LegalPrivacy Policy
Privacy Policy
1. Who we are
[PENDING: LEGAL_ENTITY_NAME] (Being Optimal, we, us, our), trading as Being Optimal, Site Nutrition (product surfaces may say “Site Nutrition”), provides a pregnancy-nutrition consumer application and related websites.
| Item | Detail |
|---|---|
| Controller | [PENDING: LEGAL_ENTITY_NAME] |
| Registered address | [PENDING: REGISTERED_ADDRESS] |
| Incorporation | [PENDING: INCORPORATION_JURISDICTION] |
| Privacy contact | [email protected] |
| DPO / privacy lead | [PENDING: DPO_CONTACT] |
| EU representative | [PENDING: EU_REP] |
| UK representative | [PENDING: UK_REP] |
| APAC privacy contact | [email protected] |
| Website | https://beingoptimal.org |
For how to exercise rights, see Section 12 and Data Subject Request Procedure. Master definitions: Definitions.
2. Scope
This Privacy Policy applies to Personal Data we process when you:
- Visit beingoptimal.org and related first-party sites (help, assets, community entry points)
- Create an account and use the nutrition planner / dashboard
- Use the AI assistant, Learning Center, quizzes, notifications, or sharing features
- Participate in the community forum (where enabled)
- Contact support or privacy channels
- Click partner/affiliate outbound links we instrument
It does not govern third-party websites you visit after leaving our Services (except our disclosure of click measurement). Community software is operated with a Community Platform Provider; additional forum privacy notices may apply on https://community.beingoptimal.org.
3. Special-category health data (read this first)
3.1 What we mean
Being Optimal is a pregnancy-nutrition product. In ordinary use we process data that is special category under GDPR Article 9 and similar laws (Special Category Health Data), including:
| Data | Examples |
|---|---|
| Pregnancy timing | Last menstrual period (LMP), estimated due date (EDD), gestational context derived from those anchors |
| Demographics related to health targets | Date of birth (DOB), ethnicity (where you choose to provide it for target personalization) |
| Body measures | Weight and related body stats you enter |
| Clinical-ish self-reports | Blood-marker / lab values you type in; symptoms you journal |
| Nutrition behavior | Meal logs, combos, templates, custom ingredients used to infer nutrient intake |
Day Scores, nutrient flags, optimizer suggestions, and AI replies are generated from this data and may themselves reveal health-related information.
3.2 Legal basis posture (EEA/UK and similar)
For Special Category Health Data, our primary posture is explicit consent (GDPR Art. 9(2)(a) / UK equivalent), obtained through account terms/privacy acceptance and your voluntary provision of health data and use of health features.
Implementation caveat: As of this draft, a separate first-run AI consent gate dedicated solely to Art. 9 AI processing may not yet be shipped. We recommend product follow-on for explicit AI consent. Until then, we rely on Privacy/Terms acceptance plus voluntary use of AI and health features. Counsel should confirm adequacy for launch markets.
Other non-special Personal Data may rely on contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), legal obligation (Art. 6(1)(c)), or consent (Art. 6(1)(a)) as described in Section 6.
3.3 Your control
You choose what health fields to enter. Some features work poorly without timing/profile data. You may request deletion or restriction as described in Section 12, subject to caveats in Section 13.
4. Personal Data we collect (inventory)
4.1 Data you provide
| Category | Examples | Notes |
|---|---|---|
| Identity & contact | Name, email | Via Authentication Provider |
| Account profile | Display preferences, locale/theme | |
| Pregnancy / health profile | LMP, EDD, DOB, ethnicity, weight | Special category |
| Labs & symptoms | User-entered blood markers, journal symptoms | Special category; not a medical record system of your clinic |
| Nutrition logs | Meals, quantities, combos, templates, custom ingredients | Special category when used for intake inference |
| AI conversations | Messages you send; assistant replies | Persisted; may include health context |
| AI preferences | Settings for assistant behavior | |
| Quiz / Knowledge Score | Progress and answers | Educational |
| Community UGC | Posts, uploads, profile on forum | |
| Support communications | Emails you send us | |
| Billing identity (when live) | Email, subscription status | Card data at Billing Provider, not stored by us |
4.2 Data collected automatically
| Category | Examples | Notes |
|---|---|---|
| Technical | IP address, user agent, device/browser type | Used for security, rate limits, approximate geo at edge |
| Auth/session | Session tokens, device sessions | Authentication Provider |
| Product logs | API errors, entitlement checks, security events | Operational |
| Push subscription | Endpoint URL, keys | If you enable Web Push |
| Outbound clicks | brand_id, url, surface, partner flag | Pseudonymous — no user_id; IP transient only |
| First-party catalog analytics | Catalog choice events | Consent-gated when enabled |
| Approximate location labels | Country / region | See Section 5.4 (coordinates transmitted, not stored) |
4.3 Data from providers
| Source | Examples |
|---|---|
| Authentication Provider | Account id, email, profile fields, session lifecycle webhooks (via Webhook Transport) |
| Billing Provider (when live) | Subscription state, invoices metadata |
| Community Platform Provider | Forum user id linkage, moderation signals |
| AI Model Providers | Model outputs returned to us (we do not receive advertising profiles from them) |
4.4 Data we do not intentionally collect
- Full payment card PANs/CVVs (handled by Billing Provider)
- Precise GPS storage (see Section 5.4)
- Third-party advertising profiles
- Background continuous device location tracking
4.5 Children’s data
Services are not directed to children under 18. Age is self-attested; we do not operate a hard age-verification gate. See Section 15.
5. How we use Personal Data (purposes)
| Purpose | Examples | Categories |
|---|---|---|
| Provide the Services | Auth, sync meals, compute scores/targets, environments | Identity, health, meals, technical |
| Personalize nutrition context | Gestational timing, targets, flags | Health profile |
| AI assistant | Generate replies; optional propose-only writes | Conversations, health context snippets |
| Safety | Red-flag redirects, abuse detection, rate limits | Messages, technical, rate-limit rows |
| Notifications | Transactional email; optional push | Contact, push keys, notification prefs/logs |
| Community | SSO identity, host discussions | Identity, UGC |
| Improve product | Consent-gated catalog analytics; aggregated stats | Pseudonymous / aggregate |
| Partner measurement | Outbound click events | Pseudonymous click rows |
| Security & fraud | Session integrity, anomaly detection | Technical, auth |
| Legal compliance | Tax, accounting (when billing live), lawful requests | As required |
| Communications | Terms updates, support | Contact |
We do not sell Personal Data for money. See US annex regarding “share” for cross-context behavioral advertising (we do not engage in that practice with third-party ad networks).
6. Legal bases (summary table)
| Processing | Primary basis (EEA/UK-style) |
|---|---|
| Account + core planner contract | Art. 6(1)(b) contract |
| Special Category Health Data in planner | Art. 9(2)(a) explicit consent (+ Art. 6 consent/contract as applicable) |
| AI with health context | Explicit consent posture (Art. 9) + contract/legitimate interests for non-special metadata; see §3.2 caveat |
| Security, fraud, rate limits | Art. 6(1)(f) legitimate interests |
| Transactional email | Art. 6(1)(b) / (f) |
| Optional push | Consent (browser + product) |
| Consent-gated analytics | Consent |
| Pseudonymous outbound clicks | Legitimate interests (measurement, abuse prevention) |
| Legal obligations | Art. 6(1)(c) |
| Aggregated / de-identified research stats | Legitimate interests; not Personal Data when truly anonymous |
Legitimate interests include securing the service, preventing abuse, understanding feature performance in aggregate, and measuring partner links without building ad profiles. You may object where applicable (Section 12).
7. AI assistant data flows (important)
7.1 What happens when you chat
When you use the AI assistant:
- Your message and relevant health/context snippets from your environment may be assembled server-side.
- That prompt content is sent to one or more AI Model Providers to generate a response.
- Conversation content is persisted in our application database (conversation and message tables — full bodies, not merely run metadata).
- Separate AI run metadata records may store operational fields without full prompt/response bodies.
- Safety pre-checks may inspect content for red-flag patterns before or after generation.
