Privacy Policy

Last updated: April 2026

This policy is written in plain English so you can actually read it. It describes what data Fundamental collects, where that data goes, and how you can take it back. We are still in private beta and recommend you have a lawyer review this document before relying on it for any regulated use case.

About this app

Fundamental is a seasonal wellness companion based in the science of Ayurveda. It helps you organise daily self-care practices, plan seasonal meals, log what you eat, and optionally share that information with a practitioner you are working with. It is not a medical application and does not provide medical advice or diagnosis.

What we collect

If you only use the app locally (no account)

By default, everything stays on your device. The app stores the following on-device only:

Your first name (used for personalisation in the app)
Your approximate location and climate zone (used to determine seasonal food and practice guidance)
Self-care practices you log each day
Your weekly meal plan, recipes you save, grocery lists, and shopping reminders
Your meal journal entries
Optional cycle-tracking entries if you enable that feature
App preferences such as reminders, terminology mode, and which holiday calendars you follow

If you create an account

To sync your profile across devices and connect with a practitioner, we store the following on our servers:

Your email address (used for sign-in and account recovery)
A securely hashed version of your password (we never store the password itself)
Your first name and basic profile preferences (latitude, climate zone, terminology mode, account type)
If you enable two-step verification, the secret used to verify your codes (stored on our server, access-controlled)

If you join the public waitlist

If you sign up on our landing page, we store your name, email address, and the source you came from, so we can write to you when beta access is available. You can ask us to remove your waitlist entry at any time.

What we send to third parties

AI meal and recipe analysis (OpenAI)

When you use the camera or recipe analyser to evaluate a meal, the photograph or recipe text you submit is sent to OpenAI for processing. We send only the image or text you choose to analyse plus the season and climate context needed for the analysis. We do not send your name, email address, location coordinates, journal history, or account identifier to OpenAI.

OpenAI processes the request and returns the analysis, which is shown only to you and stored locally on your device. OpenAI's own data handling is governed by their API data policy, which states that data submitted via the API is not used to train their models by default.

If you do not use the meal or recipe analyser, no images or recipes are sent to any third party.

Practitioner sharing (opt-in, per category)

If you enter a practitioner sharing code and turn on sharing, the practitioner who issued the code can read the categories of data you have explicitly enabled. Today these categories are:

Meal journal entries
Morning notes
Cycle (menses) entries

Each category is off by default. Turning sharing off, or revoking your sharing code from the Profile screen, immediately stops your practitioner from receiving any new data. Data the practitioner has already received is not automatically deleted from their copy of the app.

Location lookup

If you tap "Use my location," we ask the operating system for your coordinates and send them to OpenStreetMap's Nominatim service to look up the corresponding city name. Nominatim returns a city, state, and country and does not retain personal information about the request beyond standard server logs. Your coordinates are stored locally and, if you have an account, synced to your account so the app can serve the right seasonal guidance on every device.

Push notifications

Practice reminders, holiday alerts, and shopping reminders are scheduled as local notifications on your device. The app does not send notifications through our servers.

Email delivery (Resend)

If you request a password reset, we send the reset code to your email address through Resend, our email delivery provider. We send only your email address and the reset code. Resend processes the email solely to deliver it and is bound by their own data handling policy.

Product analytics (PostHog)

We use PostHog, a privacy-focused analytics provider, to understand how the landing page and the app are used so we can fix problems and prioritise improvements. We send a small, fixed list of named events (for example: landing page viewed, waitlist signup, account created, onboarding completed, weekly plan saved, meal logged) along with a random anonymous identifier and basic technical metadata (platform such as iOS, Android, or web). Once you sign in, that anonymous identifier is linked to your account user id so we can count unique users, but never to your name, email, location, or anything you have logged.

We never send the contents of meals, photos, journal entries, cycle data, recipes, plans, or any free-text you write. The exact event list is documented in our project notes for transparency. If you would prefer to opt out of analytics entirely, email us at support@fundamental.lifestyle and we will exclude your account from future event ingestion.

Payments (when applicable)

Fundamental does not currently process payments. When paid plans are introduced, billing will be handled by the platform's standard payment processor (Apple In-App Purchase, Google Play Billing, or RevenueCat acting on our behalf). We will receive only the subscription status and a receipt identifier, never your full card details.

Health information

Some of what you log in Fundamental, including meal photos, journal entries, and cycle data, is personal health information. We treat it accordingly:

It is stored on your device unless you have explicitly enabled practitioner sharing for that category, or you have used the meal analyser, which sends the meal photo or recipe to OpenAI for that one analysis.
The contents of your health information (meal photos, journal entries, cycle data, free-text notes, location, herbs, recipes) are never sent to our analytics provider, and we do not sell, license, or share your health data with advertisers, data brokers, or insurers.
The app is not a HIPAA-covered service and should not be used as the sole record for any condition under medical supervision.

How long we keep your data

Local data stays on your device until you delete it from inside the app or uninstall the app.
Account data (email, hashed password, profile) is kept until you delete your account from the Profile screen, after which it is removed from our active servers within 30 days. Backups are rotated out within 90 days.
Practitioner-shared data is retained for as long as you keep sharing enabled. Turning sharing off stops new data from being shared; you can also ask your practitioner to delete their copy.
Waitlist entries are kept until you ask us to remove them or until 12 months after launch, whichever comes first.
Meal photos and recipe text sent to OpenAI are not stored on our servers after the analysis returns. Brief diagnostic logs of API responses (truncated to roughly 80 characters) may be kept for short-term error monitoring and are rotated out of normal logging within days.

Your choices

You can:

Use the app entirely without an account, in which case the only data that leaves your device is what is needed for features you actively use: the meal analyser sends your photo or recipe text to OpenAI, "Use my location" sends your coordinates to OpenStreetMap to look up your city, and password-recovery emails (if you ever create an account) are sent through Resend.
Delete your account and all associated server-side data from the Profile screen at any time.
Clear all local data by uninstalling the app or by deleting individual entries from inside it.
Turn off any optional feature (location, notifications, practitioner sharing, AI meal analysis) at any time from your Profile.
Email us at support@fundamental.lifestyle to request a copy of your account data or to ask any question about how it is handled.

Children

Fundamental is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us and we will remove it.

Security

We use industry-standard transport encryption (HTTPS) for all communication between the app and our servers. Account passwords are stored only as bcrypt hashes. Two-step verification is available from the Profile screen. No system is perfectly secure, so please use a strong, unique password and enable two-step verification if you are sharing data with a practitioner.

Changes to this policy

We will update this policy as the app evolves. Material changes will be communicated through the app and on this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have any questions about this policy or how your data is handled, please write to support@fundamental.lifestyle.

← Back to Fundamental · Terms of Service