Skip to content
Being Optimal
Trust CenterPrivacyTermsPlans

Legal / Records of Processing Activities

Records of Processing Activities

Version 1.0.0-draft · Effective 2026-07-13 · Operator [PENDING: LEGAL_ENTITY_NAME]

Operator draft — not legal advice; counsel review required before relying on this text.

Contents

  1. 1. Controller identity
  2. 2. Processing activities (Article 30(1) style)
  3. 2.1 Core product & account
  4. 2.2 AI assistant
  5. 2.3 Communications & notifications
  6. 2.4 Community
  7. 2.5 Location, content, analytics, commercial
  8. 3. Special category (Art. 9) data
  9. 4. Categories of recipients
  10. 5. International transfers
  11. 6. Technical and organizational measures (summary)
  12. 7. Processor record (Article 30(2))
  13. 8. Maintenance
  14. Related documents

This record uses provider role labels only. Named vendors appear in Sub Processor List.


1. Controller identity

Field Value
Controller [PENDING: LEGAL_ENTITY_NAME]
Trading as Being Optimal, Site Nutrition
Registered address [PENDING: REGISTERED_ADDRESS]
Incorporation [PENDING: INCORPORATION_JURISDICTION]
Privacy contact [email protected]
DPO / privacy lead [PENDING: DPO_CONTACT]
EU representative [PENDING: EU_REP]
UK representative [PENDING: UK_REP]

Role model: Being Optimal is Controller for B2C account, health, nutrition, AI, community (as platform operator), and product-analytics processing described below. Infrastructure vendors are Processors / sub-processors. There is no general B2B “clinic processor” offering in the current product model (no customer DPA for clinics unless separately contracted).


2. Processing activities (Article 30(1) style)

2.1 Core product & account

Ref Activity Purposes Lawful basis (indicative) Data subjects Categories of personal data Recipients (roles) Transfers Retention
C-1 Account registration & authentication Provide Services; secure access Contract; legitimate interests (security) Users Email, name/profile metadata, auth subject id, session tokens Authentication Provider; Hosting Provider; CDN / Edge Network Provider; Database Provider Primarily United States; global edge delivery; SCCs/IDTA as needed Account life; sessions shorter
C-2 Environment & nutrition planner Meal planning; nutrient tracking; Day Score / grades Contract; Art. 9 explicit consent (health) Users Meal logs, combos/templates, ingredient quantities, scores Database Provider; Cloud Infrastructure Provider (compute) As above Active account lifetime; deletion on account close subject to Privacy Policy caveats
C-3 Health profile & gestational context Personalize targets; pregnancy-phase nutrition context Contract; Art. 9 explicit consent Users LMP/EDD, DOB, weight, ethnicity (if collected), trimester-related fields Database Provider As above Account life; deleted on close subject to caveats
C-4 Blood markers & symptoms journal Informational comparison to targets; user record-keeping Contract; Art. 9 explicit consent Users Lab values entered by user; symptoms notes Database Provider As above Account life
C-5 Custom ingredients & user content User-authored food entries Contract Users Custom nutrient entries; labels Database Provider As above Soft-delete then cascade; see DSAR
C-6 Preferences, entitlements, UI state Product configuration; tier features Contract; legitimate interests Users Preference flags, tier/entitlement metadata Database Provider; Hosting Provider As above Account life

2.2 AI assistant

Ref Activity Purposes Lawful basis (indicative) Data subjects Categories Recipients (roles) Transfers Retention
C-7 AI assistant (“Borg”) conversations Answer questions; planning help; propose-only edits Contract; Art. 9 explicit consent for health context in prompts; consent/ToS acceptance as implemented Users Message bodies; optional health-context snippets; safety filter signals Database Provider; AI Model Providers; Cloud Infrastructure Provider US / provider regions; SCCs/IDTA as needed While account active unless deleted; external Model Provider copies per provider DPA; external model copies per provider DPA (no provider delete API called today)
C-8 AI run metadata Reliability, rate limiting, debugging Legitimate interests; contract Users Run metadata (not necessarily full prompt/response bodies in metadata tables) Database Provider; Cloud Infrastructure Provider As above Operational period

2.3 Communications & notifications

Ref Activity Purposes Lawful basis (indicative) Data subjects Categories Recipients (roles) Transfers Retention
C-9 Transactional email Account, security, service notices Contract; legitimate interests Users Email, message content Email Delivery Provider; Email Design Provider (templates, operator-side) Configurable Provider log retention + operational need
C-10 Web Push Optional notifications Consent (push permission) Users Push endpoint, keys, payloads Database Provider; browser Push Delivery (VAPID/Web Push — no push SaaS) Device/endpoint Until unsubscribe / account close (orphan caveat)
C-11 In-app notification log / prefs Deliver and respect preferences Contract; legitimate interests Users Prefs, notification events Database Provider As above Operational; orphan caveat on delete

2.4 Community

Ref Activity Purposes Lawful basis (indicative) Data subjects Categories Recipients (roles) Transfers Retention
C-12 Community forum SSO & UGC Peer discussion; support Contract; legitimate interests; consent where required for cookies Users who join community Identity for SSO; posts; uploads Community Platform Provider; Cloud Infrastructure Provider (uploads where used) Forum host region Posts may remain anonymized after account close — not hard-deleted by default

2.5 Location, content, analytics, commercial

Ref Activity Purposes Lawful basis (indicative) Data subjects Categories Recipients (roles) Transfers Retention
C-13 Reverse geocoding Country/region for localization or profile Legitimate interests; consent where required Users who invoke feature Raw lat/lng (transient); derived country/region Reverse-Geocoding Provider; Database Provider (labels only) Global API GPS not stored; labels per account prefs
C-14 Help / Learning Center delivery Education; documentation Legitimate interests; contract Visitors & users IP/request logs; local search is client-side where Pagefind is used Hosting Provider; CDN / Edge Network Provider Edge global Log retention per host
C-15 First-party catalog / product analytics Improve catalog UX Consent where gated; legitimate interests for essential ops metrics Users / visitors as configured Pseudonymous choice events; no third-party analytics SaaS Database Provider; Cloud Infrastructure Provider Primarily United States; global edge delivery As needed for product improvement (first-party, pseudonymous)
C-16 Outbound partner / affiliate clicks Measure partner links Legitimate interests; disclosure in Advertising policy Visitors Pseudonymous click records (designed without stored user id; IP transient for rate limit) Database Provider; Hosting Provider As above Operational analytics period
C-17 Subscription billing (when live) Collect fees; manage plans Contract Paying users Billing email, subscription status, payment references — not full PAN Billing Provider; Database Provider (status) TBD when live [PENDING: BILLING_RECORD_RETENTION]
C-18 Security, fraud prevention, abuse Protect Services and users Legitimate interests; legal obligation Users & abusers IP, logs, rate-limit hits, abuse reports CDN / Edge Network Provider; Hosting Provider; Cloud Infrastructure Provider; Database Provider As above Security retention period
C-19 Legal compliance & DSAR handling Respond to rights; comply with law Legal obligation; legitimate interests Users; requesters Request correspondence; verification data Internal; counsel; regulators as required As needed Per legal hold / statutory periods
C-20 Automated informational scoring Day Score, nutrient flags, optimizer suggestions, Knowledge Score, blood-marker displays Contract; Art. 9 for health inputs Users Derived scores/flags from C-2–C-4 Primarily on-platform (Database / Cloud Infrastructure); see Automated Decisions Primarily United States; global edge delivery With source data

3. Special category (Art. 9) data

Categories Processing refs Art. 9 condition (indicative) Notes
Pregnancy timing, reproductive health context C-2, C-3, C-7, C-20 Explicit consent Core product purpose; disclosed in Privacy Policy
Health metrics, labs, symptoms C-3, C-4, C-7, C-20 Explicit consent User-entered; not clinical ingestion from labs
Health context in AI prompts C-7 Explicit consent + contract for service delivery International transfer to AI Model Providers

Withdrawal of consent: stop using AI / close account; see DSAR. Prior processing remains lawful where applicable.


4. Categories of recipients

Recipient role Typical processing
Authentication Provider Identity, sessions, lifecycle webhooks
Webhook Transport Delivery of auth lifecycle events
Database Provider Primary datastore + RLS
Hosting Provider Application hosting
CDN / Edge Network Provider DNS, edge, gateway
Cloud Infrastructure Provider Privileged APIs, heavy compute, object storage
Email Delivery Provider Transactional email
AI Model Providers Generative inference on prompts
Community Platform Provider Forum
Reverse-Geocoding Provider Lat/lng → place labels
Billing Provider Payments when live
Email Design Provider Operator template tooling
Push Delivery Browser Web Push (no third-party push SaaS)
Regulators / law enforcement Only under legal process
Professional advisors Counsel, auditors under confidentiality

Not recipients of Personal Data: Nutrient Data Source (public food composition catalog only).


5. International transfers

Mechanism (indicative) Use
Provider DPAs Sub-processors
Standard Contractual Clauses / UK IDTA (as applicable) Transfers outside EEA/UK
Technical measures TLS; RLS; least privilege
Organizational measures Access control; IR; vendor review

Primary hosting posture: Primarily United States; global edge delivery.


6. Technical and organizational measures (summary)

See Security And Compliance. Highlights:

  • TLS in transit; provider encryption at rest
  • RLS with user JWT on application data
  • No service role in Next.js frontend host; service role only on privileged backend
  • Secrets kept server-side
  • Privacy-forward absence of third-party ads/analytics/session-replay SaaS

Honest limitations: erasure is automated but not fully atomic; community content anonymized not deleted; external AI/email copies not purged via provider APIs — see Data Subject Request Procedure.


7. Processor record (Article 30(2))

Not generally applicable to the current B2C model: Being Optimal does not offer a multi-tenant “clinic processor” product in which customers are Controllers and Being Optimal is Processor for patient panels. If a B2B/clinic offering is launched, a separate Art. 30(2) schedule and DPA will be added.


8. Maintenance

Item Practice
Owner [PENDING: DPO_CONTACT] (or privacy lead)
Review cadence At least annually, and on material processing change (new AI provider, new health data type, billing live, etc.)
Cross-checks Sub Processor List, Legal Manifest, PREFLIGHT DECISIONS, deletion code paths
Legal hold Legal hold suspends deletion where required by law

Related documents

  • Privacy Policy
  • Sub Processor List
  • Data Subject Request Procedure
  • Automated Decisions
  • Security And Compliance
  • OPERATOR VARIABLES

Content hash: ebdc2bcc8d30… · Built 2026-07-15

← Back to Legal hub

© 2026 Being Optimal · Planning context, not medical advice.

Legal hub · Terms · Privacy · Cookies · Medical disclaimer · Contact