Iasis

Privacy policy

Last updated: 8 May 2026

Who we are

Iasis is an online directory of verified complementary and alternative medicine (CAM) practitioners in the Netherlands. Our platform helps patients find verified acupuncturists and TCM doctors and check whether their health insurance covers a visit.

Data controller: Iasis (iasis.life), the Netherlands. For data-related enquiries, contact us at privacy@iasis.life.

Data we collect and why

Practitioner profiles

We maintain a directory of licensed CAM practitioners. Practitioner data — including name, association membership, city, and practice details — is sourced from publicly available professional registers (NVA, ZHONG, RBCZ) and supplemented with information practitioners provide directly when they claim or update their listing.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — maintaining an accurate public directory of licensed practitioners serves the legitimate interests of patients seeking verified care.

Contact details (phone, email) are only displayed publicly when the practitioner explicitly enables this. By default, contact details are hidden.

Claim requests

When a practitioner submits a claim request to manage their listing, we collect their name, email address, association, and any message they include.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to and process the claim enquiry.

Retention: Claim request data is retained for 90 days if the request remains pending or in contact status. If the practitioner is onboarded, data is retained for the duration of the relationship plus any legally required period.

Verification documents (Phase 2)

When practitioners apply for a verified listing, we may collect identity documents, diplomas, and association certificates to verify credentials.

Legal basis: Contract (Art. 6(1)(b) GDPR) — necessary to perform the verification service.

Retention: Verification documents are stored in a private, access-controlled environment and deleted 5 years after the end of the practitioner relationship.

Usage data

We collect standard server logs (IP addresses, pages visited, timestamps) to operate and improve the service. We do not use third-party advertising trackers.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to maintain service security and diagnose technical issues.

Retention: Server logs are retained for a maximum of 30 days.

What we do not collect

Iasis does not collect or store health, medical, or treatment data about patients. Patients browse the directory anonymously. We do not create patient accounts, do not track appointments, and do not store any information about why a patient is seeking care.

Who we share data with

We share personal data only where necessary:

  • Supabase (EU Frankfurt) — our database and file storage provider. Data is stored in the EU.
  • Vercel — our hosting provider. Processes request data as part of serving the application.
  • Stripe — payment processing for practitioner subscriptions (Phase 2). We share only what is necessary to process a transaction.

We do not sell personal data to any third party.

Your rights under GDPR

If you are in the European Economic Area, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@iasis.life. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Security

We take reasonable technical and organisational measures to protect personal data, including row-level access controls, encrypted connections (HTTPS), and restricted access to sensitive documents. No internet transmission is completely secure; we cannot guarantee absolute security.

Changes to this policy

We may update this policy when our practices change. The date at the top of this page reflects the most recent revision. Material changes will be communicated to registered practitioners by email.

Contact

For any privacy-related questions, contact privacy@iasis.life or visit our contact page.