Privacy Policy and Data Protection

Personal data provided by users, with their explicit consent, through the Application will be securely transferred to and stored at Hetzner Online GmbH's data center, located in Germany. TMA has established a Data Processing Agreement with Hetzner to ensure that all data is handled in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Hetzner, as a trusted third-party provider, employs robust security measures and follows strict protocols to safeguard user data.

TMA is a Greek company, registered under General Commercial Registry No. 007904401000, with Tax Identification Number 998889850, and headquartered at 151 Al. Papanastasiou Avenue, Piraeus, Attica, P.C. 18533. For any inquiries, users can contact TMA by phone at +30 211 1165330-2 or via email at [email protected].

All personal data is processed solely by TMA in accordance with this Privacy Policy and for the explicitly stated purposes.

If you have questions regarding the storage or protection of your personal data, wish to exercise your rights under applicable data protection laws (such as access, rectification, or deletion), or would like to file a complaint, you may contact TMA’s Data Protection Officer (DPO).

You can do so by sending a letter to 151 Al. Papanastasiou Avenue, P.C. 18533, Piraeus, Attica, Greece, or via email at [email protected].

The full Privacy Policy of TMA regarding the “ePokratis MedAiConnect” application is available at:

https://tma.gr/epokratis-privacy-policy-ios-en/.

TMA has appointed a dedicated Data Protection Officer (DPO) to oversee and ensure compliance with all applicable data protection regulations, including GDPR.

You can contact the DPO directly at [email protected] for any data privacy-related inquiries or concerns.

By submitting your personal data through the Application, you acknowledge that you have read, understood, and explicitly accepted this Privacy Policy. You provide your informed consent for the collection and storage of your personal and medical data as detailed in this Privacy Policy and the Application’s Terms of Use.

Consent is gathered through an opt-in checkbox or similar user action during the sign-up process where the users are explicitly prompted to actively agree to this policy before proceeding to use the Application, ensuring transparency and user control.

You may withdraw your consent at any time through the settings menu by deleting your account or uninstalling the Application.

Users are responsible for ensuring that the information they provide through the Application is accurate, complete, and up to date. Users must maintain data that truly reflects their current situation.

TMA is not responsible for any issues arising from false, incomplete, or outdated information provided by users and reserves the right to hold users accountable for any resulting damages to TMA or third parties.

The legal basis for storing your personal data is your decision to register in the Application to use its services. By registering, you provide explicit, clear, and fully informed consent for the storage of your data.

Storage of your personal data is also based on the legal ground of contract execution, as users must accept the Application’s Terms of Use before accessing the services. If you do not agree to these terms, you may choose not to install or use the Application.

For special categories of data, such as health-related information, the legal basis is your explicit consent, which is required for their storage and handling.

The provision and access to special category personal data during doctor support via video call is based on the necessity of processing such data to effectively provide teleconsultation services.

TMA protects the data you provide with your explicit consent through the Application, whether in text, video, image, or audio format, for the purpose of facilitating assessment of your health condition by healthcare professionals contracted with TMA.

Data is collected only when it is explicitly provided by the user or during active interactions related to the use of services. No personal data is collected during general navigation within the Application, nor is any information gathered passively or in the background without the user’s knowledge or consent.

Users may optionally provide information such as gender, date of birth, weight, height, allergies, family medical history, surgical history, and current medications. This information helps the healthcare professionals contracted with TMA to better contextualize symptoms and offer more informed feedback during consultations, ultimately supporting higher service quality.

It is important to note that the ePokratis MedAiConnect application itself does not perform any medical analysis, diagnosis, or treatment based on the provided data. The Application solely serves to facilitate secure communication and information exchange between the user and healthcare professionals.

When using the video call service, you explicitly consent to sharing text, audio, video, and/or photos with the selected healthcare specialist.

When booking a doctor appointment through the Application, you are required by Greek law to provide your Social Security Number (SSN). This is mandatory to enable doctors to issue valid prescriptions, create official medical records, and generate legally compliant receipts (e.g., for reimbursement via the National Organization for Healthcare Services Provision in Greece ("EOPYY")). Your SSN is exclusively used for these specific legal and medical documentation purposes.

