(Last updated on March 18, 2026)
The terms used in this Privacy Policy (hereinafter the “Policy”) with capital letters are defined below:
“Personal Account”: refers to the account created by the User upon registration with the Service, which allows access to their private and secure area.
“Health Data”: refers to personal data relating to the User’s physical or mental health, including measurements of physiological parameters, as defined in Article 4(15) of the GDPR.
“Personal Data”: refers to all personal information of Users collected, stored, and used by the Company in connection with Users’ use of TESSAN Services.
“Platform”: refers to all services and content accessible via the telemedicine booth, kiosk, case, or table and its “Tessan Augmented Teleconsultation” software components, implemented by the Company.
“GDPR”: refers to European Regulation 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Services”: refers to the Service(s) made available to Users on the TESSAN Platform. The Services include, in particular, the Teleconsultation Service and TESSAN Connected Health.
“Company”: refers to Tessan Group, also known by the trade name TESSAN, in particular as a telemedicine organization contributing to telemedicine activities within the meaning of Article R. 6316-6 of the Public Health Code.
“User” or “Users ”: refers to the natural person(s) likely to use the Services offered by TESSAN.
TESSAN Group places the utmost importance on the protection of privacy and personal data, as well as on compliance with applicable legal provisions, in particular Regulation (EU) 2016/679 of April 27, 2016 (hereinafter “GDPR”). The purpose of this Privacy Policy is to provide you with clear and transparent information regarding the processing of your Personal Data when you use our website or avail yourself of our Services, including teleconsultation services via the TESSAN Platform.
This Policy applies to all personal data that we collect and process in connection with your interactions with our Services.
As part of our business activities, TESSAN Group, as the data controller, determines the means and purposes of processing the personal data collected via the website https://www.tessan.io. We also act as a data processor when we process data on behalf of healthcare professionals working for TESSAN Med in the context of teleconsultations.
If you have any questions or complaints regarding this Policy or the processing of your personal data, you may contact our Data Protection Officer (DPO) at the following address: dpo@tessan.io.
When using its Services, TESSAN Group may process the following Personal Data:
Data category
Examples of collected data
Identification information
Last name, first name, date of birth, gender, Social Security number, identification information for children and dependents
Contact Information
Email address, mailing address, phone number
Login credentials
Password, username, IP address, MAC address, connection logs, Social Security number, INSi
Financial data
Cost of the telemedicine consultation, Social Security number, health insurance provider, exemptions (your bank details are managed by our service provider, Stripe)
Health data
Sensitive data collected during telemedicine consultations by healthcare professionals, reasons for consultation, ALD code, medical history
Teleconsultation data
Date, time, name of the healthcare professional consulted, transcript of the teleconsultation (physicians only)
Browsing data
Cookies, IP addresses, browsing logs
Data collected from third parties
Data shared via social media or publicly accessible databases
Some of this data is essential for us to provide our services. If you refuse to provide this data, we cannot guarantee the proper performance of our services (e.g., account creation, telemedicine consultations).
The data collected in connection with our services is not subject to any processing that could lead to discrimination. In accordance with Article 9.1 of the GDPR, so-called sensitive data—such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning sex life or sexual orientation—is neither requested nor used, unless it is strictly necessary for your medical care.
We collect your Personal Data for specific purposes and on various legal grounds.
4.1 In connection with the management of telemedicine consultations
As the data controller:
Objectives
Data collected
Legal Basis
Shelf life
Creating and managing your personal account
Last name, first name, email address, phone number, login credentials, Social Security number, gender, and date of birth
Contractual relationship
5 years since the last interaction
Support Services Management (Assistance, Claims, Complaints)
Contact information, details of complaints, history of interactions
Contractual relationship
6 months for recordings from support and chat / 36 months for emails
Promotion of TESSAN Group and TESSAN Med's activities
Contact information, date of birth, gender
Consent
Until you unsubscribe or withdraw your consent
Conducting sales and marketing outreach activities
Contact information, date of birth, gender
Consent
Until you unsubscribe or withdraw your consent
Managing Cookies and Trackers
Browsing information (cookies, connection logs)
Consent (via cookie banner)
13 months or until consent is withdrawn
Compilation of statistics
Pseudonymized data on website usage
Legitimate interest (if pseudonymization is used) or consent (analytical cookies)
13 months for browsing data; otherwise, immediate pseudonymization
Compliance with legal and regulatory requirements
Data required to comply with legal obligations (accounting, record-keeping, etc.)
