Data Processing Agreement
Expected processor commitments for practitioner and clinic customers using NutriScope with client records.
Audience: Practitioner and clinic customers
This page sets out the intended Data Processing Agreement position for NutriScope customers where the practitioner or clinic is controller and NutriScope processes client records on their behalf.
A signed or accepted production DPA should replace this draft before onboarding real customers.
Roles
For practitioner-controlled client records, the practitioner or clinic is expected to be the controller and NutriScope is expected to be the processor. NutriScope may act as controller for its own account administration, product security, billing administration, support and legal compliance data.
Processing Subject Matter
| Category | Description |
|---|---|
| Subject matter | Hosted practice platform for client tracking, review, bookings, messaging, files, payments metadata and optional AI-assisted drafts |
| Duration | For the term of the customer relationship, plus any agreed retention, backup, legal or deletion period |
| Nature and purpose | Storage, retrieval, display, access control, notifications, workflow automation, support, security and approved integrations |
| Data subjects | Practitioners, clinic staff, clients, public booking visitors and support contacts |
| Personal data | Account details, client records, tracker submissions, observations, notes, messages, files, bookings, payment metadata, audit/security metadata |
| Special category data | Health-related client information, nutrition context, symptoms, biometrics, notes, messages, files, AI-review context and related records where entered |
Customer Instructions
NutriScope will process practitioner-controlled client records only to provide the service, follow documented customer instructions, meet security and legal obligations, or as otherwise agreed in the DPA.
Confidentiality
People authorised to process personal data for NutriScope should be bound by appropriate confidentiality obligations and given access only where needed for their role.
Security Measures
- Authentication and role-based access controls.
- Relationship-scoped row-level security for practitioner and client records.
- Server-only handling for service-role keys, hook secrets, Stripe secrets, video provider tokens and AI provider keys.
- Private or signed storage for files and meal photos.
- Encryption in transit and provider-managed encryption at rest where available.
- Verified Stripe webhook handling before mutating payment or booking state.
- Operational controls to avoid health data in URLs, frontend logs and analytics.
Subprocessors
NutriScope may use subprocessors for hosting, authentication, storage, email, payments, optional AI, optional video meeting creation, monitoring and support. The Subprocessors page records the current list and items still to be confirmed.
Assistance To Customers
NutriScope should provide reasonable assistance to practitioner or clinic controllers with data subject requests, deletion, export, security incident assessment and DPIA-related information, taking into account the nature of processing and available product tools.
Return And Deletion
At account closure or customer request, NutriScope should support export, deletion or return of practitioner-controlled client records, subject to legal retention needs, security logs, backup deletion windows and any agreed contract terms.
Personal Data Breaches
NutriScope should notify affected customer controllers without undue delay after becoming aware of a personal data breach affecting their processed client records and provide available information needed for assessment and notification duties.