Privacy Policy

1. Introduction

This Privacy Policy explains how YESCA Technologies Pvt Ltd collects, uses, discloses, and protects your personal data when you use the Vaidya247 mobile application, website, and platform ("Platform").

We comply with the Digital Personal Data Protection Act, 2023 ("DPDPA"), the Information Technology Act, 2000 and applicable rules, and other applicable Indian data protection and healthcare regulations. By using the Platform, you consent to the practices described here.

Vaidya247 is a facilitator platform — we process data to enable matching and coordination between users, not to employ or clinically supervise users.

2. Data Controller

YESCA Technologies Pvt Ltd is the Data Controller.
425, Workafella, Cyber Crown, Madhapur, Hyderabad, Telangana 500081, India
Privacy: privacy@vaidya247.com | DPO: dpo@vaidya247.com
Support: support@yesca.in | +91 79953 47299

3. Personal Data We Collect

3.1 Information You Provide

Healthcare Professionals: Name, gender, parent's name, profile photo, phone (login), email, qualifications, NMC/state registration, work experience, location, professional documents, payout account (platform-paid locum only), optional resume and cover note (full-time), reviews, and support messages.

Healthcare Facilities: Organization name and type (hospital or recruiter), contact details, address, logo, license documents, gig and job postings.

All Users: Gig/job activity, in-app messages, payment records, legal acceptance records, and account restriction status.

3.2 Information Collected Automatically

• Device type, OS, app version, identifiers, IP address, crash logs
• FCM tokens for push notifications
• Usage analytics and session data
• Approximate or precise location (with permission) for matching
• Ad impression and interaction data where ads are shown

3.3 Information from Third Parties

• Cashfree Payments: transaction status, payment identifiers, payout status
• Firebase / Google Cloud: authentication, hosting, analytics, messaging
• Phone OTP providers: verification status
• Google / Apple (legacy accounts only): identifiers until migrated to phone-only auth

4. How We Use Your Personal Data

We process data based on consent, contract performance, legal obligation, and legitimate interests (security, fraud prevention, improvement).

5. How We Share Your Personal Data

5.1 With Other Platform Users

• Doctors: name, qualifications, ratings, city/state, profile photo visible when browsing.
• Hospitals: organization name, type, location, ratings, listing details.
• Booked locum gigs: hospital and booked doctor see each other's full phone number on the gig detail card.
• Full-time applications: job poster receives name, phone, qualifications, registration (if on profile), location, verification status, cover note, and resume PDF (if attached).
• We do NOT publicly display bank/payout details, government ID images (except to admins), or unrelated users' phone numbers.

5.2 With Service Providers

We do not sell your personal data for third-party marketing.

6. Profile Tier and Verification Data

• Minimal tier data enables full-time features with limited fields.
• Verified tier requires additional documents stored for admin review.
• Verification status is shown to job posters when you apply for full-time roles.

7. Data Retention

8. Your Rights (DPDPA 2023)

• Access your personal data
• Correct inaccurate data (in-app or via privacy@vaidya247.com)
• Erase data where legally permissible
• Data portability — structured copy where feasible
• Withdraw consent — may limit Platform features
• Grievance — contact dpo@vaidya247.com; escalate to the Data Protection Board of India

Response time: within 30 days of a verifiable request. We may retain data for legal compliance, active bookings, fraud prevention, and dispute resolution.

9. Data Security

• Encryption in transit (TLS), access controls, secure phone OTP authentication
• Firebase security rules and organizational policies
• Payment card data handled by Cashfree; we do not store full card numbers
• Breach notification to affected users and authorities as required by Indian law

10. International Data Transfers

Primary storage is in India (Firebase / GCP regions serving the Platform). Some processors may process data outside India with appropriate safeguards and your consent where required by DPDPA.

11. Children's Privacy

The Platform is for users 18 years and older. We do not knowingly collect data from children. Contact privacy@vaidya247.com if you believe a minor has registered.

12. Cookies, Tracking, and Advertising

The mobile app and website use essential session tokens, functional preferences, Firebase Analytics, crash reporting, and ad delivery measurement for in-app ads. You may limit analytics via device settings or by contacting privacy@vaidya247.com.

13. Specific Processing Notices

• Phone: used for login, OTP, and coordination; shared in full on booked locum gigs and with full-time job posters when you apply.
• Location: used for matching; city/state shown on profiles; precise coordinates used when permitted.
• Pay at location: no gig payout through Platform; offline payment status only.
• Full-time: no application or posting fees; optional resume stored securely for job poster.
• Advertising: ad interactions logged for delivery; advertisers do not receive your profile unless you contact them outside the Platform.
• Account restriction: suspension reason stored for admin enforcement; not shown publicly.

14. Changes to This Policy

We may update this Policy for new features, legal changes, or security improvements. Material changes increment the major version and require in-app acceptance. Version and effective date appear at the top of this document.

15. Contact Us

16. Acknowledgment