7.2 International transfer
AI Model Providers process data primarily in the United States (and potentially other regions they operate). Using the assistant means international transfer of conversation and health context to those providers under their data processing terms.
7.3 Retention of AI data
| Store | Retention posture |
|---|---|
| Our conversation/message tables | While account active unless deleted; external Model Provider copies per provider DPA |
| AI run metadata | Operational retention while account active / as needed for security and debugging |
| AI Model Provider copies | Per provider DPA/retention; we do not currently call provider-side deletion APIs when you erase your account |
7.4 Not the same as Help search
Marketing or UI statements that “your questions never leave your device” apply only to browser-based Help Center search (client-side Pagefind over help content). They do not apply to:
- The AI assistant
- Cloud-synced planner data
- Server-side analytics or geo reverse-lookup
7.5 Automated outputs
Scores, flags, optimizer suggestions, lab comparisons, Knowledge Scores, and AI text are automated or semi-automated informational outputs — not medical decisions. Details: Automated Decisions & AI Transparency.
8. Location / reverse geocoding
8.1 Accurate claim: we do not store GPS coordinates
When you use a feature that resolves approximate place (for example, country/region for localization), your device may supply latitude/longitude to our application briefly.
8.2 Transmission disclosure
Raw coordinates may be transmitted to our Reverse-Geocoding Provider to convert lat/lng into place labels. We then:
- Persist country/region (or similar coarse labels) as needed for the feature
- Do not store the raw GPS coordinates in our application database as a retained location history
The Reverse-Geocoding Provider receives coordinates for the lookup request under its terms.
8.3 Edge geo signals
Our CDN / Edge Network Provider and Hosting Provider may see IP-derived geo signals as part of normal HTTP delivery. That is separate from optional device GPS reverse-lookup.
9. Sharing and sub-processors
9.1 Role-based processors
We use infrastructure and service providers under contracts. Bodies of legal docs use role labels. Named vendors appear in the Sub-processor List.
| Role | Purpose (summary) | Typical data |
|---|---|---|
| Authentication Provider | Sign-in, sessions, identity | Email, name, session tokens |
| Webhook Transport | Deliver auth lifecycle webhooks | Webhook payloads, user events |
| Database Provider | Primary app data with access controls | Health profile, meals, AI conversations, prefs |
| Hosting Provider | Web application hosting | HTTP requests, cookies |
| CDN / Edge Network Provider | DNS, CDN, edge security/gateway | IP, headers, geo signals |
| Cloud Infrastructure Provider | Privileged backend compute, object storage | Backend-processed data, forum uploads |
| Email Delivery Provider | Transactional email | Recipient email, message content |
| AI Model Providers | Generative assistant | Conversation content, health context snippets |
| Community Platform Provider | Forum + SSO | Identity, posts, uploads |
| Reverse-Geocoding Provider | Lat/lng → place labels | Raw coordinates transient |
| Billing Provider | Subscriptions when live | Billing email, subscription status (no card PAN with us) |
| Email Design Provider | Operator-side email templates | Template assets (not consumer health DBs) |
9.2 Community SSO scope
Forum single sign-on sends identity fields needed to create or link a community profile. Pregnancy timing fields (LMP/GA/trimester) are not shared via SSO under current product configuration.
9.3 Other disclosures
We may disclose Personal Data:
- To professional advisors under confidentiality
- In connection with a merger, acquisition, or asset sale (with notice where required)
- To comply with law, lawful process, or mandatory government requests (see Law Enforcement Guidelines)
- To protect rights, safety, and security of users, public, or Being Optimal
- With your direction (for example, share links you create)
9.4 What we do not share for ads
We do not integrate third-party ad networks, sell personal information to data brokers, or run third-party session-replay or marketing analytics pixels on the consumer app. Our Hosting Provider may collect limited page-view / performance telemetry (platform web analytics) separate from consent-gated first-party catalog analytics — see the Sub-processor List.
9.5 Nutrient Data Source
Public nutrient composition data (Nutrient Data Source) is a data source, not a Personal Data sub-processor.
10. International transfers
10.1 US-skewed infrastructure
Primary application processing and storage regions: Primarily United States; global edge delivery (primarily United States; global edge delivery).
