Privacy Policy

Last updated: March 2026

1. Information We Collect

Location Information

  • GPS coordinates: Used to find nearby pharmacies and hospitals
  • Search location: When you search for pharmacies in specific areas
  • Usage: Location data is processed locally and only sent to our secure servers to find relevant results nearby

Usage Data

  • App interactions: Which features you use, to improve the app
  • Performance data: Crash reports and performance metrics via Sentry
  • Search patterns: Anonymized data to improve search results

Device Information

  • Device type: To optimize the app experience
  • Operating system: For compatibility and troubleshooting
  • App version: To provide appropriate updates

2. How We Use Your Information

  • Primary purpose: Find and display nearby pharmacies and hospitals within a 10 km radius
  • Service improvement: Analyze usage patterns to enhance the app
  • Technical support: Diagnose and fix issues via Sentry error tracking
  • Feature optimization: A/B testing via remote feature flags
  • Legal compliance: Meet regulatory requirements

3. Information Sharing

We DO NOT sell, trade, or share your personal information with third parties except:

  • Supabase: Our secure database provider with PostgreSQL + PostGIS (SOC 2 compliant, EU-hosted)
  • Google Maps: For map display, navigation, and location services
  • Sentry: For error tracking and performance monitoring
  • Google AdMob: For non-intrusive advertising (banner and native ads)
  • Legal requirements: When required by law

4. Pharmacy & Hospital Data

The pharmacy and hospital information displayed in the app — names, addresses, phone numbers, coordinates, and duty schedules — is sourced from publicly available records published by official Greek pharmaceutical regulatory authorities and regional pharmacists' associations, as mandated by Greek law.

  • Legal mandate: Greek law requires pharmacists' associations to make duty schedule information publicly accessible so that citizens can locate open pharmacies at all times. This legal obligation makes the data inherently public.
  • Nature of the data: This constitutes professional and business information relating to registered commercial healthcare establishments, which falls outside the core scope of GDPR personal data protection in most cases.
  • Lawful basis where personal data may be involved: In cases where pharmacy information could relate to an identifiable natural person (e.g. a sole-trader pharmacy), our processing is based on legitimate interests (Article 6(1)(f) GDPR) and public interest (Article 6(1)(e) GDPR) — specifically to provide an emergency healthcare location service to the public.
  • No enrichment: We do not combine this professional data with individual user profiles or use it for any purpose other than displaying healthcare facility locations and operating hours.

5. Data Security

  • Encryption: All data transmitted using industry-standard TLS encryption
  • Secure storage: Data stored in SOC 2 compliant Supabase infrastructure hosted in EU data centres
  • Access control: Strict row-level security policies and authentication
  • Regular audits: Security practices reviewed regularly

6. Your Rights

Data Access & Control

  • Access: Request access to personal information we hold about you
  • Rectification: Correct any inaccurate data
  • Erasure: Request deletion of your information
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Opt-out: Disable location services in your device or browser settings at any time

Location Privacy

  • Always optional: Location access can be denied; the app falls back to manual search
  • App functionality: Core features work without precise location
  • Permissions: You control location access through your device or browser settings

7. Web App Users

When using the Iasis web application, the following additional data handling applies:

  • No tracking cookies: The web app does not use tracking or advertising cookies.
  • Local storage: App preferences (e.g. language, map settings) may be stored locally in your browser using localStorage. This data remains on your device and is not transmitted to our servers.
  • Server access logs: Standard web server logs (including IP address, browser type, and pages visited) may be retained by our hosting provider for security and performance purposes. These are not used for marketing or profiling.
  • Location access: The web app requests location permission through your browser's standard permissions dialog. This is always optional.

8. Children's Privacy

This app is not intended for children under 15. We do not knowingly collect information from children under 15.

9. International Data Transfers

Our database infrastructure is hosted by Supabase in European Union data centres, ensuring your data remains within the EU and is protected under GDPR. We do not transfer your personal data outside the European Economic Area without appropriate safeguards in place.

10. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated through the app or by updating the date at the top of this page.

11. Contact Us

For privacy concerns, data requests, or questions about this policy:

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (ΑΠΔΠΧ) if you believe your rights under GDPR have been infringed.

12. Legal Basis for Processing (GDPR)

We process your data based on the following lawful grounds under GDPR:

  • Consent (Art. 6(1)(a)): Location access — you explicitly grant permission and may withdraw it at any time via device or browser settings.
  • Legitimate interests (Art. 6(1)(f)): Providing pharmacy location services, improving app performance, and error monitoring. These interests do not override your fundamental rights.
  • Public interest (Art. 6(1)(e)): Displaying publicly mandated healthcare duty information, as required by Greek law to be accessible to all citizens at all times.
  • Legal obligation (Art. 6(1)(c)): Compliance with applicable EU and Greek regulations.