When you initiate the purchase of a doctor session from within the Application (by tapping the relevant buttons), the Application follows these steps:

1. Validation of Required Information:
   • The Application first checks if your SSN is present and whether your core personal details (First Name, Last Name, Email, and Phone) are complete and valid.
2. Consent Prompt (if SSN is Missing):
   • If your SSN is not already stored, you will be presented with a clear consent prompt explaining why your SSN is required. You must explicitly confirm your understanding and consent by selecting the provided checkbox before continuing.
   • If you decide not to consent by selecting "Cancel," the purchase process will halt, and you will not proceed to the dedicated doctor session e-shop.
3. Review and Update Personal Details Form:
   • After providing consent (if your SSN was missing) or if your SSN already exists but other core fields are incomplete or invalid, you will see a "Review and Update Your Details" form. Here, you can provide or update your SSN and correct or complete any other required personal information.
   • An "x" button at the top-right allows you to exit the process at this stage. If you choose this option, the purchase process stops, and you will not be redirected to the doctor session e-shop.
   • The "Submit" button will activate only when all information entered is correctly validated.
   • Upon submission, your data is securely saved, and you will then be redirected to a dedicated e-shop, exclusively managed by TMA and specifically created for Application users, to complete your doctor session purchase.

If your SSN and core personal fields are already fully validated, you will immediately proceed to the dedicated doctor session e-shop without interruption.

When initiating a medical device purchase through the Application, the following two-step process occurs:

1. Validation of Core Personal Data:
   • The Application checks if your core personal fields (First Name, Last Name, Email, and Phone) are complete and valid.
   • If any information is missing or invalid, a "Review and Update Your Details" form will appear, allowing you to correct and complete this data.
   • You may cancel this step at any time via an "x" button at the top-right; doing so will prevent you from proceeding to the device e-shop.
   • After submitting the form, your updated details are securely stored.
   • If all core personal details have already been validated, this step is automatically skipped.
2. Optional SSN for Official Invoice:
   • Once your core personal data is confirmed, the Application checks whether your SSN is already stored.
   • If a valid SSN is on file, this step is skipped, and you are immediately redirected to the dedicated device e-shop.
   • If no SSN is stored, you will be presented with an optional consent prompt asking if you would like to provide your SSN. Providing your SSN is entirely optional and intended solely for receiving official tax or insurance invoices (for reimbursement via EOPYY or declaring as a medical expense for tax purposes).
   • You may either:
     • Proceed without providing your SSN: You will immediately continue to the device e-shop.
     • Provide your SSN: A dedicated SSN entry form will appear. Your SSN is securely saved only after explicit confirmation and correct validation. If you cancel at this stage, you will proceed directly to the device e-shop without saving your SSN.

If your SSN is already on file and your core data has already been validated, you will seamlessly proceed to the dedicated device e-shop without any intermediate prompts.

Your SSN is securely stored and strictly used only for the aforementioned purposes (issuing valid prescriptions, medical records, receipts, and official invoices if requested). You may withdraw your consent and request the deletion of your SSN at any time through the Application’s settings menu under "Manage SSN Consent". If you withdraw your consent, you will no longer be able to purchase doctor sessions and hence book doctor appointments or receive official invoices requiring an SSN unless you provide it again in the future.

Users can record health data in the Application through various methods:

• Bluetooth Medical Devices: For compatible Bluetooth medical devices (such as blood pressure monitors, oximeters, thermometers, scales, electrocardiographs, and multi-parameter devices), vital sign measurements are automatically transferred to the Application via secure Bluetooth connectivity.
• Manual Input: For devices that are not compatible, users can manually enter their measurements, symptoms, and other health-related information directly into the Application.

All health data is collected only with the user’s explicit consent and is stored securely in accordance with this Privacy Policy and applicable data protection regulations.

The Application utilizes advanced AI technology and the mobile device’s camera to provide informational measurements of Stress Level, Pulse Rate (heart rate), and Respiratory Rate (breathing rate). These measurements are derived using remote photoplethysmography (rPPG), a scientifically validated non-contact optical technique that analyzes subtle variations in skin color caused by blood volume fluctuations associated with cardiac and respiratory cycles.

All AI-generated measurements provided by the Application—including Stress Level, Pulse Rate, and Respiratory Rate—are intended strictly for informational and wellness purposes. They are not intended for clinical use, medical diagnosis, or treatment and should not be interpreted as a substitute for professional healthcare advice, diagnosis, or treatment. Users experiencing symptoms such as stress, palpitations, dizziness, chest pain, breathing difficulties, other respiratory symptoms, or other concerning conditions should promptly consult a licensed medical professional.

Measurements are advisory and approximate; results may vary based on lighting conditions, skin tone, camera quality, motion artifacts, and individual physiological factors. For optimal results, users should perform measurements in a well-lit environment, remain as still as possible, and carefully follow in-app guidance. These measurements should never be used as a basis for medical decisions.

To ensure user privacy and data confidentiality:

• No images or video files are stored on any servers, including those of Hetzner Online GmbH, our trusted third-party hosting provider, during or after AI-based measurement processing.
• Video captured for analysis is processed exclusively on the user's device. Facial data is blurred during processing to prevent identification, and blurred video data is never retained.
• All measurement processing is conducted locally on the user's device, ensuring that sensitive data remains secure and private.
• Any health-related data generated through the AI-based measurements is provided exclusively for the user’s personal information and is not stored or transmitted externally by the Application.
• All data processing strictly adheres to applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR), maintaining the highest standards of user data security and confidentiality.  

The stress level measurement is derived from Heart Rate Variability (HRV) analysis and utilizes the Baevsky Stress Index, a scientifically recognized metric. The Baevsky Stress Index reflects the strain on regulatory systems and the balance between sympathetic and parasympathetic nervous system activity, with elevated values indicating increased sympathetic activation and reduced HRV, i.e., increased stress levels.

For more detailed information on the Baevsky Stress Index and its applications, please refer to the following studies:

• Kubios: "PNS and SNS Indexes in Evaluating Autonomic Function" – Discusses the application of the Baevsky Stress Index in measuring cardiovascular stress and its correlation with sympathetic activation. Please refer to  PNS and SNS indexes in evaluating autonomic function - Kubios.
• BiomedGrid: "Stress Resistance: Diagnostic Aspects of Assessing Physiological Parameters in Response to Stress Testing" – Explores variations in the Baevsky Stress Index during stress tests and its significance in assessing autonomic nervous system activity. Please refer to Stress Resistance: Diagnostic Aspects of Assessing Physiological Parameters in Response to Stress Testing.
• Cardiometry: "Heart Rate Variability Analysis: Physiological Foundations and Main Methods" – Provides an in-depth explanation of the Baevsky Stress Index, its calculation, and its role in HRV analysis. Please refer to (PDF) Heart rate variability analysis: physiological foundations and main methods.

These studies underscore the Baevsky Stress Index's validity and widespread acceptance in evaluating stress through HRV metrics and establish the Baevsky Stress Index as a widely recognized tool in assessing stress levels.

AI-based Pulse Rate estimation using rPPG has been extensively studied and validated in the scientific literature, demonstrating its feasibility for non-contact wellness monitoring.

A foundational study by Verkruysse et al. (2008) demonstrated for the first time that robust plethysmographic signals (heart rate and respiratory rate) can be measured remotely using standard consumer-grade cameras and ambient light, without the need for specialized illumination or physical contact. Their work confirmed that the green channel of RGB video provides the strongest physiological signal due to the absorption characteristics of hemoglobin, establishing the scientific basis for modern rPPG-based pulse rate estimation and wellness applications.

A comprehensive 2024 review by Xiao et al., published in Biomedical Signal Processing and Control, rigorously evaluated both traditional and deep learning–based rPPG methods for heart rate measurement. The review demonstrated that, under controlled conditions, rPPG techniques can achieve mean absolute errors (MAE) as low as 1.5–2 beats per minute (bpm), with consistently high correlation coefficients (often exceeding 0.95) when compared to reference electrocardiogram (ECG) and contact-based photoplethysmography (PPG) measurements. Xiao et al. emphasized that these results confirm rPPG’s feasibility and strong potential for reliable, non-contact pulse rate monitoring in wellness and fitness contexts. The review also noted that accuracy may be influenced by lighting variability, skin tone, and motion, underscoring the importance of proper measurement conditions and user guidance.

Furthermore, a comprehensive 2025 systematic review by Debnath and Kim, published in BioMedical Engineering Online, analyzed 145 peer-reviewed studies and confirmed that integrating rPPG with advanced AI (deep learning) models significantly enhances the accuracy, stability, and robustness of non-contact heart rate estimation. Their review highlights that using AI to process rPPG signals effectively mitigates common challenges such as motion artifacts and lighting variations, supporting the strong potential of AI-enhanced rPPG technology for wellness and remote health monitoring — as implemented in our system.

Additionally, the Multi-Site Physiological Monitoring dataset (Speth et al., 2024) provides strong and comprehensive validation for rPPG-based pulse rate estimation using visible-light cameras. In this large-scale study involving 103 participants with diverse demographics (ages 18–58, various BMI and skin tones, and a balanced gender distribution), camera-based pulse rate estimates were rigorously compared against contact-based ground truth measurements obtained from multiple body sites using certified PPG sensors and pulse oximetry. The experiments demonstrated intra-dataset MAEs below 4 bpm, and cross-dataset evaluations with other standard rPPG datasets (such as PURE and UBFC-rPPG) showed MAEs below 2 bpm in certain cases, confirming strong agreement with reference measurements. Importantly, robust performance was maintained across various activities, including guided breathing, relaxation, and mild gaming, supporting the feasibility and accuracy of non-contact, camera-based pulse rate estimation for wellness and fitness monitoring. The study further highlighted that facial regions consistently yielded the most accurate and stable signals, underscoring the reliability of face-based rPPG measurements. However, as emphasized in the study, these methods are intended exclusively for informational and wellness use and are not designed for medical diagnosis or treatment.

Furthermore, a comprehensive 2025 clinical study by van Esch et al., published in Applied Sciences, evaluated the accuracy and feasibility of camera-based rPPG technology for continuous, non-contact monitoring of heart rate and respiration rate in real-world intensive care unit (ICU) conditions. This rigorous study included 36 ICU patients over a total of 699 hours of continuous monitoring, encompassing practical challenges such as varying illumination, patient movement, clinical interventions, and partial occlusion. The camera-based heart rate measurements achieved agreement within 5 bpm of gold-standard electrocardiogram (ECG) measurements in 81.5% of cases, with a MAE of approximately 6.5 bpm and overall coverage of 81.9%. Under optimal lighting conditions, the agreement improved markedly to 97.3%. For respiration rate, the camera-based system achieved agreement within 3 breaths per minute in 91.1% of cases, with an MAE of approximately 1.12 breaths per minute. These results underscore the robust performance of camera-based rPPG even in challenging real-world clinical environments and further validate its feasibility for continuous, non-contact vital sign monitoring in wellness and fitness contexts. However, as emphasized in the study, this technology is intended solely for informational and wellness purposes and is not designed for clinical diagnosis, medical decision-making, or treatment.

All these studies emphasize that rPPG-based pulse rate measurements are not intended for clinical diagnosis or treatment, and results may be influenced by environmental and individual factors.

AI-generated Respiratory Rate measurements are supported by peer-reviewed scientific evidence on the potential accuracy of rPPG-based estimation.

A large, hospital-based clinical study by Allado et al. (2022) involving 963 patients demonstrated excellent agreement between rPPG-derived respiratory rate measurements and standard thoracic belt measurements (96% agreement; intraclass correlation coefficient [ICC] = 0.784). The study, conducted in a real-life clinical setting at the University Hospital of Nancy in France, confirmed that rPPG could reliably measure respiratory rate across a diverse patient population, including variations in age, BMI, and skin phototype. The Bland–Altman analysis showed most measurements within tight limits of agreement, and no significant differences in accuracy were observed across demographic subgroups, underscoring the robustness and feasibility of rPPG for non-contact respiratory monitoring in wellness and telemedicine contexts.

Additionally, a 2025 study by Liao et al. published in Measurement: Sensors evaluated rPPG-based respiratory rate estimation and reported a MAE of 3.5 breaths per minute across various breathing rates in healthy individuals, confirming rPPG’s viability for non-contact wellness monitoring.

Furthermore, a systematic framework presented by Chen et al. (2019) demonstrated the feasibility and effectiveness of estimating respiratory rate from face videos using advanced motion compensation, two-phase temporal filtering, and signal pruning techniques. In their experiments using multiple video segments with ground truth reference measurements from a respiration belt, they achieved a low root mean square error (RMSE) of 2.16 breaths per minute and a successful estimation rate of 78.33% within 1 breath per minute error. These results further confirm the potential of rPPG-based contactless respiratory monitoring as a reliable, non-invasive approach for general wellness and informational purposes only, not intended for medical diagnosis or treatment.

Finally, experiments utilizing the Multi-Site Physiological Monitoring dataset (Speth et al., 2024) further demonstrated the feasibility and high accuracy of camera-based, non-contact respiratory rate estimation. In these studies, respiration signals were estimated from RGB video recordings using chest motion features, achieving a low MAE of 1.09 breaths per minute across a realistic range of breathing rates (10–20 breaths per minute), which corresponds to typical wellness and resting conditions in adults. The camera-based estimates exhibited strong correlations (approximately 0.8) with ground-truth respiration signals obtained from contact-based PPG sensors and respiration belts, confirming a close agreement. Moreover, the dataset included over 100 participants and diverse real-world activities, including guided breathing exercises, relaxation phases, gaming sessions, and breath-holding tasks, thereby showcasing the robustness and versatility of non-contact video-based respiratory monitoring in various wellness contexts. These findings support the potential of rPPG and video-based approaches as convenient, comfortable, and fully contactless tools for respiratory rate monitoring in non-clinical applications.

All these studies emphasize that these measurements are strictly for wellness and informational purposes, not clinical diagnosis or treatment, and accuracy may vary due to environmental and individual physiological conditions.

References

Verkruysse W., Svaasand L.O., Nelson J.S. Remote plethysmographic imaging using ambient light. Optics Express. 2008;16(26):21434-21445. doi:10.1364/OE.16.021434.

Xiao H., Liu T., Sun Y., Li Y., Zhao S., Avolio A. Remote photoplethysmography for heart rate measurement: A review. Biomedical Signal Processing and Control. 2024;88:105608. doi: 10.1016/j.bspc.2023.105608.

Debnath U., Kim S. A comprehensive review of heart rate measurement using remote photoplethysmography and deep learning. Biomedical Engineering Online. 2025;24:73. doi:10.1186/s12938-025-01405-5. PMID: 40542336; PMCID: PMC12181896.

Speth J., Vance N., Sporrer B., Niu L., Flynn P., Czajka A. MSPM: A Multi-Site Physiological Monitoring Dataset for Remote Pulse, Respiration, and Blood Pressure Estimation. arXiv preprint. 2024;arXiv:2402.02224. doi: 10.48550/arXiv.2402.02224.

van Esch R.J.C., Cramer I.C., Verstappen C., Kloeze C., Bouwman R.A., Dekker L., Montenij L., Bergmans J., Stuijk S., Zinger S. Camera-Based Continuous Heart and Respiration Rate Monitoring in the ICU. Appl. Sci. 2025;15(7):3422. doi:10.3390/app15073422.

