LegalData Subject & Consumer Request Procedure
Data Subject & Consumer Request Procedure
Defined terms follow Definitions. Companion policies: Privacy Policy, Automated Decisions, Sub Processor List.
1. Who can make a request
| Requester | Scope |
|---|---|
| Account holder | Personal Data we process about your Being Optimal account and Environments |
| Authorized agent | Where permitted by law (e.g., CCPA/CPRA), with proof of authorization |
| Parent/guardian | Where applicable for a minor we should not have onboarded — see age section in Privacy Policy |
Being Optimal is the Controller for account, health-profile, meal, journal, AI conversation, and related product data (B2C). Named infrastructure vendors are Processors / sub-processors listed in the Sub-processor List.
2. Rights menu (by regime)
We honor rights available under applicable Data Protection Laws. Availability and exact scope depend on your location and the law that applies.
| Right | Typical regimes | How we handle (summary) |
|---|---|---|
| Access / know | GDPR, UK GDPR, CCPA/CPRA, PDPA, APPs, PDPO | Provide categories and, where required, a copy of Personal Data we hold |
| Rectification / correction | Most laws | Correct inaccurate account or profile data; many fields are editable in-product |
| Erasure / deletion | GDPR Art. 17, CCPA “delete,” others | Account deletion + deprovision path; caveats in §6 |
| Restriction | GDPR / UK GDPR | Limit processing where legally required |
| Objection | GDPR / UK GDPR | Object to processing based on legitimate interests or direct marketing |
| Portability | GDPR / UK GDPR | Structured export — full portability via privacy email; partial in-app (see §5) |
| Opt out of “sale” / “share” | CCPA/CPRA | We do not sell Personal Data for money; see Privacy Policy for “share” analysis (e.g., limited outbound partner click metrics) |
| Limit use of sensitive personal information | CCPA/CPRA | Health/pregnancy data is core to the product; contact [email protected] |
| Human review of automated decisions | GDPR Art. 22 posture | Scores and AI outputs are informational, not medical decisions — see Automated Decisions |
| Withdraw consent | GDPR Art. 7 / Art. 9 | Stop AI use, disable push, close account; withdrawal does not affect prior lawful processing |
If a right is not available in your jurisdiction, we may still honor reasonable requests as a matter of practice.
3. How to submit a request
3.1 Privacy inbox (primary for full rights exercise)
Email [email protected] and include:
- The type of request (access, correction, erasure, portability, restriction, objection, CCPA know/delete/opt-out, etc.);
- The email address associated with your account (and any prior emails if changed);
- Enough detail to locate records (Environment name if relevant);
- For agents: proof of authorization and identity of the consumer.
3.2 In-product correction
Many profile, preference, meal, and journal fields can be corrected directly in the signed-in Services without a formal request.
3.3 Account deletion (erasure initiation)
There is no dedicated in-app “delete account” API endpoint for end users. Deletion is initiated as follows:
- You delete (or request deletion of) your account via the Authentication Provider account / user management UI.
- The Authentication Provider emits a lifecycle event (e.g.,
user.deleted) delivered to our backend. - Our privileged backend runs deprovision for your site data and best-effort community anonymization (see §6).
If you cannot complete step 1, write to [email protected] and we will assist.
3.4 Support channel
Product questions that are not legal rights requests: [email protected]. We may re-route privacy matters to [email protected].
4. Identity verification
To protect Special Category Health Data and other Personal Data, we verify the requester before disclosing or acting:
| Check | Practice |
|---|---|
| Account match | Request email and account identifiers must match our records |
| Authentication | Prefer actions from a signed-in session where appropriate |
| Heightened scrutiny | For erasure or bulk access, we may require additional confirmation |
| Agents | Valid authorization + consumer identity verification as required by law |
| Failure to verify | We will not disclose or delete until identity is reasonably verified |
We do not request unnecessary government ID where less intrusive verification works.
5. Export & portability (important limitations)
5.1 In-app / API export (current product)
The product export is:
- Environment-scoped — it exports data for a selected Environment, not necessarily a single “whole account” bundle across all workspaces; and
- Partial — it is not a complete GDPR-style portability package of everything we process.
In-app export typically does not include (non-exhaustive; subject to product evolution):
| Excluded from current export | Notes |
|---|---|
| AI conversation bodies (messages / full chat content) | May still exist in database until erasure |
| Quiz progress / Knowledge Score | Educational progress |
| Notifications / push records | Preferences, logs, subscriptions |
| Share links / share records | Collaborative or public share artifacts |
ai_runs metadata |
Model-run metadata (not full prompt/response bodies in that table) |
| Inactive custom ingredients | Soft-deactivated custom foods may be omitted |
5.2 Full portability request
For a complete portability / access package, email [email protected]. We will provide what we can reasonably assemble from systems we control, subject to verification and the limits in §6–§8.
