Privacy Policy – Body ReCompanion
Last updated: 2026-02-17 | Version: 1.0
1. Who we are
Controller:
Laura Otto Solutions
Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands
Registration (KvK): 94716501
VAT: NL005104012B61
Website: bodyrecompanion.com
Support: Contact
2. Overview
Body ReCompanion is a web application that provides personalized AI-generated wellness and body recomposition advice. We process your data to deliver the service, including profile data and chat content sent to our AI provider (OpenAI) to personalize responses.
3. What personal data we process
3.1 Profile and preferences (stored in your browser)
- name, primary goal, experience level, current phase
- hormonal considerations (e.g. PCOS, menopause, pregnancy)
- main challenges and preferences
Legal basis: Explicit consent (GDPR Art. 9(2)(a)) for health-related data.
Retention: Until you delete your data or withdraw consent.
3.2 Daily check-ins (stored in your browser)
- mood, energy, motivation scores, body feeling, date
Legal basis: Explicit consent (GDPR Art. 9(2)(a)).
Retention: Up to 30 days; you may delete at any time.
3.3 Chat messages and AI processing
Your chat messages and relevant context are sent to OpenAI to generate personalized responses. We do not store chat history on our servers; it is stored locally in your browser.
Legal basis: Contract (Art. 6(1)(b)); for health-related context, your explicit consent.
3.4 Billing (when applicable)
Name, email, billing details via Stripe. Retention: 7 years (Dutch statutory requirement).
3.5 Website usage and cookies
We use Google Analytics. Where required by law (e.g. in the EEA), we obtain your consent before activating analytics. You can manage or withdraw consent via our cookie banner or Cookie preferences below.
4. Sharing with third parties
We share personal data with: OpenAI (AI processing), Google Analytics (website analytics, consent-based), Stripe (when applicable), Railway (hosting). Where required, we have data processing agreements.
5. International transfers
Data is transferred to OpenAI (US) and Google (US) under appropriate safeguards (Standard Contractual Clauses, DPA terms).
6. Security
We implement appropriate technical and organisational measures (GDPR Art. 32), including TLS encryption, access controls, and secure API key management.
7. Your rights
Under the GDPR you have rights including access, rectification, erasure, restriction, objection and data portability. Profile and check-in data are stored in your browser – you can delete them via My Profile (Data Management section). For other requests, contact lauraottosolutions@gmail.com.
8. Withdrawing consent
Health data (profile, check-ins): To withdraw consent for processing of your health-related data:
- Go to My Profile → Data Management
- Click "Clear All Data" to remove profile and check-ins from your device
- Or email lauraottosolutions@gmail.com to request withdrawal (we do not store this data on our servers; clearing locally is sufficient)
Analytics (cookies): To withdraw analytics consent:
- Click Cookie preferences to revoke and manage your choice
- Or clear cookies in your browser settings
Withdrawal does not affect the lawfulness of processing before withdrawal.
9. Complaints
You have the right to lodge a complaint with your supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).
10. Changes
We may update this Privacy Policy. The current version is at privacy.html.