Privacy Policy | Body ReCompanion

Last updated: June 2026 | Version: 1.1

1. Who we are

Controller:
Laura Otto Solutions
Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands
Registration (KvK): 94716501
VAT: NL005104012B61
Website: bodyrecompanion.com
Email: lauraottosolutions@gmail.com

2. Overview

Body ReCompanion is a web application that provides personalized AI-generated wellness and body recomposition advice. We process your data to deliver the service. Profile data, check-ins, and conversation context are stored on our EU-hosted infrastructure (Postgres database on Hetzner) so you can use those features across sessions. When you use the AI Coach, your messages and relevant context are transmitted through our servers to Anthropic (Claude) to generate responses.

We recommend you avoid sharing highly sensitive personal or medical data beyond what is needed for personalized coaching.

3. What personal data we process


3.1 Profile and preferences

Legal basis: Explicit consent (GDPR Art. 9(2)(a)) for health-related data.
Retention: Until you delete your data, withdraw consent, or for up to 90 days after your last activity (whichever is sooner).


3.2 Daily check-ins

Legal basis: Explicit consent (GDPR Art. 9(2)(a)).
Retention: Up to 90 days; you may delete at any time.


3.3 Conversation data and AI processing

The AI Coach is available only to users 18+ who have accepted our EULA and this Privacy Policy in the AI Coach consent flow. Until you do, conversation data is not collected and stored profile or check-in data is not sent to our AI provider.

When you use the AI Coach, your messages and the bot's responses are stored on our servers to maintain conversation context. Each request is also transmitted to Anthropic's Claude API together with:

We do not use your conversations to train AI models. Anthropic processes prompts solely to generate your response and does not train on your data for our API use case.

Data transfers to the US are covered by Standard Contractual Clauses (SCCs) and additional safeguards under Anthropic's Data Processing Agreement.

Legal basis: Contract (Art. 6(1)(b)); for health-related context, your explicit consent (Art. 9(2)(a)).
Retention: Conversation context stored in Postgres is retained for up to 90 days, after which it is automatically deleted.


3.4 Consent event logging

When you accept the EULA, Privacy Policy, or health-data consent, we log the consent event type and timestamp on our server. This contains no message content, profile fields, or other personal details, only enough to demonstrate that consent was given (GDPR Art. 7(1)).

Legal basis: Legitimate interest (security & compliance).
Retention: Up to 2 years, or until no longer needed to demonstrate compliance.


3.5 Website usage and cookies

We use Google Analytics. Where required by law (e.g. in the EEA), we obtain your consent before activating analytics. You can withdraw consent as described in Section 8.


Legal bases (GDPR)

4. Sharing with third parties

We use the following subprocessors:

We do not sell personal data.

5. International transfers

Data may be transferred outside the EEA to: Anthropic (US) and Google (US). All such transfers are governed by EU Standard Contractual Clauses (SCCs) and supplementary measures in accordance with GDPR Article 46.

6. Security

Data is encrypted in transit (TLS) and at rest where stored on our infrastructure. We maintain technical and organisational measures, including access controls, secure API key management, and session isolation between users.

7. Your rights

Under the GDPR you have rights including access, rectification, erasure ("right to be forgotten"), restriction, objection, and data portability. You can delete profile and check-in data via My Profile (Data Management), or email lauraottosolutions@gmail.com to request erasure of server-stored data.

We respond to requests within one month.

9. Complaints

You have the right to lodge a complaint with your supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).

10. Age restriction

The AI Coach chatbot is for users 18+ and cannot be used without accepting our EULA and this Privacy Policy in the AI Coach consent flow. Profile, progress tracking, and daily check-in data may be stored without that acceptance, but it is not processed by the AI Coach or sent to our AI provider until you have accepted those terms and confirmed you are 18 or older. We do not knowingly process health-related data of minors without appropriate consent where required by law.

11. Changes

We may update this Privacy Policy from time to time. We do not provide individual notice of changes. Continued use after the effective date of an updated version constitutes acceptance where permitted by law. The current version is always available at privacy.html.