Privacy · Baseline Method

This page covers both baselinemethod.com and the Baseline Method app. The short version: information that passes between a practitioner and a client is confidential, and we do not share data with third parties.

Practitioner–client confidentiality

Intake responses, session notes, biometrics, breath and HRV training data, journal entries, and any communication between you and your practitioner stay between you and your practitioner. We do not resell it. We do not give it to advertisers, data brokers, analytics vendors, or anyone offering us money for it. We do not use it to train models for third parties.

Our team can access the data when we need to operate the service (responding to a support request, fixing a bug, recovering an account). When we do, it’s the smallest number of people necessary, and we log what we touched.

What the website collects

Browsing this site sets no cookies, runs no analytics scripts, loads no tag managers, and contains no embedded social trackers. No consent banner because there is nothing to consent to.

The site does load one set of fonts from Bunny Fonts, a privacy-respecting GDPR-friendly font CDN that does not log IP addresses or set cookies. We chose Bunny Fonts specifically because Google Fonts (the common alternative) does log IPs. If you want full self-hosting we can move the fonts on-server; the trade-off is a slightly heavier deploy.

Our CDN keeps standard, aggregate access logs (request counts, response codes, country, bandwidth) the way every web server has since the 1990s. Those logs are operational, not promotional, and we don’t correlate them with any account.

What the contact and intake forms collect

The short contact form records what you type (name, contact method, message), the timestamp, and the IP address you submitted from. The IP is used briefly for spam rate-limiting. The submission is emailed to the founders and appended to a server-side log file we control. We do not push it to any third-party CRM or marketing tool.

The baseline assessment intake form is more thorough. Submissions are encrypted at rest on our server using age public-key encryption — only the founders hold the private key, so even with full server access nobody else can decrypt them. The submission also triggers a notification email so the founders know to review it.

What the app collects

The Baseline Method app holds the data needed to run your practice and your relationship with your practitioner: intake history, session notes, biometric and breath data you log or sync from a wearable, scheduling, and messages between you and your practitioner. That data lives on your device, encrypted at rest. Practitioners hold their clients’ data on their device; clients hold theirs on theirs. We do not hold a server-side copy.

Wearable data (HRV, sleep, etc.) is synced only with your explicit permission, only the metrics needed for your protocol, and never silently in the background. You can revoke wearable sync at any time.

No telemetry. The app does not capture analytics, crash reports, behavioral data, or any other operational signal. No Firebase Analytics, no Amplitude, no Segment, no Sentry, no Meta SDK, no TikTok SDK, no first-party telemetry of our own either.

Your rights

You can ask us what we have on you, ask us to correct it, ask us to delete it, or ask us to hand you a copy of it. Email a@baselinemethod.com from the address on file and we’ll respond within 14 days. There is no legal-prompt phrasing required; “delete my data” is enough.

Changes

If we change anything material on this page, the previous version stays in the site’s git history. Significant changes will be flagged the next time you open the app.