Tend

Privacy Policy

Effective 30 June 2026 | Contact support@tend.fit

Tend is a local-first wellness coach. Core wellness records live on your device unless you choose optional cloud features such as account sign-in, Cloud AI coaching, app-store subscription verification, encrypted cloud sync, food search, crash reporting, or opt-in analytics.

Controller identity

Tend is operated from India and is the operator and controller for the processing described in this Privacy Policy. Privacy questions and rights requests may be directed to support@tend.fit.

Our approach: local-first by design

Tend works without an account and without an internet connection for core local features. Tend contains no advertising SDKs and no ad trackers. We do not sell or rent your personal data.

1. Data stored only on your device

The following information is created and stored locally on your phone for ordinary app use and is not transmitted to us:

If you enable optional cloud sync, a copy of this data is held on our servers only in end-to-end encrypted form that we cannot read.

2. Health Connect and health-related information

If you connect Health Connect, Tend reads activity data (steps and active calories) and body measurement data (weight) to show it in the app and support wellness features. Tend may write entries you actively log, such as workouts with duration and calories, meal type and nutrition macros, or user-entered body measurements, back to Health Connect at your request.

Health Connect data is used on your device for display and insights. Health-related information is used solely to provide wellness features requested by you and is never used for advertising, profiling for advertising, or sold to third parties. It leaves your device only if you separately opt in to Cloud AI coaching and choose a consent tier that includes health context. Where applicable, health-related Cloud AI processing relies on your explicit consent.

Food search sends only the search term you type to a public food-database provider so matching foods can be returned. Your food diary, identity, and Health Connect data are not sent to that provider.

3. Account

Tend creates an anonymous identity on your device so optional cloud features can be secured. If you choose to sign in with a platform sign-in provider or email and password, your account is managed by a third-party cloud authentication provider, which stores your email address, display name if provided, and a user identifier.

4. Cloud AI coaching, consent tiers, and cloud sync

Cloud AI coaching is off by default. It works only if you are signed in, have an active Tend Pro subscription, and have explicitly turned it on. You choose how much context the AI Coach can use:

Requests are sent through our backend to a third-party cloud AI processing provider. We store limited operational metadata needed to operate, secure, meter, and audit the feature, but we do not store prompts or AI replies. Provider no-training commitments are governed by the provider's contractual terms and are not a separate Tend warranty.

Cloud AI processing providers may temporarily process or retain requests for security, abuse prevention, service delivery, or legal compliance in accordance with their own policies and contractual commitments.

Cloud sync: Cloud sync stores backup-snapshot ciphertext so app data can be restored across devices. Your app data is encrypted on your device before upload. Our servers receive and store only encrypted ciphertext and key-derivation metadata, never plaintext and never your encryption passphrase.

5. Telemetry

Tend uses a third-party crash reporting provider for crash reports and a third-party analytics provider for optional usage analytics. Crash reporting is on by default with an opt-out switch in You → Privacy. Usage analytics is off by default and turns on only if you choose to enable it.

Telemetry does not include care anchor names, journal text, Health Connect values, nutrition entries, or AI prompts/replies. Advertising ID collection, SSAID collection, and ad-personalization signals are disabled.

6. Lawful basis for processing

References to lawful bases apply where required by applicable data protection law.

Processing activityLawful basisNotes
Local-only on-device dataNo server-side processing by usThe data remains on your device unless you choose a cloud feature.
Account authenticationContract performanceNeeded to provide optional cloud features.
Subscription verificationContract performanceNeeded to verify Tend Pro entitlement.
Cloud AI aggregate and pattern tiersContract performance and consentYou must enable Cloud AI and relevant tiers.
Cloud AI Health and Reflections tiersExplicit consent where special-category data rules applySeparate opt-in toggles.
End-to-end encrypted cloud syncContract performanceTend Pro feature; ciphertext-only storage.
Crash reportingLegitimate interestsApp stability and security; opt-out available.
Usage analyticsConsentOff by default.
Food searchLegitimate interestsMinimal typed search term only.
Deletion tombstonesLegal obligation and legitimate interestsMinimal identifier retained for security/accounting.

7. Subscriptions and app-store billing

Tend Pro subscriptions are processed by the app-store billing provider. Payments and billing details are handled by that provider; we do not receive or store your payment card or bank details.

8. Third-party processors and provider categories

We use third-party processors only to deliver features you request or to operate and secure the service. These include account authentication providers, app-store billing processors, cloud hosting and database providers, network and security providers, crash reporting and optional analytics providers, cloud AI processing providers, public food-search data providers, and professional advisors.

These processors may process personal data only for the purposes described in this policy and under appropriate safeguards. We do not sell personal data or share personal data for advertising.

We do not sell personal information or share personal information for cross-context behavioral advertising.

If Tend undergoes a merger, acquisition, reorganization, asset sale, or similar transaction, personal data may be transferred as part of that transaction subject to applicable law and this Privacy Policy.

9. International transfers

Some processors may process personal data outside your country of residence. Where transfers are restricted by law, we use appropriate safeguards required by applicable law.

10. What Tend does not collect

Tend does not collect your precise or approximate location, contacts, messages, photos, files, calendar, microphone or camera input, advertising identifier, or browsing activity.

11. Data retention, deletion, and privacy rights

On-device data stays on your device until you delete it in the app, uninstall the app, or restore a different backup. After a verified deletion request, we delete or de-identify account records, active cloud sync ciphertext, and current AI consent snapshots within the period required by applicable law and platform policy, unless retention is needed for security, fraud prevention, accounting, dispute resolution, legal compliance, or enforcing usage and cost limits. Backup copies and logs are overwritten or deleted on normal retention cycles unless earlier action is legally required.

We may require reasonable verification of account ownership before processing certain requests.

Crash reports and analytics records are retained according to configured service controls and only for as long as needed for app stability, security, aggregate product measurement, legal compliance, or another purpose described in this policy.

Depending on where you live, you may have rights to access, correct, delete, restrict, port, object to processing, withdraw consent, and lodge a complaint with the data protection supervisory authority in your country of residence. To exercise rights, contact support@tend.fit.

12. Automated decision-making

Tend does not make solely automated decisions that produce legal or similarly significant effects on you. AI Coach replies and pattern insights are suggestions and observations. Meaningful AI actions require preview and confirmation before anything changes.

13. Data breach notification

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection supervisory authority within 72 hours where required by law. If a breach is likely to result in a high risk, we will notify affected users without undue delay where required.

14. Security

On-device sensitive data is protected using platform security controls, and cloud features use technical and organizational safeguards designed to protect data in transit and at rest. Cloud requests are subject to access controls appropriate to the feature. While we use reasonable safeguards, no method of storage, transmission, or security measure is completely secure. We cannot guarantee absolute security.

15. Children

Tend is intended for adults. You must be at least 18 years old, or the minimum age required by applicable law in your jurisdiction, to use Tend. If you believe a person below the applicable age has provided personal data, contact us and we will take appropriate steps to delete that data.

16. Changes to this policy

If we change this policy, we will update the effective date and post the new version at the same URL.