Privacy Policy

Last updated: 19 May 2026

WatSupAI is based in the Netherlands. This policy complies with GDPR and Dutch privacy laws.

1. Data Controller

Company: AllBlazing BV — c/o WatSup AI

Address: Buitenwatersloot 81, 2613 TB Delft, The Netherlands

Chamber of Commerce (KvK): 83648941

VAT Number: NL862946670B01

Email: support@watsupai.com

For privacy inquiries, email support@watsupai.com or see our contact page.

2. Legal Basis for Processing (GDPR Article 6)

We process your data based on:

  • Consent: For non-essential cookies and analytics (you can withdraw at any time)
  • Contract: For Pro subscription services and delivering scan results you request
  • Legitimate interest: For abuse prevention, rate limiting, security, and responding to contact messages

3. What Data We Collect

Free Tier

We do not create user accounts for free users. Quota limits use a hashed IP address stored on our servers (Upstash, EU) for abuse prevention only — we do not store your raw IP. Supplement text or images you submit are sent to our AI provider to generate a result; we do not keep your stack on our servers after processing. Popular inputs may be cached in hashed form for up to 24 hours (see Scans & Cache). Paying with Stripe does not connect your payment identity to scan content. Browser quota counters and Pro scan history may use localStorage on your device only.

Pro Tier

Email address (from Stripe), Stripe Customer ID, and Pro status flags stored with our hosting/database providers for subscription verification and rate limits. We do not store payment card details — Stripe handles payments.

Email contact

If you email us, we receive your email address, message content, and any name or details you include in your message.

Cookies

Analytics cookies (GA4) only after you accept via the cookie banner. Strictly necessary cookies may be used to operate the site.

4. How We Use Data

We use your data only for:

  • Generating AI-powered supplement stack analyses you request
  • Pro status verification and subscription management (Pro tier)
  • Payment processing (handled by Stripe)
  • Rate limiting and abuse prevention
  • Responding to contact messages
  • Analytics (only if you accept cookies)

We do not sell your personal data. We do not send marketing emails without consent. We use processors listed in Section 11 only as needed to run the service.

5. Data Storage

Scans & Cache

Scan inputs are processed in real time by our AI provider. We do not store your supplement list or shelf photos on our servers after the request completes. Popular scan results may be cached in hashed form for up to 24 hours (not tied to your Stripe account). Hashed IP quota counters are stored for abuse prevention.

Pro Tier

Stripe Customer ID and Pro status in our database (Upstash, EU) while your subscription is active. Payment details remain with Stripe only.

Contact Messages

Stored by Netlify Forms for as long as needed to handle your request and meet legal obligations.

Data Location

Our primary hosting and EU-based processors store data in the EU where possible. OpenAI (USA) may process scan content under standard contractual safeguards. See Section 11.

6. Data Sharing

We share personal data only with processors that help us run WatSupAI (payments, hosting, AI analysis, and analytics if consented). We require appropriate data processing agreements and safeguards. We do not sell personal data.

7. Your Rights (GDPR/AVG)

Under GDPR and Dutch privacy law (AVG), you have the right to:

  • Access: Request a copy of your data (Pro users can request their data)
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (Pro users can cancel subscription)
  • Portability: Request data export in a machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing
  • Withdraw consent: Opt out of cookies (cookie banner on first visit)

To exercise these rights, email support@watsupai.com. We'll respond within 30 days as required by GDPR.

8. Data Retention

We retain data only as long as necessary:

  • Hashed IP quotas: Up to 30 days
  • Scan cache: Up to 24 hours (hashed inputs only)
  • Pro tier: While subscription is active; removed after cancellation where applicable
  • Contact form: As long as needed for support and legal compliance
  • Cookies / consent: As per your cookie choice (stored in localStorage)

9. Security & Data Breaches

We use industry-standard security measures to protect your data. All data transmission is encrypted (HTTPS). Payment data is handled by Stripe (PCI DSS compliant). We don't store sensitive data on our servers.

In the unlikely event of a data breach that affects your personal data, we will notify you and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours as required by GDPR.

10. Cookies & Tracking

We use cookies for:

  • Analytics (GA4): To understand how users interact with our service (only if you accept cookies)

You can accept or decline cookies via the cookie banner. No cookies = no analytics. Your choice. See our cookie banner for more details.

11. Third-Party Services

We use the following third-party services:

  • Stripe: Payments and subscriptions (EU/US, SCCs)
  • OpenAI: AI text and image analysis for scans (USA, SCCs / DPA as applicable)
  • Upstash: Caching, quotas, and Pro flags (EU)
  • Netlify: Hosting and serverless functions (EU/US, SCCs)
  • Google Analytics (GA4): Analytics only if you accept cookies (USA, consent-based)

Where data is transferred outside the EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses and processor terms. You may request more information about transfers by contacting us.

12. AI Systems & EU AI Act

WatSupAI uses artificial intelligence (including third-party models via OpenAI) to generate entertainment and educational supplement stack analyses. Outputs are automated and may be inaccurate or incomplete.

  • Not medical advice: The system does not diagnose, treat, or prescribe. It is not a medical device or clinical decision tool.
  • Transparency: You are interacting with AI-generated content, not a human nutritionist or doctor.
  • Your input: Do not submit special-category health data you are not comfortable sharing with our processors.
  • Human review: Contact us if you believe an output is harmful or incorrect; we do not guarantee manual review of every scan.

We assess our service as a limited-risk AI use case focused on general wellness entertainment, not high-risk healthcare AI under the EU AI Act. If classification changes, we will update this policy.

13. Children's Privacy

WatSupAI is 18+ only. We don't knowingly collect data from anyone under 18. If you're under 18, please don't use our service.

14. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of any changes by updating the "Last updated" date at the top of this page. Continued use of our service after changes constitutes acceptance.

15. Contact & Complaints

Data Protection Contact: For privacy questions or to exercise your rights, email support@watsupai.com.

Complaints: If you're not satisfied with our response, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

EU Online Dispute Resolution: For consumer disputes, you can use the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

Not medical advice. Advanced AI-generated — not lab results. Consult a doctor. Get blood work. 18+ only.

← Back to home