Privacy Policy
Plain-language summary
We collect your name, mobile number, email, and Doctor Registration Number to verify your identity and deliver our services. We do not sell your data. We send you WhatsApp and email communications — you can opt out of non-essential messages at any time. Under India's DPDP Act 2023, you have full rights to access, correct, and erase your data. Questions? Email [email protected].
Overview
Finnovate Financial Services Pvt. Ltd. ("Finnovate", "we", "us", "our") operates the Financial OPD platform at www.financialopd.com. We are committed to protecting the personal data of every doctor who uses our platform.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over your data — in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and other applicable Indian laws.
By registering on Financial OPD, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your data as described herein.
Who We Are
Data Fiduciary (Controller): Finnovate Financial Services Pvt. Ltd.
Platform: Financial OPD — a personal finance education community exclusively for verified medical doctors in India.
Contact: [email protected] · +91 92288 53607
For data-related requests, see Section 15 (Grievance Officer).
Data We Collect
We collect only the data necessary to provide and improve our services.
| Category | Data points | Required? |
|---|---|---|
| Identity | Full name, Doctor Registration Number (DRN), State Medical Council | Yes |
| Contact | Mobile number, email address | Yes |
| Authentication | OTP records, login timestamps, session data | Yes |
| Usage | Courses accessed, pages visited, time spent, clicks, search queries within the platform | Automatic |
| Device & Technical | IP address, browser type, operating system, device identifiers, referrer URL | Automatic |
| Payment | Transaction ID, amount, payment status. Card/UPI credentials are processed by our payment gateway and are never stored by Finnovate. | When purchasing |
| Communications | Records of WhatsApp and email interactions for support and compliance | Automatic |
| UTM / Marketing | UTM source, medium, campaign, content, and term parameters captured from the registration URL to understand how you discovered us | Automatic |
| Community content | Posts, comments, and interactions within the Financial OPD community forum | When participating |
We do not collect sensitive personal data such as Aadhaar numbers, PAN cards, financial account numbers, biometrics, health records, or caste/religious information.
How We Collect Your Data
Directly from you
- Registration form (name, mobile, email, DRN, State Medical Council)
- OTP verification during login and sign-up
- Course enrolment and payment forms
- Community forum posts and comments
- Support enquiries via email or WhatsApp
Automatically
- Browser cookies and local storage (see Section 8)
- Server logs recording IP address, browser, and page visits
- Analytics tools (e.g., Google Analytics) tracking platform usage
- UTM parameters appended to URLs from marketing campaigns
- WhatsApp Business API (WATI) and email service providers for delivery and read receipts
From third parties
- National Medical Commission (NMC) or State Medical Council databases — for verifying your Doctor Registration Number
- Payment gateways — confirmation of successful transactions
Purpose & Legal Basis for Processing
Under the DPDP Act 2023, we process your personal data on the following lawful bases:
| Purpose | Legal basis |
|---|---|
| Verify your medical credentials and activate your account | Contract performance; Legitimate interest (platform integrity) |
| Deliver courses, content, and platform features | Contract performance |
| Send OTPs and transactional notifications | Contract performance; Legal obligation |
| Send educational newsletters and promotional communications | Consent (obtained at registration) |
| Process payments and issue invoices | Contract performance; Legal obligation |
| Analyse platform usage to improve features | Legitimate interest |
| Prevent fraud, impersonation, and security threats | Legitimate interest; Legal obligation |
| Comply with court orders, regulatory requirements, or law enforcement requests | Legal obligation |
| Attribute registrations to marketing campaigns (UTM tracking) | Legitimate interest |
Communications — WhatsApp & Email
By registering, you consent to receive the following types of communications:
Transactional vs. promotional
- Transactional (OTPs, payment receipts, account alerts) — cannot be opted out of; they are essential for the service.
- Promotional & educational — you may withdraw consent at any time without affecting your account access.
How to opt out
- Click the Unsubscribe link in any email.
- Reply STOP to any WhatsApp message from us.
- Email [email protected] with subject "Unsubscribe".
Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We share data only in the limited circumstances described below.
Service providers (Data Processors)
- WATI — WhatsApp Business API for OTP delivery and messaging
- MSG91 — SMS OTP fallback delivery
- Payment gateways — Razorpay or equivalent, for processing transactions
- Email service providers — for sending newsletters and transactional emails
- Cloud hosting providers — for storing platform data securely
- Analytics providers — Google Analytics and similar tools (anonymised / aggregated data)
- Zoho CRM — for managing community member records and support interactions
All service providers are bound by data processing agreements and are required to process your data solely on our instructions.
Medical verification
Your DRN and State Medical Council are shared with the NMC or the relevant State Medical Council database for the sole purpose of credential verification. No other personal data is shared.