Legal requirement
In accordance with applicable legal retention periods (e.g., 10 years for accounting data)
Account Suspension Management
Contact information, interaction history, dispute information
Legitimate interest and legal obligation
Until the issue is resolved or in accordance with the law
As a subcontractor for healthcare professionals:
Objectives
Data collected
Legal Basis
Shelf life
Microsoft Azure L (HDS-certified – Art. L. 1111-8 of the Public Health Code)
Identity, health information, contact information, medical history
Explicit consent
20 years for medical records (or up to 28 years for minors)
Operational Management of Telemedicine Requests
Identity, health information, contact information, medical history
Explicit consent
20 years for medical records (or up to 28 years for minors)
Transcript of the telemedicine consultation (accessible only to TESSAN Med physicians)
Health data (consultation records, diagnoses, prescriptions)
Explicit consent
20 years for medical records
Billing and Payment Management
Consultation fees, payment information (via Stripe)
Performance of a contract
10 years from the end of the fiscal year
Claims Management and Exercising Rights
Contact information, details of complaints, requests to exercise rights (access, correction, etc.)
Legal requirement
In accordance with the law
Appointment Scheduling for Specialty Care
Name, contact information, reason for the appointment
Contractual relationship
5 years since the last interaction
Forwarding your requests and managing your interactions with healthcare professionals
Contact information, interaction history, relevant medical information
Contractual relationship
5 years since the last interaction
The data collected is processed solely for the purposes indicated in the tables above; no processing will be carried out for purposes other than those mentioned above without the consent of the data subjects.
4.2 In the context of TESSAN CONNECTED HEALTH
As data controller:
Objectives
Data collected
Legal Basis
Shelf life
Creating and managing your personal account
Last name, first name, email address, phone number, login credentials, Social Security number, gender, and date of birth
Contractual relationship
5 years since the last interaction
Support Services Management (Assistance, Claims, Complaints)
Contact information, details of complaints, history of interactions
Contractual relationship
6 months for recordings from support and chat / 36 months for emails
Promotion of TESSAN Group and TESSAN Med's activities
Contact information, date of birth, gender
Consent
Until you unsubscribe or withdraw your consent
Conducting sales and marketing outreach activities
Contact information, date of birth, gender
Consent
Until you unsubscribe or withdraw your consent
Managing Cookies and Trackers
Browsing information (cookies, connection logs)
Consent (via cookie banner)
13 months or until consent is withdrawn
Compilation of statistics
Pseudonymized data on website usage
Legitimate interest (if pseudonymization is used) or consent (analytical cookies)
13 months for browsing data; otherwise, immediate pseudonymization
Compliance with legal and regulatory requirements
Data required to comply with legal obligations (accounting, record-keeping, etc.)
Legal requirement
In accordance with applicable legal retention periods (e.g., 10 years for accounting data)
Account Suspension Management
Contact information, interaction history, dispute information
Legitimate interest and legal obligation
Until the issue is resolved or in accordance with the law
Your Personal Data may be processed by duly authorized TESSAN employees, within the scope of their respective responsibilities, in order to provide the Services offered (account creation, processing of telemedicine requests, connecting you with a healthcare professional, handling requests for information, complaints, etc.) and to manage the Platform.
Your Personal Data may be shared with third parties under specific circumstances, such as:
- Healthcare professionals working for TESSAN Med: in the context of teleconsultations.
- Health insurance providers and supplemental health insurance organizations (mutuals): to enable coverage of teleconsultations.
- Pharmacies, hospitals, health centers, nursing homes, opticians, nursing centers, local authorities, and CSE or CSR departments within a corporate site: types of clients who have or may subscribe to TESSAN Group’s teleconsultation service, for whom aggregated statistical data on the system’s usage (number of patients per day, time slots, average duration of teleconsultations) in order to optimize client flows within the context of their own operations.
