Privacy Policy

This Privacy Policy explains how Tsneviseqimi LLC (წნევისექიმი), a limited liability company established under the legislation of Georgia, registered on 09/01/2026, identification number 405828476, represented by its Director George Iverieli ("Tsneviseqimi", "we", "our", or "us"), collects, uses, stores, shares, and protects personal data when you use our website, platform, and related healthcare services.

Tsneviseqimi operates a digital healthcare platform for appointments, remote consultations, health monitoring, medical record management, and related support services. Because we process health information, we apply enhanced protections appropriate to special category personal data.

This Privacy Policy applies to patients, doctors, website visitors, and other users of the Platform.

If we appoint a data protection officer or another dedicated privacy contact, their contact details will be published on the Platform.

For most personal data processed through the Platform, Tsneviseqimi LLC acts as the data controller.

Doctors using the Platform may, depending on the circumstances and the applicable legal framework, act:

• under Tsneviseqimi’s organisational and technical environment for the purpose of delivering healthcare services through the Platform; and/or
• as independent professionals with their own legal and professional obligations regarding clinical decision-making and medical confidentiality.

Where necessary, we may also use carefully selected service providers that process data on our behalf under written agreements and only on documented instructions.

We may collect and process the following categories of personal data:

We collect personal data:

• directly from you when you register, complete forms, book appointments, make payments, upload records, communicate with us, or use the Platform;
• from doctors providing care through the Platform;
• from payment and technical service providers where necessary to complete transactions, secure the Platform, or provide the service; and
• automatically through the operation of the website and platform, such as authentication, security, and technical logs.

We process personal data for the following purposes:

Where possible, we use the minimum data necessary for each purpose.

Depending on the context, we process personal data on one or more of the following legal bases:

• your consent;
• the necessity to take steps at your request or perform a contract with you;
• compliance with a legal obligation;
• protection of vital interests;
• legitimate interests, where such interests are not overridden by your rights; and
• for health data and other special category data, where processing is necessary for healthcare-related purposes, medical services, or related lawful grounds under Georgian legislation.

Because the Platform is a healthcare service, we may process special category personal data, including health data. We apply enhanced organisational and technical safeguards to such processing.

We only process health data where permitted by law, including where:

• you have provided the required consent;
• the processing is necessary for preventive, diagnostic, therapeutic, monitoring, rehabilitative, or related healthcare purposes; or
• another lawful basis exists under applicable Georgian legislation.

We do not sell personal data.

We may share personal data only where necessary and appropriate, including with:

Our service providers or technical systems may in some cases process data outside Georgia.

Where personal data is transferred internationally, we will take appropriate measures required by applicable law, including contractual, organisational, or technical safeguards designed to protect the data and the rights of data subjects.

If you request it, we will provide available information about the applicable transfer safeguards relevant to your data, unless we are legally restricted from doing so.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide services, maintain appropriate medical and operational records, resolve disputes, enforce agreements, and comply with legal, tax, accounting, regulatory, and professional obligations.

Retention periods may differ depending on the type of data, for example:

• account and profile data: for the duration of the account and a reasonable period thereafter where necessary;
• medical and consultation records: for the period required by applicable law, professional obligations, and healthcare recordkeeping requirements;
• payment and invoicing records: for the period required by tax and accounting rules;
• technical security logs and audit trails: for as long as reasonably necessary for security, compliance, and investigation purposes.

Where deletion is requested, we may retain data that must be kept by law or for the establishment, exercise, or defence of legal claims.

We implement reasonable and appropriate technical and organisational safeguards designed to protect personal data, especially health data, against unauthorised access, loss, alteration, disclosure, or destruction.

These measures may include:

• encryption in transit;
• encrypted or otherwise protected storage environments;
• access controls based on role and need-to-know;
• authentication safeguards and secure session management;
• logging and audit trails for sensitive access and record changes;
• secure development and input validation practices;
• backup and recovery controls; and
• internal restrictions on staff and contractor access.

No system can guarantee absolute security. Users are also responsible for keeping login credentials confidential and reporting suspected unauthorised access promptly.

Subject to applicable law, you may have the right to:

• obtain confirmation whether we process your data;
• receive information about the processing of your data;
• access your personal data and obtain a copy;
• request rectification, updating, or completion of inaccurate or incomplete data;
• request termination of processing, erasure, or destruction of data where legally applicable;
• request blocking or restriction of data in certain situations;
• receive certain data in a structured, commonly used, machine-readable format, where legally applicable and technically feasible;
• withdraw consent at any time, where processing is based on consent;
• obtain information about international transfers, recipients, retention, and automated decision-making where relevant; and
• lodge a complaint with the Personal Data Protection Service of Georgia and/or apply to a court or other competent authority.

Where Georgian law sets a specific response period for a request, we will follow that legal timeline. In many cases, requests must be handled within 10 working days, subject to any lawful extension or restriction.

To exercise your rights, contact: support@tsneviseqimi.ge

We may ask for reasonable information to verify your identity before fulfilling a request.

We do not make decisions about your medical care solely by automated processing or AI where those decisions would produce legal or similarly significant effects on you.

Basic automated functions on the Platform may include appointment scheduling logic, BMI calculation, average blood pressure calculations, and similar rule-based functions. These are operational or mathematical tools and are not substitutes for a doctor’s professional judgment.

During onboarding, rule-based eligibility checks may determine that the Platform’s services are not currently suitable for your reported health conditions. In such cases, you will be directed to contact our support team for further assistance. These checks do not constitute a medical diagnosis or clinical decision.

If we ever introduce AI-supported or automated features that materially affect users, we will update this Privacy Policy and provide the legally required information and safeguards before such use begins.

At the time of this Policy:

• we do not use AI to diagnose medical conditions;
• we do not use AI to prescribe or recommend treatment independently;
• we do not use AI to make solely automated healthcare decisions about you;
• we do not use your health data to train external AI models without a lawful basis and prior transparent notice.

If AI-assisted tools are introduced in the future, we will clearly explain:

• what data is used;
• for what purpose;
• whether any third-party provider is involved;
• whether the feature is optional;
• what human oversight exists; and
• what rights you have in relation to that processing.

The Platform is intended for adults unless a lawful basis exists for use on behalf of a minor or by a minor under the conditions permitted by applicable law.

Where the processing of a minor’s data is involved, we will apply the safeguards and consent requirements required by Georgian law.

We use cookies and similar technologies only to the extent necessary for:

• authentication and session continuity;
• security;
• language preference and basic platform functionality; and
• limited technical diagnostics.

We do not use advertising trackers or social media tracking pixels through the healthcare platform.

If we introduce non-essential cookies in the future, we will update this notice and, where required, provide appropriate choices.

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform, by email, or by another appropriate method.

The updated version will show the new “Last updated” date.

For privacy questions or requests, contact:

If you believe your rights have been violated, you may also lodge a complaint with the Personal Data Protection Service of Georgia and/or apply to a court in accordance with applicable law.