Privacy Policy

1. Introduction

Astramedica LLC ("Astramedica," "we," "us," or "our") operates the website astramedica.com (the "Platform"). We are a medical-tourism coordination company that connects prospective patients with vetted partner clinics and healthcare facilities in Turkey.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have regarding your data. By using the Platform you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Data Controller

The responsible data controller for processing carried out via this Platform is:

For any questions regarding data protection or to exercise your rights, please contact us at info@astramedica.com.

3. Our Services & Role

Astramedica is a medical-tourism coordination platform. We are not a hospital, clinic, or licensed healthcare provider. We do not provide medical advice, diagnosis, or program recommendations. We facilitate introductions between you and qualified partner clinics in Turkey and assist with logistics such as travel planning, scheduling, and concierge services.

Any medical decisions, programs, or procedures are between you and the partner clinic. Partner clinics operate under their own licenses, data-protection policies, and applicable Turkish healthcare regulations.

4. Age Restriction

Our services are intended exclusively for individuals aged 18 years and older. We do not knowingly collect personal data from anyone under the age of 18. If you are under 18, do not use this Platform or submit any forms.

If we become aware that we have collected personal data from a person under 18, we will promptly delete that data and terminate the associated account or session. If you believe a minor has provided us with personal data, please contact us immediately at info@astramedica.com.

5. Protected Health Information (PHI) Disclaimer

6. Personal Data We Collect

We collect personal data that you voluntarily provide and data collected automatically when you use the Platform.

6.1 Data You Provide

• Consultation Request Form: First name, last name, email address, phone number, service of interest, and an optional free-text message. Some noindex landing pages may instead ask non-medical planning questions such as preferred timing, communication channel, contact window, timezone, and program priorities.
• Follow-Up Communications: Information you share when replying to our team by email or other approved contact channels after submitting an enquiry.
• Consent Records: Records of your acceptance of this Privacy Policy, Terms & Conditions, age confirmation, health-data processing consent (VCDPA), cookie preferences, and communication consents that apply to your chosen contact channel (including SMS, WhatsApp, or phone consent where required).
• Email Communications: Any information you provide when you email us directly.

6.2 Data Collected Automatically

• Usage Analytics & Advertising Measurement: Page views, referral sources, device type, browser type, operating system, country-level geolocation, session duration, campaign attribution, and conversion measurement signals collected through tools such as Google Tag Manager, Google Analytics, Google Ads, Vercel Analytics, and Speed Insights, subject to your cookie consent choices.
• Cookies & Browser Storage: Functional browser storage for cookie-consent preferences plus session-level campaign attribution parameters used to connect ad clicks with subsequent enquiry flows. These session-level attribution values may be stored before you make a cookie choice so the current visit can be matched with a later enquiry submission, while Google analytics and advertising storage remain subject to your consent settings. See Section 12 for details.
• Server Logs: IP address, request timestamps, request path, and HTTP status codes retained by our hosting provider.

7. How We Use Your Data

We process your personal data for the following purposes:

• Consultation Processing: To receive, review, and respond to your consultation requests; to match you with appropriate partner clinics; and to facilitate scheduling, contact-window preferences, and logistics.
• Operations & Planning: To coordinate appointments, travel arrangements, cost estimates, and post-procedure follow-up with partner clinics on your behalf.
• Enquiry Follow-Up: To reply to your website enquiries and coordinate appropriate next steps.
• Communication: To respond to your inquiry, coordinate follow-up, and share relevant information you have requested.
• Fraud & Abuse Prevention: To detect and prevent fraudulent, abusive, or unauthorized use of the Platform.
• Site Improvement: To analyze aggregated, anonymized usage data to improve Platform performance, user experience, and service offerings.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

8. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent, such as by submitting a consultation form or accepting cookies.
• Contract Performance (Art. 6(1)(b) GDPR): Where processing is necessary to fulfill a service you have requested, such as coordinating your medical-tourism consultation.
• Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate business interests (e.g., fraud prevention, platform security, service improvement), provided these interests are not overridden by your rights and freedoms.
• Legal Obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with a legal obligation to which we are subject.

You may withdraw your consent at any time by contacting us at info@astramedica.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

9. Disclosure & Sharing of Personal Data

We may share your personal data with the following categories of recipients:

9.1 Partner Clinics

When you submit a consultation request, your name, contact details, service interest, and message may be shared with one or more partner clinics and healthcare facilities in Turkey that offer the services you are interested in. These clinics are independent entities and process your data under their own privacy policies and applicable Turkish law.

9.2 Service Providers & Processors

We engage trusted third-party service providers who process data on our behalf, under our instructions and subject to contractual obligations of confidentiality and security. These include, but are not limited to:

We may use limited additional business tools for scheduling, invoicing, and internal operations. These tools process data under our instructions and their respective privacy policies.

