Privacy Policy

1. Introduction

Bask ("we," "our," or "us") operates the Bask mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

2. Information We Collect

2.1 Personal Information You Provide

During onboarding, we collect:

• Biological Profile: Age, weight, weight unit preference
• Skin & Eye Color: Visual color selection (6 skin tones, 5 eye colors)
• Sun Reaction Assessment: Always burns / Burns then tans / Rarely burns
• Outdoor Time Assessment: Daily outdoor time ranges
• Supplementation Status: Daily / Occasionally / None
• Blood Test Baseline (Optional): 25(OH)D level (ng/mL or nmol/L), test date
• Primary Goals (Multi-select): Optimizing Vitamin D Levels, Safe Tanning & Burn Prevention, Circadian Rhythm & Better Sleep, Longevity & Natural Immunity

2.2 Automatically Collected Information

• Location Data (When In Use): We access your precise location to fetch real-time UV index and weather data for your area. Location is only used when the app is active.
• HealthKit Data (If Authorized):
  • Read: "Time in Daylight" to automatically track sun exposure
  • Write: Dietary Vitamin D to sync your supplement intake with Apple Health
• Usage Data: We collect data about your sun exposure sessions, supplement logs, and cofactor tracking (stored locally on your device).
• Analytics & Performance Data: We collect limited, non-health usage and performance data through PostHog to understand how the App is used and to monitor stability (e.g., feature usage events, app version, device/OS type, crash and performance metrics).

2.3 Third-Party Services

We integrate with:

• Apple WeatherKit: For real-time UV index, weather forecasts, and solar event data. Subject to Apple's Privacy Policy.
• RevenueCat: For in-app subscription management. Subject to RevenueCat's Privacy Policy.
• PostHog: For app usage analytics and performance monitoring. PostHog receives non-health event and diagnostic data as described in Section 2.2. Subject to PostHog's Privacy Policy.
• Apple HealthKit: For bidirectional sync of vitamin D and daylight data. Subject to Apple's Privacy Policy.
• Supabase: For the optional community leaderboard — to store anonymous profiles and aggregate sun session stats. Only data you opt in to share is sent (see Section 2.4). Subject to Supabase's Privacy Policy. We do not use Supabase for core app health data unless you join the leaderboard.

2.4 Community Leaderboard (Opt-In Only)

The App includes an optional community leaderboard feature. It is off by default. No data is sent to our servers for the leaderboard unless you explicitly opt in via Settings → Community.

When opted in, the App uploads limited data to Supabase after each completed manual sun session. This data is used to calculate aggregate rankings on our public leaderboard site at getbask.app/leaderboard. Raw session logs are not publicly readable — only aggregate rankings (daily and weekly totals, anonymous display name, and optional country) are shown.

Data sent to Supabase (only when opted in):

• A random public user ID and write token (stored locally on your device; not linked to your Apple ID, email, or name)
• Your chosen anonymous display name (e.g., "swift-meadow")
• Per completed sun session: estimated sun IU and duration (supplements excluded)
• Optional country, if you choose to show it on the leaderboard (user-selected — never GPS coordinates)

Data never sent to Supabase:

• Real name, email, or Apple ID
• Precise GPS coordinates
• Region, state, or city
• Skin type, age, weight, or blood test results
• Supplement logs or cofactor logs
• HealthKit data
• Full session history beyond leaderboard aggregates

Sun IU values shown on the leaderboard are estimates, not medical measurements. Estimates only · Not medical advice.

3. How We Use Your Information

We use your information to:

• Personalize Recommendations: Calculate Vitamin D synthesis based on your skin type, age, weight, and clothing
• Provide Real-Time UV Data: Fetch accurate UV index for your location
• Track Progress: Store your sun exposure sessions, supplements, and cofactors
• Generate Reports: Create physician reports for medical appointments
• Send Notifications: Alert you before optimal D-Windows (if you opt in)
• Leaderboard (if opted in): Upload session aggregates and display anonymous rankings on the public leaderboard
• Improve the App: Analyze aggregate usage patterns and performance metrics to fix bugs, improve reliability, and prioritize features

4. Data Storage & Security

• Local-First Storage: Your profile, sun exposure sessions, supplements, cofactors, and settings are stored locally on your device using SQLite. By default, we do not transmit your personal health data to our servers.
• Server Storage (Opt-In Only): If you opt into the community leaderboard, limited leaderboard data is stored on Supabase as described in Section 2.4.
• Cloud Backup: If you use iCloud backup, your device data may be included in your iCloud backups (controlled by your iOS settings).
• No Sale of Personal Data: We do not sell your personal data.
• Security Measures: We use industry-standard encryption and security practices to protect your data.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share data in the following limited circumstances:

• With Your Consent: If you export a physician report, you control where it's shared.
• Leaderboard (with consent): If you opt into the community leaderboard, anonymous leaderboard data is stored on Supabase and aggregate rankings may appear on getbask.app/leaderboard.
• Service Providers: We use Apple WeatherKit, RevenueCat, PostHog (for app usage analytics and performance monitoring), and Supabase (for the opt-in leaderboard only) to provide core features (subject to their privacy policies).
• Legal Obligations: We may disclose data if required by law or to protect our rights.

6. Your Rights & Choices

You can manage your data through the following options in the App:

• Redo Onboarding (Settings → Danger Zone): Resets your onboarding answers and shows the welcome flow again.
• Delete All Data (Settings → Danger Zone): Permanently deletes all local sessions, supplements, cofactors, profile, and settings. If you were opted into the leaderboard, also use "Delete my leaderboard data" in Settings → Community to remove server-side rankings, or contact us at support@getbask.app.
• Turn off leaderboard (Settings → Community → toggle off): Stops uploading new sessions and hides you from public rankings. Your server-side profile is retained so you can rejoin later.
• Delete leaderboard data (Settings → Community → "Delete my leaderboard data"): Permanently removes your server-side leaderboard profile, sessions, and aggregates. Local leaderboard credentials are also cleared.

You can also manage system permissions outside the App:

• Location Permissions: You can revoke location access in iOS Settings > Privacy & Security > Location Services > Bask.
• HealthKit Permissions: You can revoke HealthKit access in iOS Settings > Privacy & Security > Health > Bask.
• Notification Permissions: You can disable notifications in iOS Settings > Notifications > Bask.

7. Data Retention

• Local data: Retained on your device until you delete it via the App or uninstall the App.
• Leaderboard server data: Retained while you are opted in or have paused participation (leaderboard toggled off). Deleted when you choose "Delete my leaderboard data" in Settings → Community.
• Analytics data: PostHog retains event and performance data according to PostHog's retention settings. This data is not linked to your health profile or personal identity.
• Inactive accounts: We retain leaderboard data until you delete it or request deletion at support@getbask.app.

8. Children's Privacy

Bask is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, contact us at support@getbask.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page and in the App with an updated "Last Updated" date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: