Skip to main content

Legal

Compliance

Last reviewed: March 2026

Zelnoo is a platform operating in India's regulated healthcare sector. Here is a transparent account of every compliance framework that applies to us, and our current status.

PDPB — Personal Data Protection Bill

Active

India's Personal Data Protection Bill framework governs how we collect, process, store, and transfer personal and sensitive personal data (which includes health data). Zelnoo operates as a Data Fiduciary — we hold your data in trust, process it only with consent, and enable data principals (you) to exercise rights of access, correction, and erasure.

  • Consent obtained at each data collection point
  • Data stored within India (AWS ap-south-1)
  • Data minimisation — we collect only what is necessary
  • Users can correct or delete personal data at any time
  • Breach notification within 72 hours

NABL — National Accreditation Board for Testing and Calibration Laboratories

Active

All diagnostic partner laboratories on the Zelnoo platform are required to hold current NABL accreditation. NABL ensures labs meet ISO 15189 medical laboratory quality standards, covering technical competence, equipment calibration, quality management, and result accuracy. We verify accreditation status before onboarding and annually thereafter.

  • All partner labs hold current NABL accreditation
  • Annual re-verification of accreditation status
  • Labs are suspended immediately if accreditation lapses
  • ISO 15189 standard compliance required

Clinical Establishments (Registration and Regulation) Act, 2010

Active

Partner diagnostic centres on our platform are registered under the Clinical Establishments Act in applicable states. We require valid registration certificates as part of our partner onboarding process.

  • Partner registration certificates verified at onboarding
  • Diagnostic reports retained for minimum 7 years as required
  • Complaint resolution timeline aligned with Act provisions

SOC 2 Type II

In progress

We are currently preparing for SOC 2 Type II audit, covering the Security, Availability, and Confidentiality trust service criteria. We expect to complete this certification by Q4 2026. Our current security controls already align with SOC 2 requirements — the audit formalises and certifies this.

  • Scope: Security, Availability, Confidentiality TSCs
  • Expected completion: Q4 2026
  • Current controls audited internally against SOC 2 criteria

ISO 27001 — Information Security Management

Planned Q4 2026

ISO 27001 certification formalises our Information Security Management System (ISMS). We plan to pursue this certification alongside SOC 2, targeting Q4 2026.

  • ISMS scope: all systems processing patient health data
  • Risk assessment framework in place
  • Target: Q4 2026

Compliance or audit enquiries: compliance@zelnoo.com