Privacy Policy

• App name: Zoom Doctor
• Operated by: Strio Healthcare
• Registered address: 212 Sahajanand Estate, Behind Lalji-Mulji Transport, Sarkhej, Ahmedabad, Gujarat - 382210
• Email for privacy inquiries: zoomdoctor1@gmail.com
• DPO / Privacy contact: shibambiswas@strio.in

This policy applies to personal data collected when you:

• Use the Zoom Doctor mobile app (including features to search doctors/clinics, view profiles, book appointments, and message providers)
• Use our website pages that link to this policy
• Communicate with us (email, chat, support)
• Interact with third-party plugins or integrations we provide inside the App

• We collect identity, contact, device, health-related and appointment information so you can discover doctors, view clinic details, and book appointments
• We access and use User Data to provide, personalise and improve the user experience. To achieve this, we may share data with trusted third-party service providers and partners (for example: appointment booking processors, analytics providers, cloud hosts, payment processors, messaging providers). Any such sharing is limited to what is necessary and is governed by contractual, technical, and organizational safeguards. (See Section 8: Sharing & third parties below.)

We collect information you provide directly and information collected automatically or obtained from third parties. We use the following categories:

• Directly from you: when you register, fill forms, submit a booking, message, upload profile info, or contact support
• Automatically: when you use the App (logs, cookies, SDKs)
• From third parties: doctor registries, clinic partners, analytics providers, advertising networks, identity verification providers

We describe the legal bases for processing personal data depending on applicable law. If your jurisdiction requires a specific legal basis, that law will govern.

• Performance of a contract / provision of services: we process the data necessary to provide the App's core functionality (searching doctors, displaying profiles, booking appointments, processing payments)
• Consent: where required (for example, for processing sensitive health data, precise location, marketing communications), we rely on your explicit consent. You may withdraw consent at any time (see Your rights, Section 12)
• Legitimate interests: for analytics, fraud detection, improving the App and services, and for security — balanced against your privacy rights. We ensure legitimate interest processing is reasonable and not overridden by your rights
• Compliance with legal obligations: when required to comply with court orders, law enforcement requests, or applicable regulations

We use personal data for these core purposes:

1. Provide and operate the Service: enabling search, profile display, appointment booking, messaging and payment facilitation
2. User account management: registration, authentication, profile updates, account recovery
3. Personalisation: tailoring search results, recommended clinics/doctors, location-based suggestions
4. Customer support: responding to requests, troubleshooting and dispute resolution
5. Communications & notifications: appointment reminders, service updates, transactional emails, and (with consent) marketing/promotional messages
6. Analytics & product improvement: analyzing usage to detect bugs, improve features and user experience
7. Fraud prevention & security: verifying identities, detecting abuse, and protecting the platform
8. Legal & compliance: complying with applicable laws, regulatory investigations, and responding to legal process
9. Business operations & third-party services: to partners who provide hosting, analytics, payment processing, messaging, or other infrastructure needs

When we process your data to improve engagement or refine services, we may use aggregated, de-identified, or pseudonymised data; where re-identification is possible or required, protections described in this Policy apply.

We do not sell your personal information. We may share personal data with the following categories of recipients:

• Service providers / processors: cloud hosting providers, data storage, analytics and reporting providers, payment processors, SMS/email/messaging providers, booking partners, identity verification services. These third parties process data on our behalf under contract, and only for the purposes we specify
• Healthcare providers & clinics: when you book an appointment, you authorize us to share necessary booking/appointment information with the selected doctor or clinic
• Legal & regulatory authorities: to respond to lawful requests, subpoenas, court orders, or to comply with applicable law
• Business partners: with your consent, we may share limited profile or contact information with partners for special offers, telemedicine integrations, or insurance acceptance checks
• Affiliates & corporate transactions: if Zoom Doctor is involved in a merger, acquisition, asset sale or insolvency, personal data may be transferred as part of that process subject to confidentiality protections
• Aggregated & de-identified data: we may share anonymized datasets for research, analytics, or product development. Such data cannot reasonably identify you

We may share data with third parties to improve engagement and services. For example, to provide personalised notifications, targeted offers (with your consent), appointment reminders, and better search/recommendation quality we may share usage signals and limited profile data with analytics and engagement vendors. All such transfers are minimised, subject to contractual restrictions, and protected by technical controls. (See Section 10: International transfers & safeguards.)