10.2 Safeguards
Where we transfer Personal Data from the EEA/UK/Switzerland or other regions requiring safeguards, we rely on appropriate mechanisms such as:
- Standard Contractual Clauses (SCCs) or UK IDTA/Addendum with providers
- Provider certifications or frameworks where valid
- Technical measures (TLS in transit; encryption at rest as provided by vendors)
- Least-privilege application access patterns (see Security Overview)
Details vary by sub-processor; see DPAs referenced via the Sub-processor List.
10.3 Your responsibility
If you enter another person’s health data, you must have a lawful basis and any required consents.
11. Retention
| Data class | Retention |
|---|---|
| Account & planner data | Active account lifetime; deletion on account close subject to Privacy Policy caveats |
| AI conversations | While account active unless deleted; external Model Provider copies per provider DPA |
| First-party analytics | As needed for product improvement (first-party, pseudonymous) |
| Outbound click rows | As needed for partner reporting and abuse prevention |
| Auth logs / security logs | Provider and operational defaults; security need |
| Email provider logs | Per Email Delivery Provider retention |
| Billing records (when live) | [PENDING: BILLING_RECORD_RETENTION] |
| Legal holds | Legal hold suspends deletion where required by law |
| Backups | Rolling backup windows; residual copies expire with backup cycle |
Deletion is not always instantaneous or complete across every system — see Section 13.
12. Your rights
Depending on your location, you may have rights to:
| Right | Description |
|---|---|
| Access | Confirm processing and obtain a copy |
| Correction | Fix inaccurate data |
| Deletion / erasure | Request deletion (subject to exceptions and §13 caveats) |
| Portability | Receive data in a structured format (see §12.2 export limits) |
| Restriction | Limit processing in certain cases |
| Objection | Object to legitimate-interests processing |
| Withdraw consent | Where processing is consent-based (including special category) |
| Appeal / complain | Lodge a complaint with a supervisory authority |
| US consumer rights | Know, delete, correct, opt-out of sale/share, limit sensitive use — as applicable |
How to exercise: email [email protected] (or use in-product export where available). Procedure: Data Subject Request Procedure. We may need to verify your identity.
12.1 Account deletion mechanism (current product reality)
There may be no separate in-app “delete everything” button beyond Authentication Provider account deletion controls. Closing your account via the Authentication Provider typically triggers lifecycle webhooks that run our deprovisioning job. Contact [email protected] if you need assistance.
12.2 In-product export — environment-scoped and partial
The self-serve export feature is:
- Environment-scoped (exports the selected planning environment, not necessarily every account object), and
- Partial relative to a full “download all personal data” expectation.
Current export generally does not include:
- AI conversation / message bodies
- AI preferences (as applicable)
- Quiz / Knowledge Score data
- Notifications, push subscriptions, notification logs
- Shares
- AI run metadata (
ai_runs) - Inactive custom ingredients
For broader portability, contact [email protected]. We will fulfill applicable legal rights even where self-serve export is incomplete.
13. Deletion and erasure caveats (honesty section)
We automate deprovisioning on account deletion, but the following limitations currently apply. We state them so this Policy matches the product. Engineering remediation is tracked separately; wording will be upgraded when fixes ship.
13.1 Community forum — anonymized, not fully deleted
Forum posts and uploads are typically anonymized (display name/email cleared) rather than hard-deleted. Content may remain visible in anonymized form. Staff accounts are handled differently. Anonymization is best-effort and may fail silently in edge cases.
13.2 Orphan application tables (possible lag)
Some rows may not yet cascade automatically on deprovision, including notification and quiz/rate-limit related tables (for example: push subscriptions, notification log/preferences, quiz progress, AI rate-limit hits). [Fix planned.] Contact [email protected] for assistance purging stragglers.
13.3 External systems we do not fully purge today
| System | Caveat |
|---|---|
| AI Model Providers | Copies may remain per provider DPA; we do not currently call provider deletion APIs |
| Email Delivery Provider logs | Retain per provider retention |
| Cloud object storage for forum uploads | May not be purged on every path |
| CDN/hosting logs | Short-lived operational logs |
13.4 Custom ingredients
Custom ingredients may be soft-deactivated and later removed with environment cleanup rather than instant hard delete.
13.5 Deprovision process
Deprovisioning is automated but not guaranteed fully atomic/transactional across all stores. We do not yet issue certified deletion receipts. [Fix planned] for stronger orchestration and certificates.
13.6 Legal holds and exceptions
We may retain data when required by law, dispute, security investigation, or Legal hold suspends deletion where required by law.
14. Security
We implement administrative, technical, and organizational measures appropriate to risk, including:
- Encryption in transit (TLS)
- Encryption at rest as provided by Database Provider and cloud storage
- Authentication via Authentication Provider
- Application data access patterns designed around user-scoped authorization (row-level security with user JWT; no service-role keys in the public web application tier — privileged operations run on isolated backend infrastructure)
- Least-privilege operational access
No method of transmission or storage is 100% secure. Details and non-overclaim posture: Security & Compliance Overview. Report vulnerabilities: Vulnerability Disclosure Policy · [email protected].
15. Children
The Services are for users 18+. They are not directed to children under 18. We do not knowingly collect Personal Data from children under 18. Age is self-attested; we do not currently verify age with identity documents at sign-up. If you believe a child under 18 provided data, contact [email protected] and we will take appropriate steps.
16. Cookies and similar technologies
We use essential authentication cookies, functional storage, optional push, and pseudonymous outbound click beacons. We do not currently deploy non-essential third-party advertising cookies. Full detail: Cookie Policy.
Help Center browser search runs on-device; that is a search implementation detail, not a cookie, and is not an AI privacy promise.
17. Automated decision-making
We use automated processing to generate informational scores, flags, optimizer suggestions, lab comparisons, Knowledge Scores, and AI replies. These are not intended to produce legal or similarly significant medical decisions about you without human involvement (you and your clinician decide care). See Automated Decisions. You may contact [email protected] to contest or seek explanation of significant automated outputs where law provides that right.
18. Third-party links and partners
Outbound partner links may record pseudonymous click events (Section 4.2). Partner sites have their own privacy policies. Advertising disclosures: Advertising & Affiliate Disclosure.
19. Changes to this Policy
We may update this Privacy Policy. Material changes (especially new AI purposes, new special-category uses, or new tracking) will be noticed by reasonable means and may require re-acceptance. The “Effective” date and suite version will update.
Version: 1.0.0-draft · Effective: 2026-07-13
20. Contact
| Topic | Contact |
|---|---|
| Privacy requests | [email protected] |
| DPO / privacy lead | [PENDING: DPO_CONTACT] |
| Legal | [email protected] |
| Support | [email protected] |
| Security | [email protected] |
| EU rep | [PENDING: EU_REP] |
| UK rep | [PENDING: UK_REP] |
| APAC | [email protected] |
Postal: [PENDING: REGISTERED_ADDRESS]
Regional annexes
These annexes apply when you are in the relevant region. If they conflict with the main body on a region-specific mandatory point, the annex controls for that point.
Annex A — EEA / EU (GDPR) [ON]
A.1 Controller
[PENDING: LEGAL_ENTITY_NAME] is controller for Personal Data processed in connection with the Services. EU representative: [PENDING: EU_REP] (if required and appointed).
A.2 Special category data
Processing of health-related data relies on Art. 9(2)(a) explicit consent, together with an Art. 6 basis for the overall processing. You may withdraw consent without affecting prior lawful processing, but we may be unable to provide health features thereafter.
A.3 Transfers
Transfers outside the EEA use appropriate safeguards (Section 10), including SCCs with sub-processors where applicable.
A.4 Rights
You have GDPR rights of access, rectification, erasure, restriction, portability, objection, and consent withdrawal. You may lodge a complaint with your local supervisory authority. Identity verification may be required.
A.5 Art. 22
Informational scores and AI guidance are not intended as solely automated decisions producing legal or similarly significant effects. If you believe a particular output has such effect, contact [email protected].
A.6 Data Protection Officer
[PENDING: DPO_CONTACT]
Annex B — United Kingdom [ON]
B.1 Law
UK GDPR and Data Protection Act 2018 apply to UK users as applicable. UK representative: [PENDING: UK_REP] (if required).
