← Back to HealthKind
Privacy Policy
HealthKind, a service of TSARA Group · GDPR-aligned · Last updated: 22 April 2026
Quick summary: We collect your name, email, and the blood test you upload, only to give you the AI analysis and contact you about TSARA services. We never sell your data. You can delete it anytime by emailing
admin@tsara.care.
1. Data Controller
TSARA Group · BE Consult GmbH, Wiler 21, 8414 Buch am Irchel, Switzerland · admin@tsara.care
2. What We Collect
- Identity data: name, email address, preferred language
- Health data (sensitive): blood test image or text values you upload
- Technical data: IP address (for rate limiting), browser type, timestamp of analysis
- AI output: the report we generate for you
3. Why We Collect It (Legal Basis)
- Explicit consent (GDPR Art. 9(2)(a)): health data — by clicking "Get My Free Analysis", you give explicit consent to process your blood test data
- Contract (GDPR Art. 6(1)(b)): to deliver the analysis you requested
- Legitimate interest (GDPR Art. 6(1)(f)): follow-up communication about TSARA services that may help you
4. Who Sees Your Data
- OpenAI (USA): processes your blood test through their AI model. No data is used to train their models (we use the API, not consumer ChatGPT). OpenAI Privacy Policy
- Cloudflare (USA/EU): hosts our backend. Cloudflare Privacy Policy
- Google Workspace: stores your name, email, and a 500-character report preview in our internal CRM (Google Sheets). Google Privacy Policy
- TSARA Group team: Mr. Şahin (Founder/CEO) and authorized sales coordinators may contact you about relevant TSARA services
5. Data Retention
- Blood test images: not stored — analyzed in real-time, deleted from memory immediately
- Name, email, report preview: kept in our CRM until you ask us to delete
- Analytics (anonymous): 12 months
6. Your Rights (GDPR)
You have the right to:
- Access — request a copy of your data
- Rectification — correct inaccurate data
- Erasure — "right to be forgotten"
- Restriction — limit how we use your data
- Portability — receive your data in machine-readable format
- Objection — object to marketing communications
- Withdraw consent — anytime, no questions asked
- Lodge a complaint with your local data protection authority
To exercise any right: email admin@tsara.care. We respond within 30 days.
7. International Transfers
Your data may be processed in the USA (OpenAI, Cloudflare). These transfers rely on Standard Contractual Clauses approved by the European Commission, which provide adequate protection.
8. Children
HealthKind is not for users under 18. We do not knowingly collect data from minors. If you believe a minor has used HealthKind, contact us immediately.
9. Cookies
We do not use tracking cookies or third-party analytics on healthkind.app. We may store a small "language preference" in your browser's localStorage. You can clear it anytime in your browser settings.
10. Security
We use HTTPS encryption end-to-end. Our API keys are stored in Cloudflare's secret vault. Blood test images are processed in-memory and never written to disk. We never share your data with advertisers or data brokers.
11. Updates
Material changes to this policy will be announced on healthkind.app at least 14 days before taking effect.
12. Contact
Privacy questions? Email admin@tsara.care · Subject: "Privacy Request"
© 2026 TSARA Group · Terms of Service · Medical Disclaimer