shieldData Protection

Privacy Policy

Last updated: February 24, 2026

At Docum, privacy isn't a formality — it's an infrastructure decision. This policy explains how we collect, process, and protect your data in compliance with applicable Indian data protection regulations.

description1. Information We Collect

We collect the following categories of information:

Identity & Professional Data

Name, contact details, NMC/State Medical Council registration numbers, medical degrees, specialty certifications, and professional photo.

Financial Data

Bank account details, UPI IDs, payment transaction history, and escrow account records.

Location Data

GPS coordinates used solely for geofenced check-in/check-out at registered hospital locations. Location data is processed in real-time and stored only as timestamped attendance records.

Hospital Operational Data

Shift requirements, staffing patterns, department structures, and compliance-related records.

security2. Data Isolation Guarantee

Critical Guarantee: Hospital staffing data, operational patterns, and workforce metrics are never shared, cross-referenced, or made visible to any other institution on the platform.

  • check_circleData from Hospital A (e.g., Artemis) is completely isolated from Hospital B (e.g., Max) — even within the same geographic cluster.
  • check_circleNo aggregated staffing demand intelligence is shared with competing institutions.
  • check_circleEach hospital's data is maintained in logically separated environments with access controls enforced at the infrastructure level.

gavel3. NMC & Ethics Compliance

All parties using the Docum platform agree to conduct themselves in accordance with:

  • articleIndian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 — governing professional conduct for all registered medical practitioners.
  • articleNational Medical Commission Act, 2019 — ensuring all credential verification processes comply with NMC standards.
  • articleInformation Technology Act, 2000 and associated data protection rules for secure handling of personal and sensitive data.

lock4. Credential & Payment Data

Credential Vault

Medical registrations, degrees, and certifications are stored in an encrypted, immutable credential vault. Documents are verified via Primary Source Verification (PSV) and can only be accessed by the owning professional and authorized hospital contacts.

Escrow Records

All escrow transactions are maintained as tamper-proof financial records. Both parties have access to transaction history relevant to their engagements. Financial data is never shared with third parties beyond regulatory requirements.

warning5. Cancellation Penalties

To maintain marketplace liquidity and reliability, the following cancellation policies apply:

Professional Cancellation

  • • >24h before shift: No penalty
  • • 12–24h before: Warning + reliability score impact
  • • <12h before: Strike issued
  • • 3 strikes in 30 days: Temporary suspension

Hospital Cancellation

  • • >24h before shift: No penalty, full escrow refund
  • • 12–24h before: Partial compensation to professional
  • • <12h before: Full shift fee payable to professional
  • • Repeated late cancellations impact hospital priority

contact_support6. Data Protection Contact

For any questions, concerns, or data access requests, contact our Data Protection Officer:

Email: privacy@docum.tech
Address: Docum Technologies, Gurugram, Haryana, India
Response Time: Within 48 business hours