9.3 Legal & Safety Disclosures

We may disclose personal data if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, safety, or property of Astramedica, our users, or the public.

9.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify affected users before their data becomes subject to a different privacy policy.

10. Website Communications

We currently accept public enquiries through website forms, email, and the contact methods listed on the Platform. We do not currently offer a live or AI-powered public chat service on this website.

• Public Channels Only: Use the consultation form, email, or other approved contact methods shown on the Platform for first contact.
• No PHI in Public Channels: Do not send Protected Health Information, medical records, lab results, or imaging through public forms or ordinary email.
• Operational Logging: We may log and store enquiry submissions and follow-up correspondence for service delivery, fraud prevention, and recordkeeping.
• Secure Follow-Up When Needed: If a partner clinic needs detailed medical information, our team will arrange a more appropriate sharing workflow.

11. International Data Transfers

Astramedica is based in the United States. Your personal data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate, including Turkey (for partner-clinic communications).

For transfers from the EEA/UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms under GDPR. By using the Platform, you acknowledge and consent to the transfer of your data to jurisdictions that may have different data-protection standards than your own.

12. Cookies & Tracking Technologies

We use a limited number of cookies and browser-storage items on the Platform:

Opting Out:When you first visit the Platform, a cookie-consent banner will appear. You may accept or decline non-essential cookies. If you decline, Google analytics and advertising-measurement storage remain disabled. However, we may still keep session-level campaign attribution values in browser session storage for the current visit so ad clicks and later enquiry submissions can be matched correctly without turning on full analytics or advertising storage. Even after acceptance, we may continue suppressing analytics and advertising measurement on clinically sensitive routes, except where a noindex landing page has been configured for consent-based campaign attribution and conversion measurement. You can change your cookie preference at any time by clearing your browser's local storage and cookie storage for this site.

If you accept non-essential cookies, we may use Google Tag Manager, Google Analytics, Google Ads attribution, and similar consent-based tools for performance analysis and conversion measurement on permitted routes. We do not use health-related landing-page activity to build advertiser-curated remarketing audiences, we do not use social-media tracking plugins, and we aim to keep measurement disabled on clinically sensitive non-landing routes.

13. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized. If you request deletion earlier, we will comply within 30 days, subject to any legal obligations to retain certain data.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• TLS/SSL encryption for all data transmitted between your browser and our servers.
• Encrypted database connections and role-based access controls.
• Regular security reviews of our service providers and infrastructure.
• Content Security Policy (CSP) headers to mitigate cross-site scripting and injection attacks.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot ensure absolute security.

15. Your Rights

15.1 Rights for All Users

Regardless of your location, you may:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Withdraw Consent: Withdraw previously given consent at any time.

To exercise any of these rights, email us at info@astramedica.com with your full name and email address associated with your inquiry. We may request additional information to verify your identity before processing your request. We will respond within 30 days.

15.2 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the EEA or UK, you additionally have the right to:

• Restriction: Request restriction of processing under certain circumstances (Art. 18 GDPR).
• Data Portability: Receive your data in a structured, commonly used, machine-readable format (Art. 20 GDPR).
• Object: Object to processing based on legitimate interests or for direct marketing purposes (Art. 21 GDPR).
• Supervisory Authority: Lodge a complaint with your local data-protection supervisory authority (Art. 77 GDPR).

15.3 Additional Rights for Virginia Residents (VCDPA)

If you are a Virginia resident, you have the following rights under the Virginia Consumer Data Protection Act (VCDPA):

• Right to Know: Confirm whether we are processing your personal data and access that data.
• Right to Correct: Request correction of inaccuracies in your personal data.
• Right to Delete: Request deletion of personal data you have provided to us.
• Right to Data Portability: Obtain a copy of your personal data in a portable, readily usable format.
• Right to Opt Out: Opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling. Astramedica does not sell personal data, engage in targeted advertising, or profile users.
• Sensitive Data: Under the VCDPA, health-related information is classified as "sensitive data." We collect health-related data (such as your medical service interest) only with your explicit opt-in consent via the health-data consent checkbox on our consultation form.

To exercise your VCDPA rights, email info@astramedica.com with the subject line "VCDPA Request." We will verify your identity and respond within 45 days. If we decline your request, you may appeal by contacting us. If you are not satisfied with the outcome of an appeal, you may file a complaint with the Virginia Attorney General.

15.4 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a CCPA/CPRA request, email info@astramedica.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

Do Not Sell or Share My Personal Information: Astramedica does not sell personal information and does not share personal information for cross-context behavioral advertising as defined under the CCPA/CPRA.

16. Third-Party Links

The Platform may contain links to third-party websites or services (e.g., partner-clinic websites). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

17. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, notify you via email or a prominent notice on the Platform. Your continued use of the Platform after any changes constitutes acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: