Skip to content
Skip to main content

Privacy Policy

Last updated: February 2, 2026

At BaseFit, we take your privacy seriously. This Privacy Policy explains how BaseOne Media Ltd (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use our health optimisation platform.

Key Privacy Points

Your data is encrypted at rest and in transit
We never sell your personal information
You can delete your data at any time
UK GDPR compliant
Transparent data usage policies
Committed to continuous security improvement

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Password (encrypted and never stored in plain text)
  • Profile information (age, gender, fitness goals)

Health & Fitness Data

With your explicit consent, we collect:

  • Wearable device data (heart rate, HRV, sleep, activity)
  • Workout logs and exercise history
  • Nutrition tracking and meal logs
  • Health assessments and wellness data
  • Body measurements and progress photos

Usage Data

We automatically collect:

  • Device information and IP address
  • Browser type and operating system
  • Pages visited and features used
  • AI chat interactions (to improve our service)

How We Use Your Information

  • Personalisation: To provide AI-powered health recommendations tailored to your goals and data
  • Service Delivery: To operate and maintain the BaseFit platform
  • Communication: To send you updates, notifications, and support messages
  • Improvement: To analyse usage patterns and improve our AI models
  • Security: To detect and prevent fraud, abuse, and security incidents

Data Security

We take the security of your data seriously and implement the following measures:

  • ✓Encryption at rest and in transit (TLS 1.2+) provided by our hosting infrastructure
  • ✓Hosted on Supabase infrastructure (SOC 2 Type II certified provider)
  • ✓Row-level security policies on all database tables
  • ✓Webhook signature verification for third-party integrations
  • ✓API rate limiting and abuse prevention on all endpoints

Third-Party Services

We work with trusted third-party services to provide our platform:

Anthropic

Powers our AI health coaching. Your profile and health context is sent to Anthropic's API to generate personalised recommendations. Anthropic's data processing is governed by their API data usage policy, which states API data is not used for model training.

Supabase

Secure database hosting with encryption at rest and in transit.

Stripe

Payment processing. We never store your full credit card details.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of all your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

To exercise any of these rights, contact us at privacy@basefit.co.uk

Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations. When you delete your account, we permanently remove your personal data within 30 days, except where we're required by law to retain certain information.

Children's Privacy

BaseFit is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of any material changes by email or through the app. Your continued use of BaseFit after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@basefit.co.uk

Address: BaseOne Media Ltd, London, United Kingdom

Data Protection Officer: dpo@basefit.co.uk