How GigaFlair Baseline protects your privacy with a local-first, zero-collection architecture.
Last Updated: March 16, 2026
GigaFlair Baseline (“the App”, “we”, “us”) is a personal symptom-tracking tool designed with a privacy-first, local-only architecture. We do not operate any servers, collect any personal data, or transmit any information about you or your health to any third party. This Privacy Policy explains what data exists, where it lives, and how you control it.
We do not collect, store, or transmit:
All information you enter into the App is stored locally in an encrypted database on your device. This includes:
| Data type | Where it lives | How it’s protected |
|---|---|---|
| Symptom logs (type, severity, timestamp) | Local SQLite database (OPFS) | Symptoms are stored as standard medical codes (ICD-10-CM), not free-text labels |
| Optional notes | Local SQLite database (OPFS) | Encrypted with AES-256-GCM before writing; key derived via PBKDF2 (600,000 iterations) |
| Custom symptom definitions | Local SQLite database (OPFS) | As above |
| App password (hashed) | Device local storage | PBKDF2-derived hash; plaintext never stored |
| Biometric unlock credential | Device secure enclave (if enabled) | Managed entirely by the operating system |
| Daily reminder preference | Device local storage | No health data involved |
| Last backup timestamp | Device local storage | Date only |
Your data never leaves your device unless you explicitly initiate a backup or an export.
When you use the “Download Encrypted Backup” feature, a .gfpb file is created on your device. This file is encrypted with a password you choose using AES-256-GCM. We have no access to this file or the password. If you choose to save it to your Downloads folder or share it via another app (email, cloud storage, etc.), that transfer is governed by the privacy policies of those apps and services — not ours.
The App offers two ways to export your symptom data. In both cases, data is generated entirely on your device and sent directly to the recipient you choose — never through our servers.
CSV Export The Reports screen lets you export your symptom history as a CSV file compatible with common electronic medical record (EMR) systems. The file is generated locally and saved to your device or shared via an app of your choice.
Chart Export (PNG) The Reports screen also lets you export a chart of your symptom trends as a PNG image. This image is generated locally on your device and can be saved or shared directly from your device.
Once data is received by your healthcare provider or the app you share through, the handling of that data is governed by their privacy practices, not ours.
The App maintains an optional local crash log to help diagnose problems. This log is stored entirely on your device. You can view, export, or delete it at any time in Settings → Diagnostics. If you choose to use the “Share Crash Log” feature, that log is shared directly from your device to a recipient of your choice — we do not receive it.
The App does not integrate any third-party analytics, advertising, or data-collection SDKs. The App uses the following open-source libraries solely for local functionality:
None of these libraries transmit data to external parties in this App’s configuration.
Network access is used only for the optional ICD-10-CM code lookup feature (searching the U.S. National Library of Medicine’s Clinical Tables API at clinicaltables.nlm.nih.gov). Only the search text you type is sent; no health history or identifying information is transmitted.
The App is not directed to children under 13. We do not knowingly collect any information from children. Because no data is collected or transmitted at all, there is no personal information of any user — including minors — on our systems. If the App is used by a minor, all data remains on the minor’s device under parental control.
Because all data is stored locally on your device, you have complete control:
We have no ability to access, modify, or delete data on your behalf — it is entirely in your control.
Data is retained on your device until you delete it. We retain no copies. Uninstalling the App permanently removes the local database unless you have made an external backup.
We use industry-standard cryptographic practices:
No security measure is perfect. You are responsible for keeping your device and App password secure.
If we make material changes to this Privacy Policy, we will update the “Last updated” date above and, where appropriate, provide notice within the App. Continued use of the App after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, please contact us at:
GigaFlair Email: info@gigaflair.com
Because no personal data is collected or transmitted, most data-subject rights frameworks (GDPR, CCPA, HIPAA) have limited applicability to this App. We nonetheless commit to the privacy practices described above.
Last Updated: March 2026
← Back to Baseline Policies