← Instellingen

DPIA checklist (pre-launch)

Data Protection Impact Assessment — Autoriteit Persoonsgegevens guidance. Health data (AVG art. 9) applies to meal logs, weight, and conditions.

Technisch — geïmplementeerd

RLS on all user tables (Supabase migration)
TLS in transit
Encryption at rest (Supabase default)
JWT auth, service role restricted
Account deletion cascades (API + tests)
Export JSON/CSV (/v1/privacy/export)
Delete account (/v1/privacy/delete)
Consent toggles in Privacy Dashboard
DPO contact in privacy policy (privacy@nouri.nl)
Published privacy policy NL + EN

Juridisch / operations — nog te doen

Legal review of privacy policy
Confirm Supabase EU region in production project (scripts/verify_production_readiness.py)
DPA: Mistral / Anthropic / OpenAI / Kimi — see /subprocessors
Stripe / Mollie production DPAs
Vercel EU hosting confirmation
DPIA document archived for AP

Privacyverklaring (NL) · Privacy policy (EN) · SubverwerkersDPIA-archief (counsel): docs/compliance/dpia-nouri-2026.md