Privacy Policy

YESCA Technologies Pvt Ltd operates the Vaidya247 platform - a marketplace connecting healthcare professionals with healthcare facilities for temporary medical gig opportunities. We are committed to protecting your personal information and your right to privacy in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Information We Collect

2.1 Information You Provide Directly

For All Users:

• Account information: Name, email address, phone number
• Profile information: Profile photo, bio, preferences
• Authentication data: Login credentials, authentication tokens
• Communication data: Messages, support tickets, feedback
• Marketing consent: Email subscription preferences

For Healthcare Professionals (Doctors):

• Professional credentials: NMC registration number, medical degree certificates
• Educational background: MBBS state, additional qualifications, specializations
• Work experience: Previous positions, hospital affiliations, years of experience
• Identity verification: Government-issued ID, registration certificates, photographs
• Bank account details: Account number, IFSC code, bank name (for payouts)
• Professional indemnity insurance details (if applicable)

For Healthcare Facilities (Hospitals/Clinics):

• Facility information: Hospital name, address, type, bed count, departments
• License information: Facility registration number, license certificates
• Contact person details: Name, designation, phone number, email
• Identity verification: Registration certificates, contact person ID proof
• Financial information: GST number, PAN number, bank account details
• Facility accreditations (NABH, NABL, etc.)

2.2 Information Collected Automatically

• Device information: Device type, operating system, unique device identifiers
• Usage data: App features used, time spent, interaction patterns
• Location data: GPS coordinates (with your consent), IP address-based location
• Technical data: IP address, browser type, app version, error logs
• Push notification tokens: FCM tokens for sending notifications
• Cookies and similar technologies: Session cookies, preference cookies

2.3 Information from Third Parties

• Social media authentication: Profile information from Google, Apple (if you use social login)
• Payment processors: Transaction status, payment method details (from Cashfree)
• Verification services: NMC registration validation data
• Referral sources: Information from users who refer you

3. How We Use Your Information

3.1 Primary Purposes

• Account Management: Creating and managing your account, authentication, profile updates
• Platform Services: Facilitating gig postings, applications, bookings, and communications
• Verification: Verifying professional credentials, licenses, and identity documents
• Payment Processing: Processing payments, payouts, refunds, and transaction records
• Communication: Sending notifications, updates, and responding to inquiries
• Matching: Connecting healthcare professionals with suitable gig opportunities

3.2 Secondary Purposes

• Platform Improvement: Analyzing usage patterns to enhance user experience
• Security: Detecting and preventing fraud, abuse, and security incidents
• Compliance: Meeting legal obligations, regulatory requirements, and dispute resolution
• Marketing: Sending promotional content (with your consent, opt-out available)
• Research: Conducting anonymized research and analytics
• Customer Support: Providing technical support and resolving issues

3.3 Legal Bases for Processing (DPDPA Compliance)

We process your personal data based on:

• Consent: You have given explicit consent for specific purposes
• Contract Performance: Processing is necessary to fulfill our service agreement with you
• Legal Obligation: We must process data to comply with Indian laws
• Legitimate Interest: Processing is necessary for fraud prevention, security, and platform improvement

4. How We Share Your Information

4.1 With Other Platform Users

• When you apply for a gig, hospitals see your professional profile, qualifications, and ratings
• When a hospital accepts your application, contact information is shared for coordination
• After gig completion, both parties can view ratings and reviews

4.2 With Service Providers

• Firebase (Google): Cloud infrastructure, database, authentication, hosting
• Cashfree: Payment processing, payouts, refunds
• Google Maps: Location services, geocoding
• Cloud storage providers: Document and image storage
• Communication services: SMS, email, push notifications
• Analytics providers: Usage analytics and performance monitoring

4.3 For Legal and Safety Reasons

• Compliance with legal obligations, court orders, or government requests
• Enforcement of our Terms of Service and user agreements
• Protection of our rights, property, and safety, or that of users and the public
• Detection and prevention of fraud, security incidents, or illegal activities
• Response to medical emergencies or public health requirements

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email or platform notification.

4.5 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Active accounts: Data retained while account is active
• Inactive accounts: 3 years of inactivity before deletion
• Transaction records: 7 years (as per Indian accounting laws)
• Communication logs: 2 years
• Support tickets: 3 years
• Legal compliance data: As required by applicable laws
• Audit logs: 5 years for security and compliance

After the retention period, we securely delete or anonymize your personal information. Some information may be retained in anonymized form for analytical purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Security Measures Include:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Authentication: Multi-factor authentication, secure phone OTP verification
• Access Controls: Role-based access, principle of least privilege
• Firebase Security Rules: Strict database access controls
• Regular Audits: Security assessments and vulnerability scanning
• Secure Infrastructure: Firebase/Google Cloud Platform security features
• Employee Training: Data protection and security awareness training
• Incident Response: 72-hour data breach notification protocol (DPDPA compliance)

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security. Please use strong passwords and do not share your account credentials.

7. Your Rights (DPDPA Compliance)

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

7.1 Right to Access

You can request a copy of the personal information we hold about you. We will provide this in a structured, commonly used, and machine-readable format within 30 days.

7.2 Right to Correction

You can update or correct your personal information at any time through your profile settings or by contacting us.

7.3 Right to Erasure

You can request deletion of your personal information. We will comply unless we have a legitimate reason to retain it (e.g., legal obligations, ongoing disputes, transaction records).

7.4 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

7.5 Right to Grievance Redressal

You can raise concerns about our data practices with our Data Protection Officer or the Data Protection Board of India.

How to Exercise Your Rights:

Contact us at privacy@vaidya247.com with your request. We will respond within 30 days. You may need to verify your identity for security purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies We Use:

• Essential Cookies: Required for platform functionality (authentication, security)
• Performance Cookies: Analyze platform usage and performance
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Google Analytics, Firebase Analytics

You can control cookies through your browser settings. However, disabling certain cookies may limit platform functionality.

9. Children's Privacy

Vaidya247 is intended for adults aged 18 and above. We do not knowingly collect personal information from individuals under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information promptly.

10. International Data Transfers

Your data is primarily stored on Firebase servers located in India (asia-south1 region). However, some service providers (e.g., Firebase/Google Cloud) may process data in other countries.

We ensure that any international data transfers comply with DPDPA requirements and use Standard Contractual Clauses or other approved transfer mechanisms. We will seek your explicit consent for cross-border data transfers where required by law.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites or services (e.g., social media, payment gateways). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Marketing Communications

With your consent, we may send you promotional emails, push notifications, and SMS messages about:

• New gig opportunities matching your profile
• Platform updates and new features
• Special offers and promotions
• Educational content and tips

Opt-Out Options:

• Click "Unsubscribe" in any marketing email
• Adjust notification preferences in app settings
• Contact us at support@vaidya247.com

Note: You cannot opt out of transactional communications (e.g., booking confirmations, payment receipts, security alerts) as these are essential to the service.

13. WhatsApp Business API Communication

We may use WhatsApp Business API to send you:

• Booking confirmations and updates
• Payment notifications
• Gig reminders
• Customer support responses
• Verification codes (OTP)

By using our Platform and providing your phone number, you consent to receive these transactional messages via WhatsApp. You can opt out of non-essential WhatsApp messages at any time by replying "STOP" or adjusting your preferences in the app.

WhatsApp messages are subject to WhatsApp's Privacy Policy and Terms of Service. We do not share your WhatsApp chat content with third parties (except WhatsApp/Meta for message delivery).

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach (as per DPDPA)
• Inform the Data Protection Board of India
• Provide details about the breach, affected data, and remedial actions
• Offer guidance on steps you can take to protect yourself

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features.

Notification of Changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or in-app notification
• Your continued use of the Platform after changes indicates acceptance
• If changes require new consent, we will seek it explicitly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: