← Back to Onset

Privacy policy

Effective date: April 27, 2026

Onset ("we," "our," or "the app") is operated by Last 1 Enterprises LLC. This policy describes how we handle your information when you use the Onset iOS application.

What data we collect

Onset collects only the data you explicitly provide through the app:

• Daily check-in responses (sleep quality, energy, soreness, and mood on a 1–10 scale; libido when relevant to your profile)
• Optional check-in fields for cycle-aware profiles (for example flow level, cravings, or bloating when you use those prompts)
• Routine completion status (which items you marked as done)
• Your biological-sex profile and selected mode (e.g. Recovery, Performance, or Fertility for a male profile; Balance, Cycle awareness, or Fertility for a female profile)
• Your preferences (wake time, event timer lead time, notification settings)
• If you use cycle awareness: approximate cycle settings you enter (such as last period start, cycle length, and whether you track a menstrual cycle)
• Supplement and routine item details you enter, scan, or import (names, doses, timing, brand information)
• Lab values you optionally photograph or manually enter for personal reference storage
• Lab/protocol organization data you create in the app

Where data is stored

Onset uses a mixed storage model:

• On-device storage (SwiftData): your routine data, check-ins, completions, preferences, lab values, and lab/protocol organization data remain on your device.
• Cloud processing (Supabase + model provider): if you turn on Cloud AI features in the app (for example Daily AI text or optional AI routine drafting), selected request inputs are sent securely from the app to our backend (Last 1 Enterprises / Supabase project). The backend builds a text prompt and sends it to our model provider to generate a response.

Cloud AI is opt-in inside the app. If Cloud AI is off, we do not send this class of prompts for those features.

Lab value storage

If you choose to store lab values in Onset, this data is stored locally on your device and optionally synced to your encrypted cloud account if you have one. Lab values are displayed alongside standard reference ranges from your laboratory report.

• We do not interpret, analyze, or generate recommendations based on your lab values.
• Lab data is never shared with third parties except as part of your encrypted cloud sync (if enabled).
• You can delete your stored lab values at any time from within the app.

Supplement reference information

Onset displays published reference information about dietary supplements sourced from public health authorities including the NIH Office of Dietary Supplements and published dietary guidelines. When you scan a supplement bottle or search for a product, the app may query the NIH Dietary Supplement Label Database (DSLD) or similar public databases to retrieve product and ingredient information.

• These queries contain only the supplement or product name you are looking up — no personal health data is included.
• Product and ingredient reference data may be cached on our servers to improve performance for all users. This cache contains only publicly available product information, not user data.

Lab and protocol context

Onset can store lab values and display them beside your supplement routine for personal reference and organization.

• Lab values are stored locally on your device and optionally synced to your cloud account.
• Lab/protocol context is for organization and personal reference only.
• Onset does not provide medical advice, diagnosis, treatment, or lab interpretation.

What we do not collect

• We do not require a traditional account signup flow with username/password
• We do not collect location data
• We do not sell your personal data
• We do not collect device identifiers for advertising purposes
• We do not use third-party ad tracking SDKs

Third-party AI: Anthropic (Claude)

When you enable Cloud AI in Onset, our servers may send prompts to Anthropic, PBC ("Anthropic") to run Claude (and successor models we configure) so the app can return short personalized text—such as a daily wellness note or an optional draft routine outline. Anthropic acts as a processor on our behalf to generate that text. We do not use Anthropic for advertising, and we do not sell personal data to Anthropic.

What may be included in a prompt (categories, not an exhaustive log)

• Your selected wellness mode and biological-sex profile as used in the app
• An optional snapshot of check-in fields you entered (for example sleep, energy, mood, soreness, and profile-specific fields you chose to save)
• If you enabled Apple Health read access in Onset, aggregated or summarized health metrics the app is designed to include (for example sleep, activity, or heart metrics as implemented in the client—not continuous raw HealthKit exports unless reflected in that summary)
• For cycle-aware use, high-level cycle context you allow (for example phase label or cycle day template—not a clinical record)
• Goals, dietary flags, allergies, prescriptions, labs, or free-text concerns you type into the AI routine builder flow
• Coarse day-context signals derived on-device (for example which habit themes apply today)
• Technical context (for example app locale / calendar day string for auditing) needed to operate the service

Why we send it

Only to produce general wellness wording and organization help in the app. Output is not a diagnosis, treatment recommendation, or substitute for a clinician.

How it is processed and retained

• Requests go from the app to our Supabase backend (hosted infrastructure), then to Anthropic's API for inference.
• We may store limited server logs, prompt/response snippets, and metadata needed for security, rate limits, abuse prevention, debugging, and reliability. We retain these only as long as reasonably needed for those purposes unless a longer period is required by law.
• On-device data remains under your control; deleting the app removes local data from the device but does not automatically erase historical cloud logs—email [email protected] for assistance with cloud deletion requests.

Anthropic's own privacy commitments are described at anthropic.com/legal/privacy.

Other third-party services

Onset also uses infrastructure providers that are not the AI model vendor:

• RevenueCat for subscription entitlement management. revenuecat.com/privacy
• Supabase for authentication (anonymous sessions where configured), Edge Functions, storage tied to cloud features, and operational metrics for our project.
• Insert Affiliate for partner referral attribution. When you open Onset from a partner link, an anonymous short code is stored on-device. When you make a purchase, RevenueCat forwards the standard purchase event to Insert Affiliate so the referring partner can be credited. We do not share any health, journal, supplement, lab, routine, or Apple Health data with Insert Affiliate, and the SDK is not used for advertising or cross-app tracking. insertaffiliate.com/privacy
• NIH Dietary Supplement Label Database (DSLD) for publicly available supplement product and ingredient reference data. Queries contain only product names, no personal data.

Payments for subscriptions are handled by Apple. We do not receive your full payment card number.

Analytics and telemetry

Onset records limited product telemetry events to improve reliability and product quality. These events include functional app events (for example paywall shown, onboarding completed, and daily text refresh tapped) and do not include ad-targeting identifiers.

We use this telemetry for operational monitoring, conversion funnel health, and feature reliability checks.

Data sharing

We do not sell or rent your personal data. We share data only with service providers needed to run the app (for example hosting, subscription infrastructure, and AI generation providers) under contractual controls.

Data retention and deletion

On-device data is under your control and can be removed by deleting the app. Cloud records used for AI operations and telemetry are retained only as needed for product operation, abuse prevention, and reliability analysis.

If you want data deletion help, contact [email protected].

Children's privacy

Onset is not intended for use by individuals under the age of 17. We do not knowingly collect data from minors.

Changes to this policy

We may update this policy as our features, infrastructure, or legal obligations evolve. When we do, we will update the effective date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, contact us at:
[email protected]