Privacy Policy | Body ReCompanion
Last updated: June 2026 | Version: 1.1
1. Who we are
Controller:
Laura Otto Solutions
Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands
Registration (KvK): 94716501
VAT: NL005104012B61
Website: bodyrecompanion.com
Email: lauraottosolutions@gmail.com
2. Overview
Body ReCompanion is a web application that provides personalized AI-generated wellness and body recomposition advice. We process your data to deliver the service. Profile data, check-ins, and conversation context are stored on our EU-hosted infrastructure (Postgres database on Hetzner) so you can use those features across sessions. When you use the AI Coach, your messages and relevant context are transmitted through our servers to Anthropic (Claude) to generate responses.
We recommend you avoid sharing highly sensitive personal or medical data beyond what is needed for personalized coaching.
3. What personal data we process
3.1 Profile and preferences
- name, primary goal, experience level, current phase
- hormonal considerations (e.g. PCOS, menopause, pregnancy)
- main challenges and preferences
- body composition progress (current weight, body fat %, muscle mass, and historical trends)
Legal basis: Explicit consent (GDPR Art. 9(2)(a)) for health-related data.
Retention: Until you delete your data, withdraw consent, or for up to 90 days after your last activity (whichever is sooner).
3.2 Daily check-ins
- mood, energy, motivation scores, body feeling, date
Legal basis: Explicit consent (GDPR Art. 9(2)(a)).
Retention: Up to 90 days; you may delete at any time.
3.3 Conversation data and AI processing
The AI Coach is available only to users 18+ who have accepted our EULA and this Privacy Policy in the AI Coach consent flow. Until you do, conversation data is not collected and stored profile or check-in data is not sent to our AI provider.
When you use the AI Coach, your messages and the bot's responses are stored on our servers to maintain conversation context. Each request is also transmitted to Anthropic's Claude API together with:
- fitness-related details you voluntarily type in chat messages (may include health data if you disclose it);
- your profile context (name, goals, experience level, current phase, hormonal considerations, main challenges), only if you have given health data consent;
- your recent check-in patterns (mood, energy, motivation, body feeling scores from the past 7 days), only if you have given health data consent;
- your progress metrics (weight, body fat %, muscle mass trends from the past 30 days), only if you have given health data consent;
- a journey summary (e.g. days tracked, weight change trends), only if you have given health data consent;
- a summary of recent chat messages to maintain conversational context.
We do not use your conversations to train AI models. Anthropic processes prompts solely to generate your response and does not train on your data for our API use case.
Data transfers to the US are covered by Standard Contractual Clauses (SCCs) and additional safeguards under Anthropic's Data Processing Agreement.
Legal basis: Contract (Art. 6(1)(b)); for health-related context, your explicit consent (Art. 9(2)(a)).
Retention: Conversation context stored in Postgres is retained for up to 90 days, after which it is automatically deleted.
3.4 Consent event logging
When you accept the EULA, Privacy Policy, or health-data consent, we log the consent event type and timestamp on our server. This contains no message content, profile fields, or other personal details, only enough to demonstrate that consent was given (GDPR Art. 7(1)).
Legal basis: Legitimate interest (security & compliance).
Retention: Up to 2 years, or until no longer needed to demonstrate compliance.
3.5 Website usage and cookies
We use Google Analytics. Where required by law (e.g. in the EEA), we obtain your consent before activating analytics. You can withdraw consent as described in Section 8.
Legal bases (GDPR)
- Performance of contract (providing the service you requested)
- Legitimate interest (security & compliance)
- Explicit consent where you share sensitive health-related data
4. Sharing with third parties
We use the following subprocessors:
- Anthropic (Claude AI): AI processing of chat prompts and context. US-based; covered by DPA and Standard Contractual Clauses (SCCs). Does not train on your data for our use case.
- Google Analytics: website analytics (consent-based). US-based; covered by SCCs.
- Hetzner: application hosting and server infrastructure (EU-based). DPA in place.
- Postgres database: profile, check-in, and conversation storage (EU-hosted on Hetzner). DPA in place.
We do not sell personal data.
5. International transfers
Data may be transferred outside the EEA to: Anthropic (US) and Google (US). All such transfers are governed by EU Standard Contractual Clauses (SCCs) and supplementary measures in accordance with GDPR Article 46.
6. Security
Data is encrypted in transit (TLS) and at rest where stored on our infrastructure. We maintain technical and organisational measures, including access controls, secure API key management, and session isolation between users.
7. Your rights
Under the GDPR you have rights including access, rectification, erasure ("right to be forgotten"), restriction, objection, and data portability. You can delete profile and check-in data via My Profile (Data Management), or email lauraottosolutions@gmail.com to request erasure of server-stored data.
We respond to requests within one month.
8. Withdrawing consent
Health data (profile, check-ins): To withdraw consent for processing of your health-related data:
- Go to My Profile → Data Management
- Click "Clear All Data" to remove profile, check-ins, and progress data
- Or email lauraottosolutions@gmail.com to request withdrawal and deletion of server-stored data
Analytics (cookies): To withdraw analytics consent:
- Clear your browser cookies or local storage to reset your analytics consent choice
- Or clear cookies in your browser settings
Withdrawal does not affect the lawfulness of processing before withdrawal.
9. Complaints
You have the right to lodge a complaint with your supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).
10. Age restriction
The AI Coach chatbot is for users 18+ and cannot be used without accepting our EULA and this Privacy Policy in the AI Coach consent flow. Profile, progress tracking, and daily check-in data may be stored without that acceptance, but it is not processed by the AI Coach or sent to our AI provider until you have accepted those terms and confirmed you are 18 or older. We do not knowingly process health-related data of minors without appropriate consent where required by law.
11. Changes
We may update this Privacy Policy from time to time. We do not provide individual notice of changes. Continued use after the effective date of an updated version constitutes acceptance where permitted by law. The current version is always available at privacy.html.