Allado E., Poussel M., Renno J., Moussu A., Hily O., Temperelli M., Albuisson E., Chenuel B. Remote Photoplethysmography Is an Accurate Method to Remotely Measure Respiratory Rate: A Hospital-Based Trial. Journal of Clinical Medicine. 2022;11(13):3647. doi: 10.3390/jcm11133647.

Liao W., Zhang C., Rosenberger M., Notni G. Evaluation of contactless respiratory rate measurement: Thermography vs. rPPG. Measurement: Sensors. 2025;38(Suppl):101647. doi: 10.1016/j.measen.2024.101647.

Chen M., Zhu Q., Zhang H., Wu M., Wang Q. Respiratory Rate Estimation from Face Videos. arXiv preprint. 2019;arXiv:1909.03503. doi: 10.48550/arXiv.1909.03503.

Users can also upload medical test results or other relevant documents in digital format through the Application. Additionally, recent measurements from compatible medical devices — including, for example, blood pressure, weight, electrocardiogram (ECG), and glucose readings — are displayed in graphical format within the Application for easy access and review. These visual summaries help users monitor, understand, and track their health trends over time.

All uploaded documents and recorded measurements remain strictly private and accessible only to the user, unless explicitly shared during a consultation with a healthcare professional.

This includes information about appointments scheduled by the user (such as date, time, medical specialty, and doctor's name), as well as operational details related to teleconsultation services provided through the Application (such as consultation type, connection timestamps, and similar metadata).

This data is processed securely and used solely to facilitate accurate scheduling and enable private, confidential teleconsultations between users and healthcare professionals.

TMA collects and stores real-time location data from the user's mobile device only with the user's explicit consent, which is requested when the user selects the Send Location button within the Application. At that time, a clear usage description is provided to explain how the location data will be used (e.g., “Your location helps coordinate emergency assistance to your current position”).

By default, location sharing is disabled and requires user activation through a specific mobile device setting. Location data is collected solely for the purpose of facilitating immediate support and is not collected in the background or without user action.

It is stored only when the user actively selects the Send Location button and provides explicit consent, ensuring full transparency and user control over when and how their location is shared.

Information related to diagnosis, including prescribed treatments and dosages, is provided exclusively by healthcare professionals contracted with TMA.

The Application serves solely as a system for recording and conveying this information and does not itself perform diagnoses, prescribe treatments, or provide medical advice.

Users can purchase compatible medical devices and doctor sessions through dedicated online stores managed by TMA and offered exclusively to application users.

New users receive one free redemption unit to try AI-based measurement sessions (including stress level, pulse rate, and respiratory rate assessments).

To gain unlimited access to AI-based measurements, an active subscription is required.

Subscription purchases also provide additional benefits for doctor sessions:
•  Upon first activation of the Basic subscription, the user receives one free doctor session — even if previously downgraded from an Advanced subscription, provided that the Basic subscription had not been activated before.
•  Upon first purchase or upgrade to an Advanced subscription, the user receives three free doctor sessions.

Additionally, subscription purchases are available through the in-app purchase feature within the Application.

This includes the IP address used by the user (along with the date and time of connection) when accessing the Internet through their mobile device.

TMA may collect information or personal data from third parties only if the user has explicitly authorized these third parties to share such information.

For example, if a user registers on the Application using their Facebook, Google, or Apple account, these platforms may share relevant personal data included in the user’s profile with TMA, subject to user consent.

Your data is used exclusively for the following purposes:

• Service Delivery: To provide the requested services in line with the Application's Terms of Use.
• Teleconsultation Services: For facilitating video consultations with healthcare providers.
• Profile Management: To manage and monitor the user’s profile for personalization and service delivery purposes.
• Compliance Enforcement: To ensure that users comply with the General Terms of Use and Privacy Policy of the Application.
• Fraud Prevention: To detect and investigate potential fraud, illegal activities, or activities that violate the General Terms of Use.

TMA will only use personal data for the purposes described above. Under no circumstances will personal data be used for any other purpose unless the user has been informed in advance and has explicitly consented or has not objected within a reasonable time frame.

