Privacy Policy
Privacy Policy
Version 1.0 | Last updated: July 2026
This Privacy Policy describes the manner in which VithoulkasBrain (“we,” “our,” or “us”) collects, uses, discloses, and safeguards personal data when you access or use our website and application available at https://www.vithoulkasbrain.com (the “Services”).
The data controller for the purposes of this Privacy Policy is VITHOULKAS INTELLIGENCE SINGLE MEMBER P.C., distinctive title “VITHOULKAS BRAIN”, a single-member private company (I.K.E.) registered in Greece under General Commercial Registry (Γ.Ε.ΜΗ.) No. 194103107000, with registered office at 19 Persefonis Street, Elefsina 19200, Attica, Greece, VAT No. 803299861, operating the VithoulkasBrain platform under a licence from CENTRE OF HOMEOPATHIC MEDICINE S.A. (International Academy of Classical Homeopathy) (the “Controller”). We act as data controller for the personal data of our account holders (such as account, billing and usage data). Where you, as a healthcare professional, enter your patients’ case data into the platform, you act as the data controller of that patient data and we act as your data processor under our Data Processing Agreement (“DPA”), which you accept upon registration. The platform is designed to store minimal patient data: we do not store direct patient identifiers (such as name, e-mail or telephone) — only a case title, the age and the gender of the patient, together with the clinical case content — and such data is stored in encrypted form. We do not access patient case data in the ordinary course of operation (technical access occurs only upon your documented support request and is logged), and we do not use it for research, educational, statistical, marketing or any other secondary purpose.
Should you have any questions regarding this Privacy Policy or our data practices, you may contact us at contact@vithoulkasbrain.com .
1. Information We Collect
Personal Data
We may collect personal data that identifies you or could reasonably be associated with you, including but not limited to:
- Email address
- Account credentials
Usage Data
We automatically collect certain information about your interactions with the Services, such as:
- Log and usage data (including IP address, browser type, referring/exit pages, and timestamps)
- Device information (including device type and operating system)
2. Legal Bases for Processing
We process your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), on the following legal bases:
- Consent: Where you have provided explicit consent (e.g., for marketing communications or optional features).
- Contractual Necessity: To perform our obligations and provide the Services requested by you.
- Legitimate Interests: To maintain and improve the Services, ensure security, and prevent fraud or misuse.
- Legal Obligation: To comply with applicable laws and regulatory requirements.
3. Use of Personal Data
We process your personal data for the following purposes:
- To provide, operate, and maintain the Services
- To personalize and enhance your user experience
- To communicate with you regarding your account and important updates
- To analyze usage patterns and optimize performance
- To detect, prevent, and protect against fraudulent, unauthorized, or unlawful activity
4. Cookies
We use only strictly necessary cookies required for the secure operation and core functionality of the Services (for example, to maintain your authenticated session). We do not use analytics, advertising, profiling or other third-party tracking cookies. Further details are set out in our Cookies Policy.
5. Data Sharing and Disclosure
We do not sell or disclose your personal data to external parties, except for trusted service providers who support the operation of our Services and are contractually bound to protect your data. Our platform and your data are hosted within the EU/EEA by Hetzner Online GmbH; payments are processed by Stripe (Stripe Payments Europe, Ltd.); technical maintenance is carried out by authorised personnel under confidentiality and the Data Processing Agreement. Certain static front-end resources are loaded from third-party content delivery networks (such as Cloudflare and the jQuery CDN), which receive your IP address solely in order to deliver the requested files. We may also disclose your personal data where required by law or to protect our rights, security, or the safety of our users.
International Transfers: Where personal data is transferred outside the EU/EEA (e.g. to cloud or hosting providers), such transfers are carried out only where appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to GDPR Article 46. A list of the relevant third-country recipients and applicable safeguards is available upon request at contact@vithoulkasbrain.com .
6. Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes outlined in this Policy. You may delete your patient case data at any time and export it in PDF format. To delete your account, you submit a request at contact@vithoulkasbrain.com ; the account is then disabled and enters a read-only grace period of fourteen (14) days, after which all associated personal data is permanently deleted, unless longer retention is required by law. Billing and transaction records are retained for the period required by applicable tax and accounting law (in Greece, ten (10) years).
If your subscription expires or is not renewed and you have not deleted your account, your case data is retained for twelve (12) months from the date your access lapses; upon your request during that period you may be granted read-only access for one (1) month to export your data, after which it is permanently deleted. We will send a reminder to your registered e-mail address before deletion.
7. Data Security
We employ industry-standard security measures to safeguard personal data, including but not limited to:
- Encryption of data in transit and at rest
- Secure authentication and access controls
- Regular audits and vulnerability assessments
However, no method of storage or transmission over the Internet can be guaranteed as 100% secure.
8. Your Data Protection Rights
Under applicable data protection laws, including the GDPR, you may have certain rights regarding your personal data, including:
- The right to access your personal data
- The right to request correction of inaccurate or incomplete data
- The right to request deletion of your data
- The right to restrict or object to certain processing activities
- The right to data portability (i.e., to receive your data in a structured, commonly used format)
- The right to withdraw consent where processing is based on consent
- The right to lodge a complaint with the competent supervisory authority. In Greece, the competent authority is the Hellenic Data Protection Authority, 1-3 Kifisias Avenue, 115 23 Athens, web www.dpa.gr.
Please note that these rights are not absolute and may be subject to legal limitations, including where processing is necessary for compliance with legal obligations, security purposes, or the establishment, exercise, or defense of legal claims.
Please also note that the exercise of certain rights (such as deletion of your personal data or withdrawal of consent where required for the provision of the Services) may result in the termination or limitation of your access to the Services, and you may no longer be able to use the Services.
To protect your privacy and security, we may request verification of your identity before processing any request. We also reserve the right to decline or limit requests that are manifestly unfounded, excessive, or repetitive, in accordance with applicable law.
To exercise your rights, please contact us at:
contact@vithoulkasbrain.com
9. Children’s Privacy
Our Services are not intended for individuals under the age of 18 (or the applicable minimum age under local law), and we do not knowingly collect personal data from such individuals.
10. Amendments to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in legal, technical, or business developments. Any amendments will be posted on this page with the updated effective date. We encourage you to review this Policy regularly.
11. Acceptance of this Policy (Your Consent)
This Privacy Policy informs you about how we process your personal data. The legal bases for our processing activities are set out in Section 2 above. By using our Services, you confirm that you have had the opportunity to read this Privacy Policy. If you do not agree with its terms, please refrain from using our Services.
Please note that the exercise of certain rights, such as the deletion of your personal data, may result in the termination or limitation of your access to the Services. In such cases, you may no longer be able to use the website.
12. Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at: