Privacy Policy | DoctorReviews.in

In short: We collect minimum data needed to run the platform. We never sell your data. You can request deletion anytime by emailing privacy@doctorreviews.in.

1. Who We Are

DoctorReviews.in ("we", "us", "our") is a doctor and hospital review platform operated from India. This Privacy Policy explains how we handle your personal data in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and applicable rules.

2. Information We Collect

2.1 Information you provide

Name & contact: When you submit a review or contact us
Phone number: For OTP verification of reviews (we use this only to verify identity)
Review content: Your written reviews, ratings, and uploaded photos
Email address: If you subscribe to updates or contact support

2.2 Information collected automatically

Device data: Browser type, operating system, screen size
Usage data: Pages visited, time spent, search queries (no personal identifiers)
IP address: Used only for fraud prevention and approximate location
Cookies: See Section 7 below

2.3 Location data (optional)

If you use the "Near Me" feature for blood banks or doctors, we request your browser location only with your explicit permission. Location is used in real-time and not stored.

3. How We Use Your Data

To publish your reviews (only the name and review text — never your phone)
To verify review authenticity via OTP
To prevent spam, fake reviews, and abuse
To improve platform features and user experience
To respond to your queries and grievances
To comply with legal obligations

4. Doctor Information & NMC Verification

Doctor names, qualifications, registration numbers, and council affiliations displayed on our site are sourced from the National Medical Commission (NMC) Indian Medical Register, which is a publicly available database. We display this information for the public's right to verify medical practitioners.

If you are a doctor and wish to update or remove information about yourself, please write to doctors@doctorreviews.in with proof of identity.

5. Data Sharing

We do not sell your personal data. We share data only in these limited cases:

Service providers: Hosting (Hostinger), database (Supabase), SMS gateway (for OTP) — bound by confidentiality
Legal requirements: If compelled by valid legal process under Indian law
Safety: To prevent fraud, abuse, or threats to user safety
Aggregated analytics: Anonymous, non-identifiable statistics may be shared publicly

6. Your Rights Under DPDP Act 2023

As a Data Principal, you have the right to:

Access: Request a copy of personal data we hold about you
Correct: Update or fix inaccurate data
Erase: Request deletion of your data (right to be forgotten)
Withdraw consent: Stop processing of your data going forward
Grievance redressal: File a complaint with our Grievance Officer (see Section 11)
Nominate: Designate someone to exercise your rights in case of incapacity

To exercise any right, email privacy@doctorreviews.in. We will respond within 30 days.

7. Cookies & Tracking

We use:

Essential cookies: For site functionality (cannot be disabled)
Analytics cookies: Google Analytics 4 — anonymized, IP-masked
localStorage: To remember recently viewed doctors (stored on your device only, never sent to us)

You can disable cookies in your browser settings. Most site features will continue to work.

8. Data Retention

Reviews: Stored as long as the platform operates (reviews are public content)
Phone numbers (for OTP): Deleted within 90 days of last use
Analytics data: 14 months (Google Analytics default)
Account data: Until you request deletion

9. Security

We implement reasonable security practices per Rule 8 of IT (Reasonable Security Practices) Rules, 2011:

HTTPS encryption for all data in transit
Database access restricted to authorized personnel
Regular security audits and updates
OTP-based verification for sensitive actions

However, no online platform is 100% secure. We cannot guarantee absolute security but commit to notifying users within 72 hours of any breach affecting their data.

10. Children's Privacy

Our platform is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has submitted data, contact us for immediate deletion.

11. Grievance Officer (IT Rules 2021)

Grievance Officer: Manish Bhaparia
Email: grievance@doctorreviews.in
Response time: Within 24 hours
Resolution time: Within 15 days as mandated

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via banner on the site for 30 days. The "Last updated" date at the top reflects the most recent change.

13. Governing Law

This policy is governed by Indian law. Disputes are subject to the exclusive jurisdiction of courts in Mumbai, Maharashtra, India.

14. Contact Us

For any privacy-related questions:

General privacy queries: privacy@doctorreviews.in
Grievances: grievance@doctorreviews.in
Doctor profile concerns: doctors@doctorreviews.in