Privacy Policy
Tend is a local-first wellness coach. Core wellness records live on your device unless you choose optional cloud features such as account sign-in, Cloud AI coaching, app-store subscription verification, encrypted cloud sync, food search, crash reporting, or opt-in analytics.
Controller identity
Tend is operated from India and is the operator and controller for the processing described in this Privacy Policy. Privacy questions and rights requests may be directed to support@tend.fit.
Our approach: local-first by design
Tend works without an account and without an internet connection for core local features. Tend contains no advertising SDKs and no ad trackers. We do not sell or rent your personal data.
1. Data stored only on your device
The following information is created and stored locally on your phone for ordinary app use and is not transmitted to us:
- Care anchors, routines, and completion history
- Mood check-ins and journal entries
- Meditation, breathing, sleep, focus, and other session activity
- Notes reading progress
- App settings and optional motivational profile, stored in encrypted on-device storage
If you enable optional cloud sync, a copy of this data is held on our servers only in end-to-end encrypted form that we cannot read.
2. Health Connect and health-related information
If you connect Health Connect, Tend reads activity data (steps and active calories) and body measurement data (weight) to show it in the app and support wellness features. Tend may write entries you actively log, such as workouts with duration and calories, meal type and nutrition macros, or user-entered body measurements, back to Health Connect at your request.
Health Connect data is used on your device for display and insights. Health-related information is used solely to provide wellness features requested by you and is never used for advertising, profiling for advertising, or sold to third parties. It leaves your device only if you separately opt in to Cloud AI coaching and choose a consent tier that includes health context. Where applicable, health-related Cloud AI processing relies on your explicit consent.
Food search sends only the search term you type to a public food-database provider so matching foods can be returned. Your food diary, identity, and Health Connect data are not sent to that provider.
3. Account
Tend creates an anonymous identity on your device so optional cloud features can be secured. If you choose to sign in with a platform sign-in provider or email and password, your account is managed by a third-party cloud authentication provider, which stores your email address, display name if provided, and a user identifier.
4. Cloud AI coaching, consent tiers, and cloud sync
Cloud AI coaching is off by default. It works only if you are signed in, have an active Tend Pro subscription, and have explicitly turned it on. You choose how much context the AI Coach can use:
- Aggregate only: counts and categories such as care anchors due/done, time of day, and a mood-trend flag. Typed AI prompts are sent for that request.
- Patterns: adds which care anchors or routines you tend to keep or skip, rhythm shapes, and mood trends over time.
- Health: adds Health Connect activity and body metrics, meals, and workouts you log.
- Reflections: adds journal text, journal themes, and mood notes.
Requests are sent through our backend to a third-party cloud AI processing provider. We store limited operational metadata needed to operate, secure, meter, and audit the feature, but we do not store prompts or AI replies. Provider no-training commitments are governed by the provider's contractual terms and are not a separate Tend warranty.
Cloud AI processing providers may temporarily process or retain requests for security, abuse prevention, service delivery, or legal compliance in accordance with their own policies and contractual commitments.
Cloud sync: Cloud sync stores backup-snapshot ciphertext so app data can be restored across devices. Your app data is encrypted on your device before upload. Our servers receive and store only encrypted ciphertext and key-derivation metadata, never plaintext and never your encryption passphrase.
5. Telemetry
Tend uses a third-party crash reporting provider for crash reports and a third-party analytics provider for optional usage analytics. Crash reporting is on by default with an opt-out switch in You → Privacy. Usage analytics is off by default and turns on only if you choose to enable it.
Telemetry does not include care anchor names, journal text, Health Connect values, nutrition entries, or AI prompts/replies. Advertising ID collection, SSAID collection, and ad-personalization signals are disabled.
