docbio

Privacy Policy

Updated Date: 4 June 2026

This Privacy Policy (“Privacy Policy”) describes how DOCBIO TECHNOLOGIES PRIVATE LIMITED, a company incorporated under the laws of India and having its registered office at WeWork Eldeco Centre, MRTS Station Complex, Malviya Nagar (South Delhi), Delhi- 110017 (“Company”, “we”, “us”, or “our”), collects, uses, stores, processes, discloses, and protects information relating to users of the Platform.

This Privacy Policy should be read together with the Terms and Conditions (“Terms”). Capitalised terms not defined herein shall have the meaning assigned to them in the Terms.

This Privacy Policy applies to all persons accessing or using the Platform, including Providers and Visitors.

By using or accessing the Platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy, and you explicitly consent to collection, use, sharing, and disclosure of your information as described herein. We reserve the right to modify, add, or remove portions of this Privacy Policy at our sole discretion at any time, and if you do not agree with these terms, you must immediately cease using or accessing the Platform, and providing your information. Furthermore, if you use the Platform or access the Platform on behalf of another individual you represent and warrant that you are fully authorized to accept this Privacy Policy and consent to the collection, use, and disclosure of their information on their behalf.

1. Scope of the Platform

1.1. The Platform is a technology-based intermediary service that enables Providers to create publicly accessible professional profile pages containing their information including links, professional information, social media handles, and other third-party resources selected by the relevant Provider.

1.2. The Platform is not:

  1. a telemedicine platform;
  2. an electronic health record system;
  3. a patient management platform;
  4. a diagnostic service;
  5. a healthcare provider; or
  6. a medical consultation service.

1.3. The Company does not collect or process patient medical records, clinical histories, diagnostic information, prescriptions, or treatment data through the ordinary operation of the Platform.

2. Information We Collect

2.1. Information Provided by Providers: When a Provider creates or manages an account on the Platform, the Company may collect identity and contact information (such as name, mobile number, and email address), professional information (such as qualifications, registrations, specialisations, affiliations, and practice details), registration or license documents submitted as proof of professional registration or eligibility, photographs uploaded for display on the Provider’s Profile or for internal administrative purposes, and content (including text, images, videos, and links) uploaded by the Provider to the Platform. Certain information published by a Provider as part of their Profile is intentionally made publicly accessible by design. Providers acknowledge and consent to the public display of such information on the Platform.

2.2. Providers may also choose to connect third-party accounts or services (such as social media accounts) to the Platform. Where a Provider establishes such a connection, the Company may receive limited account information and selected content from the connected service, in accordance with the permissions granted by the Provider at the point of connection and the terms of the relevant third-party service. Such content may be displayed on the Provider’s Profile through the Platform.

2.3. Information may be shared with the Company through the Platform directly or through alternative communication channels (such as email or messaging applications) where a Provider voluntarily shares such information for the purpose of account setup, support or administrative purposes. Any information so shared is handled in accordance with this Privacy Policy.

2.4. Information Automatically Collected:

  1. The Platform automatically collects standard technical and usage data from all persons accessing it, including IP address (which may be hashed for storage purposes), browser type, device type and characteristics, referrer information, search engine query parameters, pages visited, and analytics events, including through third-party analytics providers. The Company may also use device characteristics to distinguish between new and returning visitors for aggregate analytics purposes.
  2. Such information is collected from both Providers (when accessing their account) and Visitors (when browsing Provider Profiles or interacting with the Platform). The Company uses this information to operate the Platform, generate aggregate analytics for Providers regarding visits to their Profile, and improve Platform functionality.

2.5. When any person submits a report through the Platform’s reporting mechanism, the Company may collect the reporter’s name and email address, the contents of the report (including descriptions, supporting information, and any uploaded evidence), and related technical metadata (such as IP address, browser, and device information). Such information is used solely for reviewing and acting upon the relevant report.

2.6. Cookies and Similar Technologies: The Platform may use cookies or similar technologies for:

  1. authentication and session management;
  2. security and fraud prevention;
  3. analytics and performance measurement;
  4. remembering user preferences; and
  5. improving Platform functionality.

2.7. Users may disable cookies through browser settings; however, certain features of the Platform may not function properly as a result.

3. Public Profiles and Search Engine Visibility

3.1. Provider Profiles hosted on the Platform are public by default.

3.2. Information published on a Profile may:

  1. be visible to any person accessing the internet;
  2. be indexed by third-party search engines;
  3. appear in search engine results, output generated by AI Agents, social media platforms; and
  4. be copied, cached, archived, or stored by third parties beyond the Company’s control.

3.3. Providers are solely responsible for providing information they publish on their Profile.

3.4. The Company cannot guarantee removal of publicly accessible information from third-party search engines, caches, archives, or external systems after publication.

4. How We Use Information

4.1. The Company may use collected information for purposes including:

  1. Facilitating creation and maintenance of Provider accounts and Profiles;
  2. reasonably check Provider information;
  3. operating, maintaining, and improving the Platform;
  4. enabling Profile hosting and public accessibility;
  5. communication and marketing;
  6. processing subscription payments and invoices;
  7. responding to support requests and grievances;
  8. monitoring platform integrity and preventing misuse;
  9. enforcing the Terms;
  10. complying with legal and regulatory obligations; and
  11. analysing Platform usage and performance.

5. Legal Basis and Consent

5.1. By using the Platform and voluntarily providing information, you consent to the collection and processing of your information in accordance with this Privacy Policy and applicable law.

5.2. Where required under applicable law, the Company processes information:

  1. for the performance of contractual obligations;
  2. for compliance with legal obligations;
  3. for legitimate business and security purposes; and
  4. based on your consent.

5.3. Providers acknowledge that information intentionally published on a Profile is voluntarily made publicly available by them.

6. Sharing and Disclosure of Information

6.1. The Company may share information:

  1. with service providers, vendors, sub-processors, and infrastructure providers assisting in the operation of the Platform (such as cloud hosting providers, database and content delivery providers), communication providers (such as SMS delivery services for OTPs and notifications), analytics providers, and video hosting providers, each acting on the Company’s behalf and subject to appropriate confidentiality and data protection obligations;
  2. with payment processors for billing-related purposes;
  3. where required by law, regulation, court order, or governmental directions;
  4. to protect the rights, safety, security, or property of the Company, users, or the public; or
  5. in connection with a merger, acquisition, restructuring, or sale of business assets.

6.2. The Company does not control how third parties independently use publicly available Profile information once accessed or indexed.

7. Cross-Border Data Transfer

7.1. The Platform may use third-party service providers and infrastructure partners that store, process, or otherwise handle information outside India. By using the Platform, you acknowledge and consent to the transfer of information across borders in accordance with applicable law. The Company shall take reasonable measures to ensure that any such transfer is undertaken in compliance with applicable legal and regulatory restriction for cross-border data flows.

8. External Links and Third-Party Services

8.1. Provider Profiles may contain links to third-party websites, appointment platforms, social media services, hospital websites, or other external resources.

8.2. The Company does not control and is not responsible for:

  1. the privacy practices of third-party platforms;
  2. the content or security of external websites; or
  3. any interaction occurring outside the Platform.

8.3. Users are encouraged to review the privacy policies of third-party services before interacting with them.

9. Data Retention

9.1. The Company retains information relating to Providers and Visitors, for as long as is reasonably necessary for the purposes for which it was collected including:

  1. operation of the Platform;
  2. compliance with legal and regulatory obligations;
  3. dispute resolution;
  4. fraud prevention; and
  5. enforcement of agreements;

9.2. Public Profile information may remain accessible through third-party search engine caches or archives even after deletion from the Platform.

9.3. Information that is no longer necessary for these purposes may be deleted or anonymised, except where retention is required under applicable law, regulatory requirements, or legal process. The Company may retain limited residual records where required by law or for legitimate compliance and security purposes.

10. Account Deletion and Removal

10.1. Providers may request deletion of their account and Profile by contacting the Grievance Officer as provided under the Terms.

11. Security Measures

11.1. The Company implements reasonable technical and organisational measures intended to protect information against unauthorised access, disclosure, alteration, or destruction.

11.2. However, no method of electronic transmission or storage is completely secure, and the Company cannot guarantee absolute security of information transmitted through the internet.

11.3. Users are responsible for maintaining the confidentiality of their account credentials.

12. Grievance Officer

12.1. Any grievances regarding this Privacy Policy may be addressed to the Grievance Officer whose details are available in the Terms.

13. Changes to This Privacy Policy

13.1. The Company may revise or update this Privacy Policy from time to time. Updated versions will be posted on the Platform. Continued use of the Platform after such updates constitutes acceptance of the revised Privacy Policy. A Provider who does not accept the revised Privacy Policy must terminate their account in accordance with the Terms.