Privacy Policy

1. Introduction

This Privacy Policy explains how Zelp (“we”, “us”, or “our”) collects, uses, shares, and protects information about users (“you”) when you use our website, mobile applications, and related services (collectively, the “Platform”).

By using the Platform, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Platform.

If required by law, we will obtain your explicit consent for processing sensitive personal data, including health‑related information.

2. Information We Collect

We may collect the following categories of information:

2.1 Information You Provide

• Account details: Name, mobile number, email address, password, age, gender, and other profile information.
• Booking details: Tests or services you book (e.g., MRI, CT, X‑ray, lab tests), preferred dates and time slots, Provider selected, location for home collection if applicable.
• Health‑related information: Limited clinical details necessary for the test (such as doctor’s prescription, suspected condition, prior diagnostic history, allergies, pregnancy status if relevant, etc.), to the extent required by Providers or law.
• Payment information: Payment method, transaction details, and billing information (actual card or UPI details may be handled by a secure payment gateway and not stored by us, depending on integration).
• Communications and support: Messages, emails, calls, or other communications with us or through the Platform (including chat with Providers if available), feedback, reviews, and survey responses.

2.2 Information Collected Automatically

When you use the Platform, we may automatically collect:

• Device and usage information: IP address, device identifiers, operating system, browser type, app version, pages viewed, actions taken, date and time of visits, crash logs, and performance data.
• Location information: Approximate or precise location based on GPS, Wi‑Fi, or network, when you allow location access, to show nearby hospitals/diagnostic centers and improve search results.
• Cookies and similar technologies: We may use cookies, pixels, and similar technologies to recognize you, remember preferences, and track Platform usage.

2.3 Information from Third Parties

We may receive information about you from:

• Providers: Information about tests you underwent, appointments, reports, or services, limited to what is required to provide the Platform services.
• Payment processors: Payment confirmation, status, and identifiers.
• Partners or affiliates: If you access Zelp via a partner integration or campaign.

3. How We Use Your Information

We use your information for the following purposes:

• To operate and provide the Platform: Enable account creation, login, test discovery, price comparison, slot viewing, and booking flow.
• To process bookings and payments: Confirm appointments, send booking details to Providers, process payments and refunds, and send confirmations or receipts.
• To communicate with you: Send notifications about bookings, reminders, test preparation instructions (if provided by Providers), reports availability, account updates, and security alerts.
• To provide ambulance and emergency‑related coordination (if available): Share essential information with ambulance Providers to enable faster response.
• To personalize and improve the Platform: Show relevant Providers, offers, or information based on your location, usage patterns, and preferences; perform analytics, A/B testing, and research to improve features and performance.
• To ensure safety, security, and legal compliance: Detect and prevent fraud, misuse, or security incidents; comply with legal obligations and regulatory requirements; enforce our Terms.
• For marketing and promotions (where permitted): Inform you about offers, discounts, new features, or health check packages, subject to your communication preferences and applicable law.

We will not use your sensitive health data for purposes incompatible with the purposes described above without obtaining additional consent where required.

4. Legal Bases for Processing (where applicable)

Depending on your jurisdiction (for example, under GDPR in the EU/EEA), our legal bases for processing your personal data may include:

• Performance of a contract: To provide you with the services you request (e.g., booking diagnostics).
• Legitimate interests: To improve our services, prevent fraud, and ensure security, provided these interests are not overridden by your rights.
• Consent: For certain uses of location data, cookies, marketing communications, and processing of sensitive health information, where required by law.
• Legal obligations: To comply with applicable laws and regulatory requirements.

5. How We Share Your Information

We may share your information with:

5.1 Healthcare Providers

We share relevant information with Providers to complete your booking and enable them to provide services, such as:

• Your name, contact details, and booking details.
• Relevant health information and prescriptions required for the test or service.
• Any instructions or notes you provide for the appointment.

Providers are independent entities and may have their own privacy policies and legal obligations.

5.2 Ambulance and Emergency Partners

If you request ambulance or emergency coordination through Zelp (where offered), we may share essential details (name, contact number, pickup location, reason for request) with ambulance operators or emergency partners to facilitate response.

5.3 Service Providers and Vendors

We may engage third‑party companies to support our operations, including:

• Cloud hosting and data storage.
• Payment processing.
• SMS, email, and push notification services.
• Analytics, crash reporting, and security services.
• Customer support and communication tools.

These service providers are allowed to process your data only to perform services on our behalf and are bound by contractual obligations to protect your data.

5.4 Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to applicable laws and continued protection of your privacy.

5.5 Legal and Compliance

We may disclose your information:

• If required by law, regulation, legal process, or governmental request.
• To enforce our Terms of Service, protect our rights, privacy, safety, or property, and that of users, Providers, or the public.
• To investigate and prevent fraud, abuse, or security incidents.

We do not sell your personal data in the traditional sense. If in any jurisdiction “sale” includes certain sharing for advertising, we will comply with applicable opt‑out requirements.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the services you have requested.
• Comply with legal, accounting, or reporting obligations (for example, medical record retention rules that may apply to Providers).
• Resolve disputes and enforce our agreements.

We may retain de‑identified or aggregated data (which no longer identifies you) for analytics, research, and business purposes.

When your personal data is no longer required, we will delete or securely anonymize it, subject to backups and applicable laws.

7. Data Security

We use appropriate technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration, such as:

• Encryption in transit (e.g., HTTPS/SSL).
• Access controls and authentication.
• Limited access to personal data on a need‑to‑know basis.
• Monitoring and logging of critical systems.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials safe.

8. Your Rights and Choices

Depending on your jurisdiction, you may have some or all of the following rights, subject to legal limitations:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to deletion: Request deletion of your personal data, subject to legal and legitimate business requirements.
• Right to restriction: Restrict certain processing in specific circumstances.
• Right to data portability: Receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
• Right to withdraw consent: Withdraw consent for processing based on consent (such as certain marketing or health data uses).
• Right to object: Object to certain processing, including direct marketing.

You may exercise these rights by contacting us using the details in the “Contact Us” section. We may need to verify your identity before fulfilling your request.

You can also:

• Manage notifications (email/SMS/push) via app settings or unsubscribe links.
• Enable or disable location access via your device settings.
• Manage cookies through your browser settings (where applicable).

9. Children’s Privacy

Zelp is not intended for use by children under the age at which they can lawfully consent to data processing in their jurisdiction without parental consent.

If you are a parent/guardian and believe that your child has provided personal information to us without your consent, please contact us so we can take appropriate action, including deletion where required.

Bookings for minors may be made by parents or legal guardians, and any data processed for such bookings will be handled in accordance with this Policy and applicable law.

10. International Data Transfers

If we transfer your data outside your country (for example, to cloud providers in another jurisdiction), we will ensure that appropriate safeguards are in place, such as:

• Contractual protections (e.g., standard contractual clauses).
• Transfers to jurisdictions deemed to provide adequate protection.

Specific legal mechanisms will depend on your location and applicable regulations.

11. Third‑Party Websites and Apps

The Platform may link to websites, apps, or services that are not operated by Zelp.

We are not responsible for the privacy practices or content of third‑party sites. We encourage you to review the privacy policies of any third‑party services you use.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes, we will update the “Last Updated” date and, where required by law, notify you via the Platform, email, or other appropriate means. Your continued use of the Platform after the updated Policy becomes effective constitutes your acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

• Email: urvaksh@tryzelp.app
• Address: Indore, Madhya Pradesh