Legal & regulatory disclosure
We may disclose your data when required by law, court order, or a competent regulatory authority, or when necessary to protect the rights, property, or safety of Finnovate, its users, or the public.
Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified via email or WhatsApp before your data is transferred and becomes subject to a different privacy policy.
Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve Financial OPD. Here is what we use and why:
| Cookie type | Purpose | Can be disabled? |
|---|---|---|
| Essential | WordPress session management, login state, OTP flow, security (CSRF tokens) | No — required for the site to function |
| Analytics | Google Analytics — page views, user journeys, traffic sources (IP is anonymised) | Yes — via browser settings or opt-out |
| Marketing / UTM | Session storage of UTM parameters captured at landing to attribute registrations to campaigns | Yes — stored in sessionStorage, cleared after registration |
| Preference | Remembering your language or display preferences | Yes |
How to manage cookies
- Most browsers allow you to block or delete cookies via Settings → Privacy & Security.
- Opt out of Google Analytics: tools.google.com/dlpage/gaoptout
- Disabling essential cookies will prevent you from logging in or using OTP-based features.
Data Retention
We retain your personal data for as long as your account is active and for a reasonable period thereafter, or as required by applicable law.
| Data category | Retention period |
|---|---|
| Account & identity data | Duration of account + 3 years after closure |
| OTP and authentication logs | 90 days |
| Payment records & invoices | 7 years (as required under Indian tax law) |
| Communication records (WhatsApp / email) | 2 years |
| Usage / analytics data | 26 months (Google Analytics default) |
| Community posts & forum content | Duration of account; may be retained in anonymised form after closure |
After the applicable retention period, data is securely deleted or anonymised. You may request early deletion by contacting our Grievance Officer (Section 15), subject to legal retention obligations.
Data Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction.
- Encryption in transit: All data transmitted between your browser and our servers uses TLS (HTTPS).
- Access controls: Only authorised Finnovate personnel with a need-to-know basis can access personal data.
- OTP-based authentication: Login is secured by time-limited one-time passwords, eliminating static password risk.
- Payment security: Card and UPI data is handled exclusively by PCI-DSS compliant payment gateways. Finnovate never sees or stores payment credentials.
- Regular audits: We periodically review our security practices and update them in line with emerging threats.
No system is 100% secure. If you suspect any unauthorised access to your account, contact us immediately at [email protected]. Finnovate will never ask you for your OTP or password.
Your Rights Under the DPDP Act 2023
As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:
Right to Access
Request a summary of the personal data we hold about you and the purposes for which it is processed.
Right to Correction
Request correction of inaccurate, incomplete, or outdated personal data in our records.
Right to Erasure
Request deletion of your personal data. Note: certain data must be retained for legal compliance and cannot be erased.
Right to Withdraw Consent
Withdraw consent for non-essential processing (e.g., promotional communications) at any time without affecting your account.
Right to Grievance Redressal
Raise a complaint with our Grievance Officer. If unresolved within 30 days, escalate to the Data Protection Board of India.
Right to Nominate
Nominate another individual to exercise your data rights in the event of death or incapacity.
How to exercise your rights
Email our Grievance Officer at [email protected] with the subject line "Data Privacy Request", stating your name, registered mobile number, and the right you wish to exercise. We will respond within 30 days.
Children's Privacy
Financial OPD is exclusively for practising medical professionals who are at least 18 years of age. We do not knowingly collect personal data from individuals under 18.
If we become aware that personal data has been collected from a person under 18 without verifiable parental consent, we will delete such data immediately. If you believe we have inadvertently collected data from a minor, please contact us at [email protected].
Cross-Border Data Transfers
Your personal data is primarily stored and processed on servers located in India. Some of our service providers (e.g., Google Analytics, cloud infrastructure) may process data outside India.
Where data is transferred outside India, we ensure that adequate safeguards are in place, including:
- Standard contractual clauses with service providers.
- Transfers only to countries or organisations that provide an equivalent level of data protection as required under the DPDP Act 2023.
By using our platform, you consent to such transfers as described in this policy.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the Effective Date at the top of this page.
- Notify you via email or WhatsApp at least 7 days before the change takes effect.
- Where required by law, seek fresh consent from you.
We encourage you to review this page periodically. Continued use of the Platform after the updated policy is posted constitutes your acceptance of the revised terms.
Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDP Act 2023, Finnovate has designated a Grievance Officer for data privacy concerns.
Grievance Officer — Finnovate Financial Services Pvt. Ltd.
Email: [email protected] (subject: "Data Privacy Request")
Phone / WhatsApp: +91 92288 53607
Website: www.financialopd.com
We will acknowledge your complaint within 48 hours and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India once constituted under the DPDP Act 2023.
