Privacy Policy

Zelnoo Technologies Pvt Ltd ("Zelnoo", "we", "us") is a diagnostics booking platform incorporated in India. We connect patients ("you", "User") to NABL-accredited diagnostic laboratories and phlebotomy service providers. Our registered office is in Mumbai, Maharashtra, India.

We collect only the data necessary to provide our service:

Identity data: Name, date of birth, gender, and government-issued ID numbers (for home collection verification only).

Contact data: Mobile number, email address, and delivery address for home collection.

Health data: Test bookings, diagnostic reports, and any health information you voluntarily add to your profile. This data is classified as Sensitive Personal Data under Indian law.

Payment data: We do not store card numbers. Payments are processed by Razorpay; we retain only transaction IDs and amounts.

Device & usage data: App version, OS, device identifiers, and anonymised usage logs for debugging and product improvement.

We use your data exclusively to: - Process and manage your diagnostic bookings - Communicate booking confirmations, reminders, and report availability - Maintain your digital report vault - Improve our platform through aggregated, anonymised analytics - Comply with Indian law and regulatory requirements

We do not use your health data for advertising. We do not sell, rent, or share your personal data with third parties except as described in Section 4.

We share your data only as necessary:

Diagnostic labs: Booking details (name, contact, test ordered) are shared with the lab you book at. Report data flows from the lab back to your vault.

Phlebotomists: For home collection bookings, collection address and contact are shared with the assigned phlebotomist.

Payment processor: Razorpay receives payment details. Their privacy policy governs that data.

Cloud infrastructure: AWS (ap-south-1, Mumbai) stores all encrypted data within India.

We do not share data with advertisers, data brokers, or any AI training datasets.

We operate on a consent-first model. This means:

- You choose which reports are stored in your vault - You can revoke access to any report at any time from within the app - Sharing a report with a doctor or family member requires a conscious action from you — it is never automatic - You can export all your data in portable format (PDF/JSON) at any time - You can request account deletion from Settings → Profile → Delete Account

We retain your data for as long as your account is active or as required by applicable Indian law. Diagnostic reports are retained for a minimum of 7 years as required under the Clinical Establishments Act.

Upon account deletion, personal data is anonymised within 30 days. Health data subject to legal retention requirements is retained in anonymised form for the required period.

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Health records are stored with field-level encryption. Access to production data by Zelnoo employees requires explicit justification, approval, and is logged.

We perform annual security audits and are working towards SOC 2 Type II certification. In the event of a data breach, we will notify affected users within 72 hours.

Zelnoo may be used to manage health records for minors under a parent or guardian's account. We do not knowingly create standalone accounts for users under 18 years of age without verified parental consent.

If we make material changes to this Privacy Policy, we will notify you via app notification and email at least 14 days before the changes take effect. Continued use of Zelnoo after the effective date constitutes acceptance.

For privacy questions, data requests, or to exercise your rights, contact our Data Protection Officer at: privacy@zelnoo.com

Postal address: Zelnoo Technologies Pvt Ltd, Mumbai, Maharashtra — 400001, India.