. They are encrypted in transit and at rest, access-controlled, and subject to the same data rights described in Section 10.

Score syncing begins when you sign in to your account, regardless of whether you are connected to a trainer. These scores are accessible only to you and any trainer you subsequently connect with.

Trainer-Client Relationship Data

When a client connects to a trainer using a trainer code, we store the relationship record including trainer identifier, client identifier, connection date, and connection status. Trainer codes are randomly generated 6-character alphanumeric strings. Before connecting to a trainer, you are shown exactly which data will be shared. Connecting to a trainer constitutes your explicit consent to share this data.

Messages

Messages exchanged between trainers and clients within the platform are stored in our cloud database. Each message includes sender identifier, recipient identifier, content text, and timestamp.

Program Data

Training programs created by trainers and assigned to clients are stored in our cloud database. Programs include program name, structure, weekly sessions, and assignment metadata.

Audit Log Data

Connection and disconnection events between trainers and clients are logged with timestamps for security and accountability purposes. Audit logs do not contain health data, message content, or program details.

Device Identifier

When the App communicates with our servers, a device identifier (Apple's Identifier for Vendor) is sent as a request header. This identifier is used solely for rate limiting to prevent abuse of the AI service. It is not linked to your Apple ID, cannot be used to identify you personally, and is not shared with third parties. This identifier resets if you uninstall and reinstall the App.

Web Dashboard

The Baseline web dashboard (baselinehealthapp.com/coach) is accessible to trainer accounts for managing clients. The web dashboard stores authentication tokens in browser memory (not cookies or local storage) and does not use analytics tracking, advertising scripts, or third-party cookies.

Usage Data

Baseline does not currently collect usage analytics, session duration, crash reports, or behavioral tracking data. If this changes in the future, this policy will be updated prior to any such collection.

3. How We Use Your Data

We use the information we collect to:

• Calculate your Baseline score and domain scores (sleep, recovery, stress, training, body, labs), computed entirely on your device.
• Generate AI coaching insights when you request them, by sending health metrics and profile information to our AI services. See Section 4 for exactly what data is transmitted.
• Generate workout suggestions when you request them, by sending profile information, readiness scores, and training history to our workout suggestion service. See Section 4.
• Process scanned documents when you scan a lab report or InBody result, by transmitting the captured image to our OCR service, processing it, and discarding the image from our servers.
• Refresh your cached readiness score in the background (with iOS background app refresh enabled), by periodically reading HealthKit data. No data is transmitted to our servers during background refresh.
• Provide account authentication and maintain your session across devices.
• Sync computed readiness scores to the cloud so your data is available across devices and, if you connect to a trainer, so your trainer can view your daily readiness state.
• Deliver messages between trainers and clients.
• Store and deliver training programs assigned by trainers to clients.

We do not use your data for advertising, marketing profiling, or any purpose unrelated to providing the Service.

4. Data Transmitted to Servers

Baseline communicates with servers for the following categories of operations:

AI Processing (Transient)

When you request AI coaching insights, workout suggestions, or document scanning, data is transmitted to our servers and processed in memory. This data is not stored after the response is generated. See below for exactly what is transmitted for each feature.

AI Coaching Insights: aggregated health metrics (average HRV, resting heart rate, sleep duration and stages, step count, active calories, recovery score, stress score, Baseline score), profile information (first name, biological sex, age, cycle phase if enabled, fitness goals, experience level), training context (recent workout types, dates, volume, personal records, weekly session counts), and behavioral patterns (derived summaries computed on-device). Our server forwards this context to Anthropic's Claude API, which generates a coaching response. By using AI coaching features, you explicitly consent to your data being transmitted to Anthropic's Claude AI for processing. Anthropic processes this data under contractual terms that prohibit retention or use for model training.

Workout Suggestions: name, biological sex, age, height, current weight, goal weight, cycle phase (if enabled), recovery score, Baseline score, stress score, sleep duration, recent workout history, training streak, and personal records.

Document Scanning (OCR): captured image sent as compressed JPEG, used to extract numerical values, discarded from server memory after processing.

Account and Authentication

When you create an account or sign in, authentication data flows through AWS Cognito (our identity provider) and our authentication Lambda function. Account profile data is stored in DynamoDB.

