Privacy

We don’t share your data.

This page covers both baselinemethod.com and the Baseline Method app. The short version: information that passes between a practitioner and a client is confidential, and we do not share data with third parties.

Practitioner–client confidentiality

Intake responses, session notes, biometrics, breath and HRV training data, journal entries, and any communication between you and your practitioner stay between you and your practitioner. We do not resell it. We do not give it to advertisers, data brokers, analytics vendors, or anyone offering us money for it. We do not use it to train models for third parties.

Our team can access the data when we need to operate the service (responding to a support request, fixing a bug, recovering an account). When we do, it’s the smallest number of people necessary, and we log what we touched.

What the website collects

Browsing this site sets no cookies, runs no analytics scripts, loads no tag managers, and contains no embedded social trackers. No consent banner because there is nothing to consent to.

The site does load one set of fonts from Bunny Fonts, a privacy-respecting GDPR-friendly font CDN that does not log IP addresses or set cookies. We chose Bunny Fonts specifically because Google Fonts (the common alternative) does log IPs. If you want full self-hosting we can move the fonts on-server; the trade-off is a slightly heavier deploy.

Our CDN keeps standard, aggregate access logs (request counts, response codes, country, bandwidth) the way every web server has since the 1990s. Those logs are operational, not promotional, and we don’t correlate them with any account.

What the contact and intake forms collect

The short contact form records what you type (name, contact method, message), the timestamp, and the IP address you submitted from. The IP is used briefly for spam rate-limiting. The submission is emailed to the founders and appended to a server-side log file we control. We do not push it to any third-party CRM or marketing tool.

The baseline assessment intake form is more thorough. Submissions go to a private server we operate, encrypted in transit; sensitive fields are encrypted at rest. Submitting intake doesn’t sign you into anything — it queues your email and responses for a practitioner to review. If we activate you for the practitioner-led program, we email you so you can sign in to the app.

What the app collects

What the app collects depends on whether you’re signed in.

Before you sign in. The app downloads and runs locally. Anyone can install the APK or the iPhone / iPad build and use the practice tools without an account — no telemetry, no analytics, no crash reports, no background pings. There is no server to talk to until you sign in.

After you sign in. Signing in to the practitioner-led program requires that you’ve submitted intake and a practitioner has activated your account. Once you’re signed in, the data needed to run your relationship with your practitioner — session logs, heart rate from supported wearables, scheduling, and the encrypted messages between you and your practitioner — flows to a private server we operate. Traffic is encrypted in transit (TLS). Sensitive PII is encrypted at rest. Only our team can access the server; nothing is shared with advertisers, data brokers, analytics vendors, or anyone offering us money for it.

Heart rate data is synced from a supported wearable only with your explicit permission and never silently in the background. You can revoke wearable sync at any time.

No telemetry, ever. Signed in or not, the app does not capture analytics, crash reports, behavioral data, or any other operational signal. No Firebase Analytics, no Amplitude, no Segment, no Sentry, no Meta SDK, no TikTok SDK, no first-party telemetry of our own either.

Your rights

You can ask us what we have on you, ask us to correct it, ask us to delete it, or ask us to hand you a copy of it. Email a@baselinemethod.com from the address on file and we’ll respond within 14 days. There is no legal-prompt phrasing required; “delete my data” is enough.

Changes

If we change anything material on this page, the previous version stays in the site’s git history. Significant changes will be flagged the next time you open the app.

Last updated 2026-06-28.