6. Lawful basis for processing
References to lawful bases apply where required by applicable data protection law.
| Processing activity | Lawful basis | Notes |
|---|---|---|
| Local-only on-device data | No server-side processing by us | The data remains on your device unless you choose a cloud feature. |
| Account authentication | Contract performance | Needed to provide optional cloud features. |
| Subscription verification | Contract performance | Needed to verify Tend Pro entitlement. |
| Cloud AI aggregate and pattern tiers | Contract performance and consent | You must enable Cloud AI and relevant tiers. |
| Cloud AI Health and Reflections tiers | Explicit consent where special-category data rules apply | Separate opt-in toggles. |
| End-to-end encrypted cloud sync | Contract performance | Tend Pro feature; ciphertext-only storage. |
| Crash reporting | Legitimate interests | App stability and security; opt-out available. |
| Usage analytics | Consent | Off by default. |
| Food search | Legitimate interests | Minimal typed search term only. |
| Deletion tombstones | Legal obligation and legitimate interests | Minimal identifier retained for security/accounting. |
7. Subscriptions and app-store billing
Tend Pro subscriptions are processed by the app-store billing provider. Payments and billing details are handled by that provider; we do not receive or store your payment card or bank details.
8. Third-party processors and provider categories
We use third-party processors only to deliver features you request or to operate and secure the service. These include account authentication providers, app-store billing processors, cloud hosting and database providers, network and security providers, crash reporting and optional analytics providers, cloud AI processing providers, public food-search data providers, and professional advisors.
These processors may process personal data only for the purposes described in this policy and under appropriate safeguards. We do not sell personal data or share personal data for advertising.
We do not sell personal information or share personal information for cross-context behavioral advertising.
If Tend undergoes a merger, acquisition, reorganization, asset sale, or similar transaction, personal data may be transferred as part of that transaction subject to applicable law and this Privacy Policy.
9. International transfers
Some processors may process personal data outside your country of residence. Where transfers are restricted by law, we use appropriate safeguards required by applicable law.
10. What Tend does not collect
Tend does not collect your precise or approximate location, contacts, messages, photos, files, calendar, microphone or camera input, advertising identifier, or browsing activity.
11. Data retention, deletion, and privacy rights
On-device data stays on your device until you delete it in the app, uninstall the app, or restore a different backup. After a verified deletion request, we delete or de-identify account records, active cloud sync ciphertext, and current AI consent snapshots within the period required by applicable law and platform policy, unless retention is needed for security, fraud prevention, accounting, dispute resolution, legal compliance, or enforcing usage and cost limits. Backup copies and logs are overwritten or deleted on normal retention cycles unless earlier action is legally required.
We may require reasonable verification of account ownership before processing certain requests.
Crash reports and analytics records are retained according to configured service controls and only for as long as needed for app stability, security, aggregate product measurement, legal compliance, or another purpose described in this policy.
Depending on where you live, you may have rights to access, correct, delete, restrict, port, object to processing, withdraw consent, and lodge a complaint with the data protection supervisory authority in your country of residence. To exercise rights, contact support@tend.fit.
12. Automated decision-making
Tend does not make solely automated decisions that produce legal or similarly significant effects on you. AI Coach replies and pattern insights are suggestions and observations. Meaningful AI actions require preview and confirmation before anything changes.
13. Data breach notification
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection supervisory authority within 72 hours where required by law. If a breach is likely to result in a high risk, we will notify affected users without undue delay where required.
14. Security
On-device sensitive data is protected using platform security controls, and cloud features use technical and organizational safeguards designed to protect data in transit and at rest. Cloud requests are subject to access controls appropriate to the feature. While we use reasonable safeguards, no method of storage, transmission, or security measure is completely secure. We cannot guarantee absolute security.
15. Children
Tend is intended for adults. You must be at least 18 years old, or the minimum age required by applicable law in your jurisdiction, to use Tend. If you believe a person below the applicable age has provided personal data, contact us and we will take appropriate steps to delete that data.
16. Changes to this policy
If we change this policy, we will update the effective date and post the new version at the same URL.