B.2 Special category / transfers / rights
Substantively parallel to Annex A, with UK transfer tools (IDTA/Addendum) where used. Complaints may be directed to the UK Information Commissioner’s Office (ICO) and to [email protected].
Annex C — United States (CCPA/CPRA and state laws) [ON]
C.1 Categories collected
We collect identifiers; customer records information; protected health-adjacent information you submit (not necessarily HIPAA covered — Being Optimal is generally not a HIPAA covered entity or business associate for this B2C consumer app); internet/technical data; geolocation labels (coarse); inference-like scores generated from your logs; and sensory-adjacent content only if you upload media to community features.
C.2 Sources and purposes
See Sections 4–5. Purposes include providing the Services, security, analytics (first-party, consent-gated), and partner click measurement.
C.3 “Sale” / “Share”
We do not sell Personal Information for monetary consideration. We do not share Personal Information for cross-context behavioral advertising with third-party ad networks. Pseudonymous outbound click logs are first-party measurement, not a third-party ad auction.
If you believe an opt-out still applies under a broad state definition, contact [email protected] or use any published preference signal process we enable. We will honor Global Privacy Control where legally required for covered selling/sharing once such activity exists; under current practices, there is no adtech sale/share to opt out of.
C.4 Sensitive personal information
Pregnancy and health information you provide is treated as sensitive. We use it to provide the Services you request, not for unexpected secondary ad profiling. You may request limitation of sensitive PI use to what is necessary to perform the Services by contacting [email protected].
C.5 Rights
California and certain other states provide rights to know, delete, correct, portability, and non-discrimination for exercising rights. Submit requests to [email protected]. Authorized agents may submit with proof as required by law. We will respond within statutory timelines.
C.6 HIPAA note
Unless we expressly enter a BAA for a future covered offering, this consumer app is not designed as a HIPAA electronic health record. Do not assume HIPAA applies.
C.7 Children
We do not knowingly sell or share personal information of consumers under 16. Services are 18+.
Annex D — APAC (Singapore PDPA, Australia Privacy Act/APPs, Hong Kong PDPO, and similar) [ON]
D.1 Contact
[email protected] (defaults to privacy channel).
D.2 Notification and consent
We notify you of purposes via this Policy and product UI. Where local law requires consent for health data or cross-border transfer, your account acceptance and voluntary use of features constitute consent to the extent permitted; we may implement additional just-in-time consents.
D.3 Cross-border transfer
Personal Data may be transferred to and processed in the United States and other countries where our sub-processors operate. We take reasonable steps to ensure recipients protect Personal Data consistently with this Policy and applicable law.
D.4 Access and correction
You may request access and correction via [email protected]. We respond within timeframes required by local law (for example, PDPA access timelines).
D.5 Australia APP note
We handle personal information in accordance with the Australian Privacy Principles as applicable to our activities. Overseas disclosures are described in this Policy. Complaints: contact us first; you may also contact the OAIC.
D.6 Singapore PDPA note
Deemed consent and contractual necessity may apply to account processing; health data is collected for the purpose of providing nutrition planning features you request. Withdrawal of consent may mean we cannot continue those features.
D.7 Hong Kong PDPO note
Data is used for purposes stated herein. You may request access/correction under PDPO via [email protected].
21. Related documents
| Document | Link |
|---|---|
| Terms of Service | Terms Of Service |
| Cookie Policy | Cookie Policy |
| Acceptable Use | Acceptable Use Policy |
| Electronic Communications | Electronic Communications |
| Medical Disclaimer | Medical Disclaimer |
| Sub-processor List | Sub Processor List |
| DSAR Procedure | Data Subject Request Procedure |
| Automated Decisions | Automated Decisions |
| Security Overview | Security And Compliance |
| Preflight accuracy decisions (operators) | PREFLIGHT DECISIONS |
22. Document control
| Field | Value |
|---|---|
| Suite version | 1.0.0-draft |
| Effective date | 2026-07-13 |
| Session | legal-suite-20260713 |
| Status | Operator draft — counsel review required |
| Regional annexes | EEA ON · UK ON · US ON · APAC ON |