We use cookies, local storage and SDKs for necessary functions (login, security), analytics (to improve the App), and (with consent) marketing. Third-party SDKs (analytics, crash reporting, advertising) may collect device identifiers and usage information. You can control certain cookie and tracking preferences through OS settings and the App's privacy settings.

Because we operate globally and use third-party cloud and service providers, personal data may be transferred to, stored, and processed in countries outside your jurisdiction. When we transfer data internationally, we use appropriate legal mechanisms and technical safeguards (e.g., standard contractual clauses, encryption, data processing agreements) to protect your information in accordance with applicable law.

We implement industry-standard technical and organisational measures to protect personal data, including: access controls, encryption in transit (TLS) and at rest where feasible, regular security testing, internal audit practices, least-privilege access for employees, and contractual security obligations for processors.

We retain personal data as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and purpose; typical examples:

• Account data: retained while account active + [X] years after deactivation for fraud prevention and record keeping
• Booking & transaction data: retained for tax and accounting obligations per local law (commonly 3–7 years)
• Support logs and communications: retained as necessary for support and quality improvements

You may request deletion of your account and personal data via the App or by contacting zoomdoctor1@gmail.com. Certain data may be retained in anonymized or aggregated form. For request handling, we will verify your identity before fulfilment.

Our Services are not directed to children under 18. We do not knowingly collect personal information from children under 18 without parental or guardian consent. If you believe we have collected data from a child under 18 without appropriate consent, please contact us and we will take steps to delete it.

Subject to applicable law, you may have the following rights:

• Access: request a copy of the personal data we hold about you
• Correction: request corrections to inaccurate or incomplete data
• Deletion: request deletion of your personal data where lawful to do so
• Restriction / Objection: object to or request restriction of certain processing (e.g., direct marketing)
• Data portability: request a machine-readable copy of data you provided to us
• Withdraw consent: where processing is based on consent, withdraw consent going forward

To exercise rights, use the in-app settings or contact zoomdoctor1@gmail.com. We will verify your identity before acting on requests and respond within the timeframes required by applicable law.

We will only send marketing communications with your consent (where required). You may opt out of promotional messages by following the unsubscribe link in emails, using in-app settings, or contacting zoomdoctor1@gmail.com. Transactional messages (appointment confirmations, booking reminders) are not optional communications required to run the Service.

If you are a doctor or clinic creating a profile, you represent and warrant you have the right to publish the information submitted and that it complies with local rules. We may verify public credentials using third-party registries. Doctor and clinic profile information intended to be publicly discoverable will appear in search results unless removed in accordance with our profile management features.

The App may include links, widgets, or embedded content from third parties. Their privacy practices are not controlled by us. Please review the privacy policies of third parties before interacting with their services.

Where third parties process data on our behalf, we use written data processing agreements that require processors to implement security measures, restrict further processing, and assist us in responding to data subject requests and breaches. For transfers outside certain jurisdictions, we will use adequate safeguards such as contractual clauses.

We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will post the revised policy in the App and on our website with an updated "Last updated" date. Where required, we will notify users of material changes and (where legally required) obtain consent.

We will publish this Privacy Policy in our Google Play Store listing and within the App, and we will keep the Google Play Data Safety form accurate and up to date, disclosing the data we collect and how it's used, consistent with Google Play's developer policies and Data Safety requirements.

• India: The Digital Personal Data Protection Act, 2023 applies to digital personal data processing in India and imposes obligations on data fiduciaries and rights for data principals. Where the Act applies, we will comply with its requirements
• EU / EEA: If you are located in the EU/EEA, you may have rights under the GDPR including access, rectification, erasure, restriction, portability and the right to object. We act as controller of your data for these purposes
• California: California residents have specific rights under the CCPA/CPRA, including the right to request categories of information collected, deletion, and to opt-out of sale/sharing. We comply with applicable California requirements where they apply

If you are located outside India, the EU or California, similar privacy protections may apply under local law.

We cooperate with lawful requests from regulators and enforcement agencies, and we may disclose information to comply with local legal obligations. We also conduct regular internal and third-party audits and security assessments to ensure compliance with this Policy and applicable law.

This Privacy Policy is intended to describe our current practices. It does not create contractual or other legal rights in favour of any person. The policy may be updated periodically; when material changes occur we will notify users as required by law.