Privacy Policy
Effective date: 2 July 2026 ยท Baseline (the โAppโ)
Baseline is a field hockey training app for iPhone, operated by Toby Dadson (โweโ, โusโ), contactable at toby@dadson.digital. This policy explains what data the App collects, why, where it lives, and the choices you have. The short version: your data exists to power your training, we don't run ads, and we never sell it.
1. Data we collect
Account
- Email address, name, and a password (stored as a secure hash by our authentication provider).
Training and wellbeing data you log
- Workouts: exercises, sets, weights, reps, RPE, session duration and volume.
- Match schedule and match logs: fixtures you add, results, minutes played, and match RPE.
- Body data: bodyweight and body measurements you record.
- Nutrition: meals you log, including barcode lookups, recipes, and estimated macros.
- Journal entries: mood, energy, sleep hours, and notes.
- Photos you choose to submit (e.g. meal photos for macro estimates, progress photos). These are optional.
Apple Health (HealthKit) โ with your permission
- If you grant access, we read summary health metrics such as steps, active energy, sleep, heart-rate variability (HRV) and resting heart rate, and sync daily summaries to your account to compute recovery and readiness scores.
- We only read the categories you approve, and you can revoke access at any time in iOS Settings โ Health.
- HealthKit data is never used for advertising or marketing, and is never disclosed to third parties except as needed to provide the App's features, consistent with Apple's guidelines.
WHOOP โ with your explicit connection
- If you choose to connect a WHOOP account, we access โ with your consent via WHOOP's OAuth flow โ your recovery scores, sleep data, strain/workout data, HRV, resting heart rate, and basic profile information.
- This data is used solely to display your recovery and readiness inside the App and to adapt your training recommendations. It is never sold, never shared with third parties for marketing, and never used for advertising.
- OAuth tokens for your WHOOP connection are stored server-side in a restricted table that is not accessible from client devices.
- You can disconnect WHOOP at any time in the App; disconnecting stops all syncing, and deleting your account deletes the stored WHOOP data and tokens. You can also revoke the App's access from your WHOOP account settings.
- WHOOP is a trademark of WHOOP, Inc. Baseline is not affiliated with or endorsed by WHOOP, Inc.
2. How we use your data
- To provide the App's features: training plans, logging, recovery scores, match-day tools, and nutrition tracking.
- To compute derived metrics (for example estimated one-rep maxes, training load, and readiness scores).
- To generate AI-powered coaching content (see section 3).
- To respond to support requests you send us.
We do not sell personal data, we do not share it for advertising, and there are no third-party ads in the App.
3. AI processing
Some features โ training-plan generation, workout drafting, fixture-screenshot import, meal photo/description estimates, and the in-app coach chat โ are powered by large language models provided by Anthropic. When you use these features, the relevant content (for example your prompt, training context, a fixture screenshot, or a meal photo) is sent to Anthropic via our servers to generate a response. Anthropic does not use API data to train its models by default. Our API keys and all AI requests are handled server-side; no AI provider credentials exist on your device.
4. Where your data lives
- Your data is stored with Supabase, our database and authentication provider, hosted on AWS in the European Union (eu-west-1, Ireland).
- Data is encrypted in transit (TLS) and at rest, and protected by row-level security so each account can only access its own records.
- Some data you enter (such as your fixture list and training preferences) may also be cached locally on your device.
5. Who we share it with
Only service providers that make the App work, acting on our instructions:
- Supabase โ database, authentication, and serverless functions (EU hosting).
- Anthropic โ AI model responses for the features in section 3.
- Open Food Facts โ barcode lookups are sent as anonymous product queries (just the barcode, never your identity).
- WHOOP, Inc. โ only if you connect WHOOP, to fetch your data with your consent.
We may also disclose data if required by law. If Baseline is ever acquired or merged, your data would remain subject to this policy or one at least as protective, and we would notify you.
6. Retention and deletion
- We keep your data while your account is active.
- You can delete your account in the App (Me โ Delete account). This permanently deletes your profile, training history, health metrics, nutrition logs, photos, chat history, and any WHOOP tokens and data.
- You can also request deletion by emailing toby@dadson.digital; we will action it within 30 days.
7. Your rights
If you're in the UK or EU, you have rights under the UK/EU GDPR: to access your data, correct it, delete it, receive a portable copy, restrict or object to processing, and withdraw consent (for example by disconnecting WHOOP or revoking Health access). To exercise any of these, email toby@dadson.digital. You also have the right to complain to your supervisory authority โ in the UK, the Information Commissioner's Office (ico.org.uk).
Legal basis: we process your data to perform our contract with you (providing the App), with your consent for health and wearable data, and under legitimate interests for app security and support.
8. Children
Baseline is not directed at children under 16, and we do not knowingly collect data from them. If you believe a child under 16 has created an account, contact us and we will delete it.
9. Changes to this policy
If we make material changes, we'll update this page and note it in the App before the changes take effect. The effective date at the top always reflects the current version.
10. Contact
Toby Dadson ยท toby@dadson.digital