Effective Date: 01 July 2025

Introduction

Steth is a professional networking platform for doctors and medical students. It collects and processes personal data to enable professional networking, content sharing, and credential verification. This DPIA evaluates the risks related to personal data processing and ensures alignment with applicable data protection laws, particularly the Digital Personal Data Protection (DPDP) Act, 2023.

1. Description of Processing Activities

Types of Data Collected

• Personal Information: Name, email address, phone number, medical license and registration details, educational details, and specialization.
• User-Generated Content (UGC): Posts, comments, optional profile photos.
• Authentication Data: Firebase credentials (user IDs, tokens).
• Communication Data: Messages and interaction logs.

Purpose of Processing

• To provide networking and communication tools for medical professionals and students.
• To verify identity and professional credentials.
• To allow for sharing and interaction through user-generated content.

Legal Basis: Consent

• Explicit user consent is obtained at account registration via a clear and accessible Privacy Notice, in line with Section 6 of the DPDP Act.
• Consent is:
  • Free: Not conditional on unrelated features.
  • Informed: Notice explains purpose, data use, and rights.
  • Unconditional & Revocable: Users can withdraw consent via account settings or email.

Notice Mechanism (Section 5)

Users receive a Privacy Notice before providing any personal data, containing: