iasisBeta
Find a practitionerInsurance checkGet matched · €9.99

Privacy policy

Last updated: 20 May 2026

Who we are

Iasis is an online directory of verified traditional medicine practitioners in the Netherlands. Our platform helps patients find verified acupuncturists and TCM doctors and check whether their health insurance covers a visit.

Data controller: Iasis (iasis.life), the Netherlands. For data-related enquiries, contact us at privacy@iasis.life.

Data we collect and why

Practitioner profiles

We maintain a directory of licensed traditional medicine practitioners. Directory data — including name, association membership, city, and practice details — is sourced from publicly available professional registers (NVA, ZHONG, RBCZ) and supplemented with information practitioners provide directly when they claim or update their listing.

Practitioners may also provide optional practice information: their preferred consultation format (in-person, online, or both), a display address, and a session price range. This information is shown on their public profile to help patients make an informed choice.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — maintaining an accurate public directory of licensed practitioners serves the legitimate interests of patients seeking verified care.

Contact details (phone, email) are only displayed publicly when the practitioner explicitly enables this. By default, contact details are hidden.

Profile photos

Practitioners may voluntarily upload a profile photo to display on their public listing. By uploading a photo, the practitioner consents to it being publicly visible on their profile page. Photos can be removed at any time from the practitioner dashboard.

Legal basis: Contract (Art. 6(1)(b) GDPR) — managing the practitioner's public listing.

Practitioner accounts

Practitioners who claim and manage their listing have an account secured by email-based login. We store the practitioner's email address to authenticate sign-in requests and send account-related communications (listing approval, billing updates). We do not store passwords.

Legal basis: Contract (Art. 6(1)(b) GDPR) — necessary to provide access to the practitioner dashboard.

Retention: Account data is retained for the duration of the practitioner relationship and deleted upon account closure, subject to legal retention requirements.

Subscription and billing

Practitioners who subscribe to a verified or premium plan provide payment information. Payment processing is handled entirely by Stripe — we do not store card numbers or banking details on our own systems. We retain billing records (plan, status, dates) for accounting and support purposes.

Legal basis: Contract (Art. 6(1)(b) GDPR) — necessary to process subscription payments and manage entitlements.

Retention: Billing records are retained for 7 years to meet Dutch tax record-keeping requirements.

Claim requests

When a practitioner submits a claim request to manage their listing, we collect their name, email address, association, and any message they include.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to and process the claim enquiry.

Retention: Claim request data is retained for 90 days if the request remains pending. If the practitioner is onboarded, data is retained for the duration of the relationship plus any legally required period.

Verification documents

When practitioners apply for a verified listing, we may collect identity documents, diplomas, and association certificates to verify credentials.

Legal basis: Contract (Art. 6(1)(b) GDPR) — necessary to perform the verification service.

Retention: Verification documents are stored in a private, access-controlled environment and deleted 5 years after the end of the practitioner relationship.

Visibility analytics

We record when patients view a practitioner's profile page so that practitioners can see how often their listing is being viewed. We store only a one-way cryptographic hash of the visitor's IP address — not the address itself — along with the date and which profile was viewed. This means individual visitors cannot be identified from the data we store.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to provide practitioners with meaningful visibility statistics without storing identifiable patient data.

Retention: Visibility data is retained for a rolling 30-day window and then deleted automatically.

Service logs

We collect standard server logs (pages visited, timestamps, error information) to operate and secure the service. We do not use third-party advertising trackers.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to maintain service security and diagnose technical issues.

Retention: Server logs are retained for a maximum of 30 days.

What we do not collect

Iasis does not collect or store health, medical, or treatment data about patients. Patients browse the directory anonymously. We do not create patient accounts, do not track appointments, and do not store any information about why a patient is seeking care.

Who we share data with

We share personal data only where necessary to operate the service:

  • Stripe — payment processing for practitioner subscriptions. Stripe handles all payment card data under their own PCI-DSS certification. We share only the minimum information needed to create and manage a subscription (email address, plan selection). Stripe's privacy policy is available at stripe.com/privacy.
  • EU-based hosting and infrastructure — our servers, databases, and file storage are hosted within the European Union. Data does not leave the EU.
  • EU-based email delivery — transactional emails (sign-in links, claim approvals) are sent via an EU-based email provider. Only your email address and the content of the specific email are shared.

We do not sell personal data to any third party. We do not share data with advertisers or data brokers.

Your rights under GDPR

If you are in the European Economic Area, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@iasis.life. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Security

We take appropriate technical and organisational measures to protect personal data. These include encrypted connections (HTTPS), strict access controls so that staff and systems can only access the data they need, and storing sensitive documents in private, access-restricted environments. Payment card data is never stored on our systems — it is handled entirely by Stripe under PCI-DSS standards.

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

Changes to this policy

We may update this policy when our practices change. The date at the top of this page reflects the most recent revision. Material changes will be communicated to registered practitioners by email.

Contact

For any privacy-related questions, contact privacy@iasis.life or visit our contact page.

iasis

Verified traditional medicine practitioners in the Netherlands.

Patients

  • Find a practitioner
  • Get matched (AI report)
  • Insurance check
  • Patient guide
  • How it works

Practitioners

  • Get listed
  • Get verified

Company

  • Privacy policy
  • Contact

© 2026 Iasis · iasis.life · Credentials verified.