Stress level, pulse rate, and respiratory (breathing) rate measurements are processed locally on the user’s device and are not stored or shared.

Your personal data is stored securely on servers managed by Hetzner Online GmbH, TMA’s trusted third-party hosting provider, and will be retained for as long as you remain a registered user and have not requested deletion.

If you withdraw your consent or request account deletion, all personal data will be permanently deleted from these servers, unless applicable laws or regulatory obligations require longer retention for specific categories of data.

TMA will not share your data with any third party except in the following circumstances:

• Service Provision: Data may be shared with healthcare professionals and authorized service providers to facilitate teleconsultations, prescription issuance, and delivery of related services.
• User Consent: Data may be shared only based on your explicit consent, including when using features that involve third-party integrations (e.g., health data export or file sharing).
• Legal Compliance: Data may be shared if required by applicable law, court orders, or at the request of competent Authorities (e.g., for investigation, prevention, or enforcement related to illegal activities or public health concerns).

TMA may transfer users' personal data, including sensitive information, to healthcare professionals contracted with TMA, solely to provide services related to the Application’s functionalities, such as telemedicine consultations. This data originates from the ePokratis MedAiConnect mobile application and is securely transferred through a TMA-owned teleconsultation platform that complies with GDPR and other applicable privacy laws. Healthcare professionals can use this platform to securely access and view the data, prescribe treatments, and make the prescribed treatments available within the ePokratis MedAiConnect mobile application.

All contracted healthcare professionals engaged by TMA are based in Greece, and all user data will be transferred exclusively within Greece, where the Application will be launched and operated. TMA does not transfer user data to any other countries outside Greece.

No user data will be transferred outside of Greece unless explicitly authorized by the user, in compliance with applicable laws. In such cases, data will only be transferred under appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms approved under GDPR. If any future international data transfer is necessary, TMA will ensure full compliance with relevant data protection regulations and will notify users accordingly to obtain their explicit consent.

For example, if you choose to use the video call service for medical consultation, we may share your personal data (such as your name, symptoms, medical history, and uploaded files) with the healthcare professional who is providing the consultation. This transfer is essential for ensuring that the service is provided in a complete, safe, and accurate manner.

We ensure that healthcare providers who receive your data are bound to TMA through relevant contracts or legally binding acts to use your personal information exclusively for the provision of the requested services and in compliance with applicable data protection laws.

These healthcare professionals are required to follow the same level of privacy and security practices as outlined in this Privacy Policy. They are also subject to strict confidentiality obligations, medical ethics rules, and professional secrecy under Greek law.

Any misuse, unauthorized access, or further sharing of your personal data is strictly prohibited.

TMA performs regular checks and audits to ensure that healthcare professionals comply fully with these obligations.

By using the Application, you provide explicit, informed, and clear consent for the storage, processing, and sharing of your personal data with healthcare practitioners contracted with TMA. When you choose to initiate a consultation with a healthcare practitioner, you automatically consent to sharing the relevant data required for that consultation. This consent is obtained during registration and is necessary to access the Application's services.

Consent is also obtained for AI-based measurements (such as stress level, pulse rate, and respiratory rate), which are processed locally on your device and not stored or shared externally.

You have the right to withdraw your consent at any time by uninstalling the Application or deleting your account.

You may also withdraw consent for specific data uses, such as Social Security Number processing, directly from the Application settings under "Manage SSN Consent."

Withdrawal of consent will not affect the lawfulness of prior processing based on your consent before its withdrawal.

Please note that any information you provide directly to third-party providers not owned or operated by TMA is not covered by this Privacy Policy. We recommend reviewing the privacy policies of such third parties for details on how your data is handled.

This applies, for example, to subscription purchases made through the Application. These are handled via third-party services, such as Apple’s in-app purchase system and its authorized partners. TMA does not access or store your billing or payment details, which are processed under the privacy policies of those providers.

This clause does not apply to the official eShops or informational websites linked from within the Application, which are owned and operated exclusively by TMA for the purpose of supporting Application users. These platforms follow the same data protection standards as the Application and are governed by this Privacy Policy.

At ePokratis MedAiConnect, we are committed to protecting the security and confidentiality of your personal data. We employ advanced encryption protocols to ensure your data remains secure in compliance with industry standards. Below are the key security measures implemented in our solution:

We apply AES-256 encryption, a trusted and widely recognized standard, to secure all stored data. This encryption ensures that user data remains protected and inaccessible, even in the event of a physical storage breach.

While our third-party hosting provider, Hetzner Online GmbH, does not enable default encryption at the infrastructure level, all sensitive data stored through our Application is proactively encrypted at the application layer using AES-256.

All data transmitted between the Application and external servers is encrypted using HTTPS/TLS protocols. These protocols establish secure communication channels, protecting your data from interception and ensuring its integrity and confidentiality during transfer.

For added security, we implement client-side encryption for highly sensitive data where appropriate. This means your data is encrypted directly on your device before being transmitted to external servers, ensuring that only authorized systems or users with decryption credentials can access it.

We use a trusted Key Management Service (KMS) to securely manage and control encryption keys. Our key management practices include:

• Protecting keys using secure secret management tools and environment variables.
• Ensuring keys are never hard-coded or exposed in the app’s codebase.

Our hosting and storage solutions adhere to rigorous international standards for data protection, including:

• ISO/IEC 27001 (Information Security Management)
• ISO/IEC 27017 (Cloud Security)
• ISO/IEC 27018 (Protection of Personal Data in Cloud Environments)
• GDPR (General Data Protection Regulation compliance tools)

Our solution incorporates a comprehensive set of encryption protocols, including:

• AES-256 Encryption (for data at rest)
• TLS/SSL Encryption (for data in transit)
• Client-Side Encryption (for sensitive data)
• Data Masking and Tokenization (to further protect sensitive information)

We enforce role-based access control (RBAC) through our security rules to ensure that only authorized users can access specific data. This approach helps maintain the integrity and confidentiality of your personal information.

While we implement robust encryption and security measures, we encourage users to also take the following precautions to protect their data:

• Keep authentication credentials confidential.
• Regularly update passwords to maintain account security.
• Use the Application in secure, trusted environments and avoid sharing sensitive information over public or unsecured networks.

TMA is committed to implementing appropriate organizational and technical measures to protect the security of users' personal data, in accordance with applicable data protection laws. These measures are designed to prevent unauthorized access, alteration, loss, or misuse of personal data, considering the state of technology, the nature of the data, and potential risks.

To further ensure the security of your account, users are responsible for safeguarding their login credentials, including passwords, and should take steps to prevent unauthorized access. TMA is not responsible for any misuse of accounts due to compromised passwords.

Users have the right to access, correct, or delete their personal data at any time through the settings within the Application. Please note that withdrawing consent and/or deleting personal data will prevent TMA from being able to continue providing the services of the Application.

Users may also withdraw their consent for specific purposes at any time, without affecting the lawfulness of data processing prior to the withdrawal.

Users retain the right to contact the Hellenic Data Protection Authority (HDPA) regarding any concerns or complaints about their data privacy. Complaints can be submitted:

• By phone at +30-210 6475600
• In writing to Kifisias 1-3 Avenue, P.C. 115 23, Athens
• Or via email to [email protected]

TMA may update this Privacy Policy to comply with legal, regulatory, or other applicable requirements. Any changes will be reflected in the updated Privacy Policy, which will always be made available within the Application.

Users will be notified of any significant updates, and continued use of the Application after such updates constitutes acceptance of the revised Privacy Policy.
We encourage users to review the Privacy Policy periodically to stay informed about how their personal data is protected.

If you have any questions, concerns, or requests related to this Privacy Policy or the way your personal data is handled, you can contact us at:

Telematic Medical Applications LTD
151 Al. Papanastasiou Avenue, Piraeus, Attica, P.C. 18533
Phone: +30 211 1165330-2
Email: [email protected]

We will respond to your inquiry as promptly as possible and in accordance with applicable data protection laws.