6. Erasure — how it works and honest caveats
6.1 Automated deprovision path
When account deletion is confirmed via the Authentication Provider lifecycle event, our privileged backend attempts to:
- Remove or cascade primary site data tied to your user (Environments, meals, journal, templates, combos, AI conversations where coded, profile prefs, etc.);
- Anonymize (not hard-delete) community forum identity where the Community Platform Provider is enabled — see §6.2;
- Return success when the automated job completes its steps.
Caveat: deprovision is automated but not certified as fully atomic. We do not currently issue formal “deletion certificates.” Failures may require manual follow-up via [email protected]. Remediation of known gaps is planned (PREFLIGHT DECISIONS).
6.2 Community forum — anonymized, not deleted
| Topic | Current practice |
|---|---|
| Forum posts / uploads | Anonymized (display name / email cleared as supported by the platform); content may remain visible in threads |
| Staff / moderator accounts | May be excluded from automated anonymize; handled manually |
| Best-effort | Step may fail silently in edge cases; contact privacy if content remains linked to you |
6.3 Orphan / lagging tables (known)
Some operational tables may not yet be fully wiped by automated deprovision and may lag until engineering remediation:
- Push subscriptions
- Notification log
- Notification preferences
- Quiz progress
- AI rate-limit hits
Contact [email protected] if you need assistance confirming cleanup of these rows.
6.4 Soft-delete of custom ingredients
Custom ingredients may be soft-deactivated and then removed with Environment cascade rather than immediately hard-deleted in isolation.
6.5 External copies we do not fully control
| System | Erasure reality |
|---|---|
| AI Model Providers | Prompt/response copies may be retained under the provider’s DPA / retention; we do not currently call provider-side deletion APIs on account erasure |
| Email Delivery Provider | Delivery logs may persist per provider retention |
| Cloud object storage (e.g., forum uploads) | May not be purged on every deprovision path today |
| Authentication Provider | Account identity is deleted/closed under that provider’s process |
6.6 Legal hold & mandatory retention
Erasure may be delayed or limited where:
- Legal hold suspends deletion where required by law applies (litigation, regulatory inquiry);
- We must retain records for fraud prevention, security, tax, or other legal obligations;
- Anonymized or aggregated data is no longer Personal Data.
7. Timelines
| Framework | Target response time |
|---|---|
| GDPR / UK GDPR | Within 1 month of receipt (extendable by up to 2 further months for complex/numerous requests — we will tell you) |
| CCPA/CPRA | Within 45 days (extendable by 45 days with notice) |
| Singapore PDPA / Australia APPs / Hong Kong PDPO / other APAC | Without undue delay and within local statutory limits |
We aim to acknowledge requests promptly. The GDPR 30-day window is our operational goal for EU/EEA/UK-style access and erasure where those laws apply.
8. Fees
Requests are free of charge, except where a law permits a reasonable fee for manifestly unfounded, excessive, or repetitive requests. We will explain any fee before charging.
9. Refusal, partial response, and appeals
We may refuse or limit a request where:
- Identity cannot be verified;
- Legal hold or mandatory retention applies;
- Disclosure would adversely affect others’ rights and freedoms;
- The request is manifestly unfounded or excessive;
- An exemption under the relevant law applies.
We will explain the basis for refusal or partial fulfillment and your options to:
- Reply to [email protected] to appeal or provide more information;
- Lodge a complaint with a supervisory authority (see Privacy Policy regional annexes);
- Seek judicial remedy where available.
10. Children
The Services are directed at adults (18+, self-attested). We do not knowingly process children’s data as users. If you believe we hold a child’s data, contact [email protected] for prompt deletion.
11. Operational contacts
| Need | Contact |
|---|---|
| Privacy rights & DSAR | [email protected] |
| Product support | [email protected] |
| Security incidents | [email protected] |
| Legal notices | [email protected] |
| DPO / privacy lead (if appointed) | [PENDING: DPO_CONTACT] |
Related documents
- Privacy Policy
- Sub Processor List
- Automated Decisions
- Records Of Processing
- Security And Compliance
- Contact And Legal Notices
- PREFLIGHT DECISIONS (operator accuracy notes)