- Finally, your data may also be transmitted to legal or regulatory authorities in order to comply with our legal obligations.
Depending on the circumstances, these third parties act as independent data controllers, joint controllers, or processors acting on behalf of TESSAN, in accordance with the provisions of Articles 26 and 28 of the GDPR.
This data sharing is carried out only after obtaining your consent, or when necessary for the performance of our contract with you. Only the information that these third parties need to perform the service is provided to them. They are also required not to use the data for purposes other than those originally intended.
In connection with the provision of its Services, TESSAN engages service providers who act as processors within the meaning of the GDPR and who may, in this context, have access to the Personal Data collected by TESSAN. Each processor is contractually obligated to process personal data only upon documented instructions from TESSAN and to implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of the data processed.
TESSAN Group may share Personal Data with the following processors:
Recipients
Objectives
AirCall
Management of User Support Requests
Calendoc
Scheduling Telemedicine Appointments for Users
Cloudflare
Ensure the hosting of the website and the data collected and processed for marketing purposes
Datadog
A technical monitoring tool used to identify and analyze potential platform malfunctions. The session replay feature is configured to exclude any recording of fields containing personal data or health information, and is used exclusively for the purposes of maintenance and technical improvement of services.
HubSpot
User management and the sending of content for informational and marketing purposes (if the User has given consent)
Intercom
Tool for managing chats and emails sent to support
MailChimp
Sending emails to users for informational and marketing purposes (if the user has given consent)
MailGun
Sending emails to users for informational purposes regarding their telemedicine consultations, their account status, and documents added to their patient account
Microsoft Azure L (HDS-certified – Art. L. 1111-8 of the Public Health Code)
Ensure the hosting of the Platform and the data collected and processed in connection with the provision of services
MongoDB (HDS-certified – Art. L. 1111-8 of the Public Health Code)
Ensure that data collected and processed in connection with the provision of services is stored
OnePilot
Patient support via phone, chat, and email, in addition to TESSAN support
Orisha
Handle billing and, if necessary, manage the teleconsultation
Posos
A medication database and prescription support software for creating medical prescriptions, including the detection of drug interactions with previous prescriptions
Sicorfe
Handle billing and, if necessary, manage the teleconsultation
Stripe
User makes a payment. User's payment method is stored (if the user consents)
TeamViewer
Remote assistance tool under user supervision
Twilio
Sending one-time passwords to users to secure access to their data.
Sending SMS messages as notifications as part of the service provided.
Recipients
Type of relationship
Pharmacy Group
Access to discounted rates for teleconsultation services
Cooperative groups, franchise networks, and mutual optical chains
Access to discounted rates for teleconsultation services
Doctolib
Pharmacists and opticians can sign up for a Doctolib listing service to feature their TESSAN system on the platform and increase its visibility
TopCon, Visionix, Ihealth, Riester, Dinolite
Suppliers of medical devices connected to the TESSAN Augmented Teleconsultation Platform to enable physicians to expand their diagnostic capabilities during teleconsultations. No information is shared with the suppliers
Your Personal Data is hosted in France, and we strive to keep it within the European Union. However, the Personal Data we collect when you use our Platform and Services may be transferred to other countries. This is the case, for example, if some of our doctors are located outside the EU.
When TESSAN Group engages processors located outside the European Union or that may perform all or part of the outsourced processing outside the European Union, TESSAN Group undertakes to implement the necessary measures to enable such transfers. In particular, it undertakes to use only subcontractors located in countries that have received an adequacy decision from the European Commission or with which it has entered into standard contractual clauses (SCCs).
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable legal obligations. Retention periods vary depending on several factors, such as:
- The operational needs of TESSAN;
- Contractual requirements;
- Legal obligations;
- Recommendations from supervisory authorities;
- Specific requirements regarding health data.
TESSAN is committed to protecting the Personal Data we collect or process against loss, destruction, alteration, and unauthorized access or disclosure. Access to this data is restricted to duly authorized personnel.
Access to personal data is strictly limited to TESSAN employees who need it to perform their duties. Such access is governed by authorization mechanisms and is subject to regular checks to ensure that only authorized individuals can access the relevant information.
Thus, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks associated with its processing, to preserve the security and confidentiality of your personal data. These measures may include, in particular:
- Limited access to personal data by TESSAN employees based on their roles and contractual safeguards when using an external service provider;
- Conducting privacy impact assessments;
- Regular reviews of practices and procedures regarding TESSAN’s information systems;
- Physical and/or logical security measures (secure access, authentication procedures, backup copies, antivirus software, firewalls, etc.).
Cookies are files stored on your device when you browse our website. We use different types of cookies to enhance your user experience:
Types of cookies
Objectives
Shelf life
Strictly necessary cookies, functionality cookies
To ensure the website functions properly, enhance your experience on the TESSAN website, and take your preferences into account
Session
Analytical cookies
Measuring website traffic and performance, and creating a FAQ section
13 months
Advertising cookies
Customize ads based on your profile
Until consent is withdrawn
When you first visit the site, a banner will inform you about these cookies and allow you to accept or decline them.
In accordance with the GDPR, you have the following rights regarding your personal data:
- Right of access: obtain a copy of your personal data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request the deletion of your data under certain conditions.
- Right to data portability: retrieve your data in a usable format.
- Right to withdraw consent: at any time for processing based on your consent.
- Right to restriction of processing: temporarily suspend the processing of your data in certain cases.
- Right to set post-mortem guidelines: specify the fate of your data after your death.
TESSAN Group has implemented a procedure for managing the rights of Data Subjects, in accordance with current regulatory requirements. This procedure establishes:
- The standards to be followed to ensure transparent information for Data Subjects
- The legal requirements that must be met
- The authorized means for submitting a request for each right, depending on the category of Data Subject
- Operational processes for handling these requests in accordance with regulatory requirements
- Parties involved in these processes, their roles and responsibilities
You may exercise all of these rights by simply submitting a request to TESSAN’s Data Protection Officer (DPO) at the following address: dpo@tessan.io.
When you submit a request to exercise your rights, you are asked to specify as clearly as possible the scope of the request, the type of right being exercised, the personal data processing involved, and any other relevant information. Additionally, if there is reasonable doubt regarding your identity, you may be asked to provide proof of identity.
If, after contacting us, you believe that your data rights have not been respected, you may file a complaint with the French Data Protection Authority (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.
This Policy may be updated to reflect changes in the law and our practices. We will notify you of any significant changes via announcements on our website.
1. What is the purpose of AI in the context of telemedicine?
TESSANincorporates an Artificial Intelligence (AI) solution (OpenAI’s Generative AI) to optimize the preparation for telemedicine consultations and improve the quality of medical care. The goal is to assist doctors by organizing the information provided by patients prior to their consultation.
The AI is used only prior to the telemedicine consultation to analyze the symptoms reported by the patient through an interactive questionnaire. The AI analyzes this information contextually and, if necessary, generates additional questions tailored to the patient’s medical profile to refine the collection of relevant data (e.g., duration of symptoms, intensity, current treatments, chronic conditions). Once this process is complete, the AI produces a structured and contextualized summary for the physician, accompanied by a secure link allowing access to all of the patient’s raw responses.
The AI used by TESSAN does not replace the expertise of a healthcare professional: it does not make a diagnosis, prescribe any treatment, or make any autonomous medical decisions. Its role is strictly limited to the preliminary analysis of symptoms and the transmission of a structured summary to the physician. The analyses performed by the AI do not constitute automated decision-making within the meaning of Article 22 of the GDPR. All medical decisions are made exclusively by a healthcare professional.
The Role of AI
Limitations of AI
Collect and organize the symptoms reported by the patient
Do not make a medical diagnosis
Identify potential risk factors (age, medical history, current treatments)
Does not prescribe any treatment
Present the information to the doctor in a clear and concise manner
Does not make any clinical decisions
Facilitate the referral of patients to the appropriate healthcare professional
This is not a substitute for medical advice from a doctor
It operates under the exclusive supervision of the physician, who retains full responsibility for the medical evaluation, diagnosis, and conduct of the consultation.
Finally, the patient is fully informed of the existence of this automated process and may, if they wish, decline the use of AI without this affecting the quality of care.
2. What regulations govern TESSAN’s use of AI?
The AIused by TESSAN is deployed in compliance with applicable regulations, including:
Regulations
Key applicable principles
General Data Protection Regulation (GDPR) – (EU) 2016/679
Protection and Security of Health Data
Artificial Intelligence Act (AIA) – European Union
Classification of AI in healthcare as a “high-risk system” requiring human oversight and transparency. The system is subject to regulatory oversight, including, in particular, continuous human supervision, risk management, and technical documentation of the algorithm’s operation.
Regulation (EU) 2017/745 on medical devices
AI is not a standalone medical device, but a tool that helps summarize a patient's symptoms
CNIL Recommendations on AI and Healthcare
Regulating the use of AI and respecting patients' rights
TESSAN is committed to meeting these requirements by implementing strict controls over its algorithms and ensuring full transparency regarding how its AI operates.
3. How does the AI work before the telemedicine consultation?
The AIis only involved prior to the medical consultation and follows these steps:
1. The patient reports their symptoms via an interactive questionnaire.
2. The AI analyzes this information and generates follow-up questions to refine the symptom assessment.
3. A detailed summary is sent to the doctor before the telemedicine consultation.
4. The doctor can review all the responses and adjust their assessment based on their clinical expertise.
Step
AI Intervention
Role of the physician
Enter symptoms
Collection and organization of information
None
Automatic analysis
Generation of follow-up questions
None
Reporting of results
Presentation of a detailed summary
Reading and Interpretation
Teleconsultation
None
Diagnosis and Medical Decision-Making
AI does not intervene in the interaction between the doctor and the patient and does not influence either the diagnosis or medical prescriptions.
4. What data is processed by the AI and why?
Dataprocessingcarried out in connection with the use of AI is based on the provision of telemedicine services offered by TESSAN (Article 6.1.b of the GDPR) and on the medical care of patients (Article 9.2.h of the GDPR). When the use of AI is optional, the patient may choose not to use it without this affecting access to the consultation.
Data collected
Description
Purpose
Symptoms
Information entered by the patient (e.g., "headache," "fever")
Analysis and Organization for Physicians
Medical history
Provided voluntarily by the patient
Providing information to the doctor
Risk factors
Age, current treatments, chronic conditions
Patient Guidance
This data is strictly confidential and accessible only to the physician conducting the teleconsultation.
5. How does TESSAN ensure data security and confidentiality?
TESSANimplements strict protocols to ensure the security and confidentiality of data processed by AI.
Security measures implemented:
- Data encryption during transmission and storage.
- Secure hosting with a provider certified as a Health Data Host (HDS).
- Access restricted to healthcare professionals and authorized technical teams.
Data retention period:
- Data is retained in the same manner as the rest of the data created during the teleconsultation.
- When used for the purpose of improving the AI, the data is irreversibly anonymized, preventing any direct or indirect identification of patients.
6. Who oversees the results generated by the AI?
The AIis subject to mandatory medical supervision. All information it generates is systematically validated by a physician. The patient may also:
- Refuse the use of AI
- Access the information provided and request changes if necessary.
The doctor may modify or disregard the AI’s suggestions regarding the symptoms described by the patient. The AI makes no clinical decisions and cannot under any circumstances replace the doctor’s judgment.
7. What are the responsibilities and limitations of AI?
TESSAN’s Commitments:
- Reliability and Accuracy: Regular updates based on the latest versions of OpenAI.
- Bias Prevention: TESSAN implements mechanisms for monitoring and regularly evaluating the AI’s performance to identify any biases or errors that could affect the quality of medical care.
- Error correction: Implementation of a rapid correction protocol.
Limitation of liability:
- TESSAN cannot be held liable for any misinterpretation of the information provided by the AI.
- Users must consult a healthcare professional for any medical decision.
- The physician retains full responsibility for diagnosis and treatment.
8. What are Users’ rights regarding AI?
In accordancewith the GDPR, Users have the following rights:
Law
Description
Right of access
Request a copy of the data processed by the AI
Right to rectification
Correct any inaccurate data
Right to object
Refuse to use AI
Right to be forgotten
Request the deletion of your data
Right to data portability
Recover your data in a readable format
Any inquiries may be directed to our Data Protection Officer (DPO) at dpo@tessan.io.