Privacy policy

Last updated: DRAFT — pending counsel review before launch

Pre-launch draft. This policy is structurally complete but the wording must be reviewed by an Indian privacy counsel before public launch (DPDP Act 2023, IT Rules 2021, applicable medical-data norms).

Who we are

Health and Medic is operated by Health and Medic Pvt Ltd (the "Company"), a private limited company incorporated in India, with its registered office at [Registered address — fill before launch].

For privacy questions or to exercise your rights under the DPDP Act 2023, contact our Grievance Officer at [email protected] or via the grievance officer page.

What we collect

Account: email, password hash (if you set one), sign-up IP and user agent, last login timestamp.
Profile: display name, specialty, city, current employer, headline, bio, LinkedIn URL — what you choose to share when filling in your profile.
Verification: council registration number, council, year of admission, and the verifier's response (Surepass / AuthBridge) for proof-of-credentials. Manual proof: work email, LinkedIn URL, free-form text.
Content: reviews, posts, comments, articles, messages, appointments, job applications. Your content is associated with your account; some is public, some is connection- only. Each surface tells you the visibility before you submit.
Contact info captured at the time of action: patient name + email + phone for appointment bookings; full name + email + phone + cover note for job applications.
Payment: Razorpay handles all card data; we store the Razorpay order/payment IDs and amounts for invoicing. We do not see your card details.
Technical: IP, user agent, timestamps for sign-ins, content submissions, and rate-limit accounting.

Why we collect it (legal basis)

We process personal data under the following bases per the DPDP Act 2023:

Consent: when you sign up, post content, opt into the email digest, or request appointments.
Performance of contract: processing payments, confirming appointments, fulfilling job-board services.
Legitimate use: moderation, anti-abuse, security logs, audit trail.
Legal obligation: retaining records required by IT Rules 2021 (grievance officer logs), tax laws (GST invoices), and law-enforcement orders.

Who we share it with

Surepass / AuthBridge — receive your council registration number and claimed name when you initiate verification, and return the official record. Their response is stored in your verification record.
Razorpay — processes payments, charges subscriptions, and emits webhooks; receives payer name, email, phone, amount.
Amazon Web Services — Amazon SES sends transactional and digest emails. Email content includes your email address as recipient.
Sentry — receives anonymized error stack traces. We have configured it to scrub URLs and request bodies.
Hetzner — hosts our servers and database. They see encrypted traffic and database files at rest.
Law enforcement / courts — on a valid order, we disclose what's required and no more, and we record the disclosure in our audit log.

We do not sell your data. We do not use it for third-party advertising. We do not share it with insurers, recruiters, pharma, hospital chains, or anyone else for marketing purposes.

Your rights

Access: see what we have via /settings. A full machine-readable export is one click away (Export my data).
Rectification: edit your profile, fix mistakes, update contact info — all from /settings.
Erasure: delete your account from /settings → Delete account. The wipe is real: profile, posts, reviews, messages, uploads are removed. An audit-log tombstone with the {action, timestamp} survives for compliance with IT Rules 2021.
Withdraw consent: for the digest, change preference at /settings or click any unsubscribe link.
Grievance: contact our grievance officer; we acknowledge within 24 hours and resolve within 15 days.

Retention

We retain data for as long as your account exists, plus the duration required by law (typically 7 years for tax records and subscriber-identification per IT Rules). After erasure, only the audit-log tombstone, anonymized aggregate metrics, and any compliance-required artifacts remain.

Children

The service is intended for users 18 years and older. If a parent books an appointment for a child via our platform, the child's name and clinical context become part of the appointment record; the parent is responsible for that disclosure.

International transfers

Servers are in India (Hetzner Helsinki / Falkenstein for now, migrating to Hetzner India when available). SES email infrastructure is in AWS Mumbai. Sentry error data may be processed in the EU.

Changes

We will notify you in-app and via email when we make material changes to this policy. The current version is always at /privacy.