Privacy policy

1. Introduction

Lean Clinic B.V. ("Lean Clinic", "we") provides digital lifestyle support for weight loss, with medical assessment by BIG-registered doctors where medication may be appropriate. In this privacy policy we explain which data we process, why, how we keep it secure, how long we retain it and what rights you have under the GDPR and, where applicable, the WGBO.

2. Data controller

• Name: Lean Clinic B.V.
• Address: Bargelaan 200, 2333 CW Leiden, the Netherlands
• Chamber of Commerce: 97542695
• Email: contact@leanclinic.nl

Lean Clinic is the data controller for data processed within our platform and services. BIG-registered doctors and the pharmacy are generally independent data controllers for their own records (electronic patient records and pharmacy records). Data is only shared with the doctor or pharmacy where this is necessary and lawful, for example with your consent or on the basis of the treatment relationship.

3. Who this policy applies to

• Clients participating in our programme
• Users of our digital services (app, portal and AI coach)
• Visitors to our website
• Applicants and suppliers (limited; see also our contractual arrangements)

4. What data we process

4.1 Clients

• Identification & contact: name, address, city, email, phone number, date of birth and (optionally) gender.
• Administration: client number, treatment programme, linked coach and doctor, appointment details, payment references (via payment provider).
• Health data: reason for seeking help, medical history, medication use (including GLP-1), relevant measurements (such as BMI, weight and height), contraindications and side effects.
• Lifestyle data: eating habits, physical activity, sleep and stress assessments, progress measurements, and answers to questionnaires and assignments.
• BSN (citizen service number): only if and to the extent required by law (for example in the context of medication dispensed by the pharmacy), and kept to the minimum necessary.
• Identity verification: a photo of your identity document (passport or driving licence) and a selfie for verification purposes. This data is processed by our verification partner Stripe Identity and is not stored by Lean Clinic. See section 7 for details.

4.2 Users of digital services

• Account details: name, email and (optionally) phone number.
• Usage & technical data: login logs, role (doctor, coach or client), app activity, device and browser information, IP address.
• Provided by you: notes, answers, uploads (such as photos) and preferences.
• AI coach interactions: the questions and answers you enter. These are used to support you and personalise your programme. No decisions with legal consequences are made based solely on automated processing.

4.3 Website visitors

• Forms: name, email, phone (if provided) and your message.
• Technical: IP address, device/browser data, cookie IDs (depending on your cookie preferences).

5. Purposes and legal bases

• Care and support agreement (performance of contract / WGBO): intake, coaching, progress monitoring, medical consultation and (where indicated) physician review for (repeat) prescriptions.
• Legal obligations: fiscal retention requirement (7 years), WGBO retention (20 years for medical records), Wkkgz requirements (incidents/complaints).
• Legitimate interest: security and logging, quality improvement, prevention of fraud/misuse, service communications.
• Consent: where required (e.g. sharing health data with a physician, use of non-essential cookies, marketing emails). You can withdraw your consent at any time.

6. Sources of data

• Directly from you (registration, intake, app/portal, email, (video) consultation).
• From your physician (if you give consent for this or on the basis of a treatment relationship).
• Automatically via our platform (logs, security events).

7. Recipients and categories

• Physicians (BIG): independent data controllers for their own EHR; they receive only the data necessary for assessment/consultation.
• Pharmacy: independent data controller; medication dispensing and invoicing are handled directly through the pharmacy.
• Hosting & infrastructure: database/auth via Supabase (hosted on AWS EU, Frankfurt) and frontend hosting via Vercel. We have data processing agreements in place with these parties.
• Payment provider: Stripe (or equivalent) for payments/subscriptions.
• Identity verification (Stripe Identity): to confirm your identity, Stripe Identity processes your identity document and selfie. Stripe acts as an independent processor for this purpose and retains this data in accordance with their own privacy policy and applicable law. Lean Clinic receives only the verification result (confirmed/not confirmed) and does not store copies of your identity document. This verification is required under the BIG Act and regulations governing remote prescribing of medication.
• Video consultations (Daily.co): video consultations between you and the physician take place via Daily.co, integrated into our platform. The connection is encrypted. No video or audio recordings are made or stored, neither by Lean Clinic nor by Daily.co.
• Communication & support: email service and helpdesk tools where needed.
• Analytics (PostHog): with your consent, we use PostHog for website analytics and session recordings. Data is stored in the EU (via reverse proxy). PostHog has a DPA with us in accordance with GDPR requirements. See section 12 for details.
• Other processors only where necessary and contractually guaranteed (DPA/SCCs).

