Legal
Privacy Policy
Last updated: 1 July 2026
1. Who we are
Zelnoo Pvt Ltd ("Zelnoo", "we", "us") is a diagnostics booking platform incorporated in India. We connect patients ("you", "User") to NABL-accredited diagnostic laboratories and phlebotomy service providers. Our registered office is in Thane, Maharashtra — 400601, India.
This policy also covers the Zelnoo Phlebo app used by our phlebotomy partners ("phlebotomists") to receive and complete home sample-collection jobs.
2. What data we collect
We collect only the data necessary to provide our service:
Identity data: Name, date of birth, gender, and government-issued ID numbers (for home collection verification only).
Contact data: Mobile number, email address, and delivery address for home collection.
Health data: Test bookings, diagnostic reports, and any health information you voluntarily add to your profile. This data is classified as Sensitive Personal Data under Indian law.
Payment data: We do not store card numbers. Payments are processed by Axis Bank; we retain only transaction IDs and amounts.
Device & usage data: App version, OS, device identifiers, and anonymised usage logs for debugging and product improvement.
Location data: With your permission, we collect precise (GPS) and approximate location. In the Zelnoo Phlebo app, a phlebotomist's location is collected while the app is in use and in the background during an active collection job to enable live tracking, navigation, and safety. In the patient app, approximate location may be used to show nearby labs. Location is collected only after you grant the relevant Android/iOS permission, and you can revoke it at any time in your device settings. See Section 5 for full details.
3. How we use your data
We use your data exclusively to: - Process and manage your diagnostic bookings - Communicate booking confirmations, reminders, and report availability - Maintain your digital report vault - Enable home sample collection — including live location tracking, navigation, and sharing a phlebotomist's real-time location with the patient and our operations team during an active job - Show nearby labs and estimate collection times - Improve our platform through aggregated, anonymised analytics - Comply with Indian law and regulatory requirements
We do not use your health data for advertising. We do not sell, rent, or share your personal data with third parties except as described in Section 4.
4. Who we share data with
We share your data only as necessary:
Diagnostic labs: Booking details (name, contact, test ordered) are shared with the lab you book at. Report data flows from the lab back to your vault.
Phlebotomists: For home collection bookings, collection address and contact are shared with the assigned phlebotomist.
Live location: During an active home collection, the assigned phlebotomist's real-time location is shared with the patient (so they can see the phlebotomist en route and arriving) and with Zelnoo's operations team for coordination and safety.
Payment processor: Axis Bank receives payment details. Their privacy policy governs that data.
Cloud infrastructure: AWS (ap-south-1, Mumbai) stores all encrypted data within India.
We do not share data with advertisers, data brokers, or any AI training datasets.
5. Location data
Some Zelnoo features need access to device location. We only collect it after you grant the relevant permission, and you can revoke it any time in your device settings.
Zelnoo Phlebo app (phlebotomists): When a phlebotomist accepts a home sample-collection job, the app collects precise (GPS) location — while the app is open (foreground) and in the background during that active job — in order to: - share the phlebotomist's real-time location with the patient so they can see them en route, their ETA, and arrival; - let our operations team coordinate the collection and support phlebotomist safety; - support navigation to the pickup address.
Background location is collected only while a job is active (for example when the phone is locked or a maps app is in the foreground during travel). It stops automatically when the job is completed or cancelled, and is not collected when the phlebotomist is offline or has no active job. A persistent notification is shown whenever location tracking is running.
Patient app: With your permission, approximate location may be used to show nearby labs and estimate collection times.
We do not use location data for advertising and we do not sell it. Location data is transmitted over TLS and stored encrypted within India (see Section 8).
6. Consent and your controls
We operate on a consent-first model. This means:
- Sharing a report with a doctor or family member requires a conscious action from you — it is never automatic - You can export all your data in portable PDF format at any time - You can request account deletion from Settings → Profile → Delete Account
7. Data retention
We retain your data for as long as your account is active or as required by applicable Indian law. Diagnostic reports are retained for a minimum of 7 years as required under the Clinical Establishments Act.
Upon account deletion, personal data is anonymised within 30 days. Health data subject to legal retention requirements is retained in anonymised form for the required period.
8. Security
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Health records are stored with field-level encryption. Access to production data by Zelnoo employees requires explicit justification, approval, and is logged.
We perform annual security audits and are working towards SOC 2 Type II certification. In the event of a data breach, we will notify affected users within 72 hours.
9. Children
Zelnoo may be used to manage health records for minors under a parent or guardian's account. We do not knowingly create standalone accounts for users under 18 years of age without verified parental consent.
10. Changes to this policy
If we make material changes to this Privacy Policy, we will notify you via app notification and email at least 14 days before the changes take effect. Continued use of Zelnoo after the effective date constitutes acceptance.
11. Contact
For privacy questions, data requests, or to exercise your rights, contact our Data Protection Officer at: privacy@zelnoo.com
Postal address: Zelnoo Pvt Ltd, Thane, Maharashtra — 400601, India.
