Compliance

India's Digital Personal Data Protection Act, 2023 is the primary law governing how digital businesses collect, process, store, and transfer personal data. Zelnoo operates as a Data Fiduciary — we hold your data in trust, process it only with consent, and enable data principals (you) to exercise rights of access, correction, and erasure.

• Granular consent captured at each data collection point
• Data stored within India (AWS ap-south-1)
• Data minimisation — we collect only what is necessary
• Users can correct or delete personal data at any time
• Breach reporting to the Data Protection Board as required

Zelnoo is an "intermediary" under the Information Technology Act, 2000 — a technology platform that connects users with independent third-party service providers. We comply with the Intermediary Guidelines, 2021 covering due diligence, grievance redressal, takedown obligations, and published terms of use.

• Grievance Officer appointed and contactable on the platform
• Published terms of use and privacy policy
• Takedown response within statutory timelines
• Due diligence on third-party content and listings

As a marketplace e-commerce entity, Zelnoo follows the Consumer Protection (E-Commerce) Rules, 2020. We disclose the identity of the diagnostic partner fulfilling each order, publish transparent pricing, and provide a clear refund, cancellation, and grievance redressal mechanism.

• Partner lab clearly identified at the point of purchase
• Transparent, all-inclusive pricing — no hidden fees
• Published refund and cancellation policy
• Consumer grievance channel with defined response SLAs
• No manipulated ratings or fake reviews

We are preparing for a SOC 2 Type II audit covering the Security, Availability, and Confidentiality trust service criteria. This is a voluntary, internationally recognised attestation of our internal controls. Our current security controls already align with SOC 2 — the audit formalises and certifies them.

• Scope: Security, Availability, Confidentiality TSCs
• Expected completion: Q4 2026
• Current controls audited internally against SOC 2 criteria

ISO 27001 certification formalises our Information Security Management System (ISMS). It is a voluntary standard we are pursuing alongside SOC 2 to give partners and enterprise customers an independent assurance of how we operate.

• ISMS scope: all production systems and data stores
• Risk assessment framework in place
• Target: Q4 2026