8. International transfers

We prefer to process data within the EEA. Where transfer outside the EEA takes place (e.g. by a sub-processor), we safeguard this with appropriate measures under the GDPR, such as the EU standard contractual clauses (SCCs) and additional measures where necessary.

9. Retention periods

• Medical (EHR) data: in principle 20 years (WGBO), unless a different statutory period applies.
• Coaching/lifestyle data: for as long as necessary for the programme and quality purposes; after that we delete or anonymise this data, unless a legal obligation requires longer retention.
• Financial records: 7 years (fiscal retention requirement).
• Log files: retained in accordance with our information security policy and proportionality (security/forensic needs).

10. Security

• Encryption in transit (TLS/HTTPS) and encrypted storage where appropriate.
• Separate roles and permissions (doctor/coach/administrator), row-level security and policy checks.
• Strict need-to-know principle; coaches have no access to medical records held by doctors.
• Authentication and access control; periodic review of authorisations.
• Automatic logging of (medical) changes; daily encrypted backups.
• Incident and data breach procedure (notification to the AP within 72 hours where required; informing those affected in the event of high risk).

11. Your privacy rights

• Access: a copy of your personal data.
• Rectification: correcting inaccurate data.
• Erasure: where possible and not in conflict with legal retention obligations (e.g. WGBO).
• Restriction: temporarily limiting the processing of your data.
• Data portability: in a transferable format, to the extent required by law.
• Objection: to processing based on legitimate interest or marketing.
• Withdraw consent: withdrawal cannot be applied retroactively, but it does apply to any future processing.

You can exercise your rights by contacting us at contact@leanclinic.nl. We aim to respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We kindly ask you to reach out to us first so we can resolve things quickly.

12. Cookies and tracking

12.1 Types of cookies

• Functional cookies: necessary for authentication, security and core functionality.
• Analytical cookies: for website analysis and user insights. We only place these with your consent via the cookie banner.

12.2 PostHog (Analytics)

With your consent, we use PostHog for website analysis and user experience research. PostHog collects:

• Page visits, click behaviour and scroll depth
• Device and browser information (type, operating system, screen size)
• Anonymised IP address (last octets removed)

Purpose: improving the user experience, identifying technical issues and optimising our service.

Data location: PostHog data is stored in the EU (via our own server with a reverse proxy to PostHog Cloud EU). PostHog has signed a DPA (Data Processing Agreement) with us in accordance with GDPR requirements.

Retention period: analytical data is kept for a maximum of 12 months, after which it is automatically deleted or anonymised.

12.3 Your choices and control

• On your first visit, a cookie banner will appear where you can choose to accept or decline analytical cookies.
• You can withdraw your consent at any time by clearing your browser cookies and refreshing the page. The cookie banner will then appear again.
• If you decline, we will not place any PostHog cookies and no analytical data will be collected.
• To withdraw your consent, you can also contact us at contact@leanclinic.nl.

13. AI, profiling and automated decision-making

Our AI coach helps you with personalised guidance based on information you provide. The AI does not make solely automated decisions with legal consequences or similarly significant impact. Medical indication/prescription is always assessed by a doctor.

13.1 Automated eligibility check

When you sign up, you complete a medical questionnaire. Our platform automatically checks whether, based on the information you provide, you meet the eligibility criteria for the treatment programme. These criteria are established in advance by the doctors at Lean Clinic.

If your answers suggest you may not be eligible (for example, due to certain contraindications), you will be informed of this. This is not a medical decision: the doctor always makes the final decision about admission to the treatment programme, following your consultation.

You have the right to request a personal reassessment if the automated check indicates you may not be eligible. You can do so by contacting us at contact@leanclinic.nl.

13.2 AI coach (Milo) and data sent to the AI provider

Our AI coach is intended solely for lifestyle guidance (nutrition, movement, sleep, stress and habits). The AI coach does not give medical advice and does not make diagnoses. For medical questions, questions about medication or dosage, and for any complaints or side effects, the AI coach will always refer you to your care team, and in urgent situations to your GP or 112.

For the AI coach, we use an external AI provider (Anthropic). To protect your privacy, we do not send directly identifying data (such as your name) to the AI provider; where necessary, your age is used instead of your date of birth. The data processed for guidance purposes is processed exclusively under a data processing agreement and is not used to train the provider's AI models. Your care team may view AI conversations for quality control and guidance purposes.

14. Minors

Our services are aimed at adults (18+). We do not process data from minors for this programme. If we have inadvertently received data relating to a minor, we will delete it upon notification.

15. Changes to this privacy policy

We review this policy at least once a year. For significant changes, we'll let you know by email or in the app. The most recent version is always available on our website.

16. Contact

Questions or requests? Email us at contact@leanclinic.nl.