Score Sync (Persistent)

When you are signed in, your computed scores are transmitted daily to our cloud database. These scores are encrypted in transit and at rest.

Trainer-Client Operations (Persistent)

When you connect to a trainer or a trainer views client data, the platform retrieves score data, relationship data, messages, and program assignments through authenticated API endpoints. Access is controlled by JWT-based authentication, ensuring trainers can only access data for their connected clients.

What Trainers Can See

Trainers can view: your display name, daily Baseline score, recovery score, sleep score, stress score, readiness state (Push/Maintain/Recover), workout type and date (for example, “Upper Body — yesterday”), weekly training volume, program compliance percentage, and messages you exchange with them.

What Trainers Cannot See

Trainers cannot view: specific exercises, sets, reps, or weights within your workouts; your AI coaching conversations; your raw HealthKit data; your body composition details; your lab results; your personal profile information beyond your display name; or data from any other trainer you may be connected to.

What is NOT Sent to Our Servers

Raw HealthKit sample data (individual heart rate readings, minute-by-minute sleep records, step counts, temperature readings), your Apple ID or email address (except during account creation), your physical location or GPS data, your contacts, photos (other than OCR scans you initiate), or other personal data not described in this policy.

You can use Baseline without AI features or an account. Scores, charts, and workout logging all function fully offline without any data leaving your device.

5. Data Storage and Security

Baseline stores data in two locations depending on your account status:

Users Without an Account

All personal data is stored locally on your device using Apple's SwiftData framework and UserDefaults, protected by your device's hardware encryption and passcode. No data is stored on our servers. AI coaching responses are cached on your device and expire after approximately 6 hours or at the end of the calendar day.

Users With an Account

Local data storage remains the same as above. Additionally, the following data is stored in our cloud infrastructure (AWS, us-east-1 region): account profile (DynamoDB), computed readiness scores (DynamoDB, with automatic 60-day expiry), trainer-client relationship records (DynamoDB), messages (DynamoDB), program assignments (DynamoDB), and audit logs (DynamoDB, with automatic 90-day expiry). Authentication credentials are managed by AWS Cognito.

Security Measures

Data transmitted to our servers is encrypted in transit using TLS (Transport Layer Security). Cloud-stored data is encrypted at rest using AES-256 encryption (AWS default encryption). Access to client data is controlled by JWT-based authentication issued by AWS Cognito, ensuring that trainers can only access data for their connected clients through verified API requests. Authentication tokens on iOS are stored in the device Keychain (hardware-encrypted). Authentication tokens on the web dashboard are stored in browser memory only (not cookies, not local storage) and are cleared when the browser tab is closed.

6. Apple HealthKit Data

In compliance with Apple's HealthKit requirements:

• We read HealthKit data only with your explicit permission, solely to calculate your health and fitness scores and provide AI coaching.
• With your permission, we write workout data and body mass measurements back to HealthKit.
• With iOS background app refresh enabled, HealthKit data may be read periodically in the background to update your cached readiness score. No HealthKit data is transmitted to external servers during background refresh.
• When you have an account, computed scores derived from HealthKit data (integer readiness scores, not raw samples) are synced to our cloud database. When you connect to a trainer, these computed scores are additionally shared with your connected trainer for the purpose of providing health and fitness coaching functionality within Baseline. This sharing occurs only with your explicit consent (established when you connect to a trainer), involves only computed scores (not raw HealthKit samples), and is directly related to the App's core health and fitness functionality. You may revoke this sharing at any time by disconnecting from your trainer.
• HealthKit data is never used for advertising purposes.
• HealthKit data is never sold to data brokers, information resellers, or any third party.
• HealthKit data is never disclosed to third parties for purposes unrelated to providing health and fitness functionality within Baseline, except as described in this Section and Section 4 (AI coaching and OCR processing), or as required by law.

7. Third-Party Services

We use the following third-party services as data processors in connection with the Service:

• Amazon Web Services (AWS Lambda) — operates processing endpoints for AI coaching insights, OCR document scanning, AI workout suggestions, authentication, score syncing, trainer-client operations, messaging, and program management. AWS infrastructure is located in the United States (us-east-1 region).
• Amazon Web Services (AWS Cognito) — manages user authentication, account creation, and session token issuance. Cognito stores email addresses and authentication credentials in the United States (us-east-1 region).
• Amazon Web Services (AWS DynamoDB) — stores user profiles, computed readiness scores, trainer-client relationships, messages, training programs, and audit logs. DynamoDB infrastructure is located in the United States (us-east-1 region). Data is encrypted at rest.
• Amazon Web Services (AWS API Gateway) — routes authenticated API requests between the App, the web dashboard, and backend services. API Gateway enforces HTTPS for all communications.
• Anthropic (Claude API) — generates AI coaching responses, processes OCR extractions, and generates workout suggestions from health context forwarded by our Lambda functions. Anthropic processes data under contractual terms that prohibit data retention after response generation and prohibit use of transmitted data for model training. Processing occurs in the United States.
• Apple (HealthKit, App Store, StoreKit, Sign in with Apple) — provides health data access, payment processing, and identity authentication under Apple's own privacy policy and terms.

Our agreements with AWS and Anthropic include data processing terms that require them to process personal data only as instructed by us and to implement appropriate security measures.

We do not use advertising services, analytics SDKs, social media tracking pixels, or any other third-party services that collect user data.

8. International Data Transfers

If you use Baseline from outside the United States, be aware that data is transmitted to and stored on servers located in the United States (AWS us-east-1 region). This includes both transient processing (AI coaching, OCR scanning) and persistent storage (account data, computed scores, messages, programs) for users with accounts. By using features that transmit data to our servers, you consent to this transfer. For transfers of personal data from the European Economic Area to the United States, we rely on your explicit consent and on Standard Contractual Clauses included in our agreements with AWS.

9. Data Retention

• On-device data: retained until you delete it via Settings, or until you uninstall the App.
• AI coaching cache: cached on your device for up to 6 hours, or until the end of the calendar day for daily insights. Automatically cleared upon expiry.
• Server-side AI processing: AI requests and OCR scans are processed in memory and not logged or stored beyond the duration of each API call.
• User profiles: retained as long as the account exists. Permanently deleted from our servers when you delete your account.
• Computed scores: retained for 60 days from the date of sync, then automatically and permanently deleted from our servers (DynamoDB TTL).
• Messages: retained as long as the trainer-client relationship is active. Permanently deleted from our servers within 24 hours of either party disconnecting.
• Programs: retained as long as assigned to a client. Program assignments are permanently deleted from our servers when the trainer removes the assignment or when the client disconnects from the trainer. Program templates remain in the trainer's account.
• Trainer-client relationships: retained while active. Permanently deleted from our servers within 24 hours of either party disconnecting.
• Audit logs: retained for 90 days, then automatically and permanently deleted from our servers.
• AWS CloudWatch logs: retained per AWS default retention policies, containing only request metadata (timestamps, response status codes, error states). These logs do not contain health data content, profile information, message content, or scan images.
• Reinstallation: if you uninstall and reinstall the App, local data is permanently lost. If you have an account, your cloud-stored data (profile, synced scores within the retention period, messages, and programs) remains accessible when you sign back in.

Upon disconnection from a trainer, the trainer's access to your scores is revoked immediately. The trainer-client relationship record and associated message history are permanently deleted from our servers within 24 hours. Your synced scores remain in your account and continue to follow the standard 60-day retention period, accessible to you and any trainer you subsequently connect with.

10. Your Rights

• Delete local data: Settings > Delete All Data removes all SwiftData records, UserDefaults, and cached state from your device.
• Delete your account: You can delete your account and all associated cloud data (profile, synced scores, messages, program assignments, relationship records, and authentication credentials) from within the App via Settings > Account > Delete Account. Account deletion is permanent and cannot be reversed.
• Export data: Settings > Export My Data generates CSV files of your workouts, weight entries, body composition, and lab panels.
• Opt out of AI: you may use Baseline without AI coaching, workout suggestions, or document scanning. All core scoring, charting, and manual workout logging functions without network access.
• Disconnect from trainer: you can disconnect from your trainer at any time via Settings > Connect to Trainer > Disconnect. Upon disconnection, score sharing stops immediately, and shared data is permanently deleted from the trainer's access within 24 hours.
• Revoke HealthKit access: iOS Settings > Privacy and Security > Health > Baseline.
• Disable background refresh: iOS Settings > General > Background App Refresh > Baseline.

