Legal · DPDPA 2023

Privacy Policy

Last updated: May 2026 · Applies to all Avya Derm users in India

We wrote this in plain language. If something is unclear, email us at privacy@avyaderm.com and we will explain it.

1. Who we are

Avya Derm is a talent introduction platform for skin and hair professionals in India, built and operated by GamaQ (contact: privacy@avyaderm.com). We connect dermatology professionals with clinics — we are not a recruiter, staffing agency, or employer.

2. What we collect and why

We collect only what is needed to match you with the right clinic and send your profile on your behalf.

Data	Why we collect it
Full name, mobile number, email address	Account creation and OTP authentication
Profession, experience, city, salary expectation, work history answers	Building your professional profile for clinic matching
Language preference	Showing the app in your language
Application history	Tracking which clinics you have applied to

3. Who sees your data

Your profile (name, profession, experience, city, salary, phone, email) is shared only with clinics you explicitly apply to — when you tap "Apply Now" and confirm the preview. No clinic receives your information before that moment.

We do not sell, rent, or share your data with any third party for marketing purposes.

4. How long we keep it

Your account data is kept for as long as your account is active, plus two years after your last login.

Rate-limit records (used to prevent abuse) are automatically deleted after 24 hours.

You can request deletion at any time — see Section 6.

5. Cookies and tracking

Avya Derm does not use advertising cookies or cross-site tracking. We use only the cookies necessary to keep you logged in (Supabase session token, stored in an HttpOnly cookie).

We do not run Google Analytics, Facebook Pixel, or any third-party advertising scripts.

6. Your rights under DPDPA 2023

Under India's Digital Personal Data Protection Act 2023, you have the right to:

Access — ask us what personal data we hold about you
Correct — ask us to fix inaccurate information
Erase — ask us to delete your account and all associated data
Withdraw consent — stop us from processing your data at any time
Nominate — nominate someone to exercise these rights on your behalf

To exercise any right, email privacy@avyaderm.com with the subject line matching your request (e.g. "Data Deletion Request"). We will respond within 72 hours and complete the action within 15 days.

7. Data security

All data is stored in Supabase (hosted on AWS ap-south-1 — Mumbai). Row-level security ensures each candidate can only access their own data. All traffic is encrypted in transit (TLS 1.2+). OTP codes are short-lived (10 minutes) and one-time use.

8. Changes to this policy

If we make material changes to how we use your data, we will notify you by email at least 7 days before the change takes effect. The updated policy will always be available at avyaderm.com/privacy.

9. Contact

Data Controller: Avya Derm (operated by GamaQ)

Email: privacy@avyaderm.com

For grievances under DPDPA 2023, you may also contact our Grievance Officer at the same address.