Rights Under the General Data Protection Regulation (GDPR) — EU/EEA Users

If you are located in the European Union or European Economic Area, you have the following rights under the GDPR:

• Right of access: you may request confirmation of whether we process your personal data and obtain a copy.
• Right to rectification: you may correct inaccurate personal data directly within the App or by contacting us.
• Right to erasure: you may delete local data using Settings > Delete All Data and delete your cloud account using Settings > Account > Delete Account. For complete erasure of all server-side data, use the account deletion feature.
• Right to data portability: you may export your local data using Settings > Export My Data. Cloud-stored data (scores, messages) can be requested by contacting us.
• Right to object: you may opt out of AI processing by not using the coaching, workout suggestion, or scanning features. You may opt out of score sharing by disconnecting from your trainer.
• Right to restrict processing: you may revoke HealthKit permissions to restrict data access. You may disconnect from trainers to restrict score sharing.

Our legal basis for AI processing is your explicit consent, provided each time you initiate an AI coaching request, workout suggestion, or document scan. Our legal basis for score syncing is your consent provided when you create an account and sign in. Our legal basis for trainer data sharing is your consent provided when you connect to a trainer. You may withdraw any of these consents at any time by ceasing to use the relevant features, signing out, or disconnecting from your trainer.

For any concerns, contact support@baselinehealthapp.com.

Rights Under the California Consumer Privacy Act (CCPA/CPRA) — California Residents

If you are a California resident, you have the following rights:

• Right to know: you may request disclosure of the categories and specific pieces of personal information we have collected. This policy serves as that disclosure. Categories collected include: identifiers (user ID, email), health-related information (computed readiness scores), user-generated content (messages), and professional information (trainer-client relationships and program data).
• Right to delete: you may delete local data using Settings > Delete All Data and cloud data using Settings > Account > Delete Account.
• Right to opt out of sale: we do not sell, and have never sold, personal information to third parties. No opt-out mechanism is required because no sale occurs.
• Right to limit use of sensitive personal information: computed health scores shared with trainers constitute sensitive personal information under the CPRA. You may limit the use of this sensitive personal information by disconnecting from your trainer, which stops score sharing and triggers permanent deletion of shared data.
• Right to non-discrimination: we will not discriminate against you for exercising any of your rights.

To submit a verifiable consumer request, contact support@baselinehealthapp.com.

11. Law Enforcement and Legal Disclosure

We may disclose stored data, including account information, computed scores, and messages, if required to do so by law, or in response to a valid legal process such as a subpoena, court order, or search warrant. We will endeavor to notify affected users of such requests where legally permitted.

12. Data Breach Notification

Account holders have data stored in our cloud infrastructure. In the event that a security incident affects our server infrastructure in a way that could compromise user data, we will notify affected users by posting a notice on baselinehealthapp.com and, where feasible and required by applicable law, by direct notification within a timeframe consistent with legal requirements (72 hours under GDPR, as promptly as practicable under applicable U.S. state laws).

Users without accounts have all personal data stored locally on their device. A breach of our server infrastructure would not affect their personal data.

13. Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the successor entity. We will notify you via the App or our website prior to your data being transferred and becoming subject to a different privacy policy. You will have the opportunity to delete your account before such transfer takes effect.

14. Children's Privacy

Baseline is not directed at children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children under these ages. Coach accounts require the account holder to be at least 18 years of age. If you believe a child has provided us with personal data, please contact us at support@baselinehealthapp.com and we will take steps to delete such data.

15. Changes to This Policy

Baseline Health App LLC reserves the right to update this Privacy Policy at any time. When we make changes, we will revise the “Effective” date at the top of this page. For material changes, we will provide notice through the App or on our website prior to the change taking effect. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

16. Contact

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

Baseline Health App LLC
Email: support@baselinehealthapp.com
Website: baselinehealthapp.com