Information Security Policy
Last updated: July 11, 2026
This Information Security Policy explains ZairoHealth’s approach to protecting information, systems, user accounts, documents, communications, and platform data across the ZairoHealth website, mobile applications, and related services.
This policy should be read with our Privacy Policy, Terms & Conditions, Consent Policy, Data Retention Policy, and other applicable platform policies.
1. Purpose
ZairoHealth is committed to protecting user data, healthcare professional information, hospital partner data, verification documents, transaction records, and platform systems from unauthorized access, misuse, loss, alteration, or disclosure.
2. Scope
This policy applies to:
- ZairoHealth website and mobile apps
- User accounts and profile data
- Doctor verification and KYC documents
- Hospital partner records
- Job, shift, event, service, and order data
- Support and communication records
- Internal systems, tools, vendors, and service providers
- Employees, contractors, partners, and authorized personnel handling ZairoHealth data
3. Security Principles
ZairoHealth aims to follow these security principles:
- Collect only information needed for platform purposes
- Limit access to authorized personnel
- Use reasonable technical and organizational safeguards
- Protect sensitive documents and identity data
- Monitor for misuse, fraud, and unauthorized activity
- Maintain confidentiality, integrity, and availability of systems
- Review and improve security practices over time
4. Access Control
ZairoHealth may use access control measures such as:
- User authentication
- Password protection
- Role-based access
- Limited internal access to sensitive data
- Administrative access restrictions
- Account suspension for suspicious activity
- Review of privileged access where appropriate
Users are responsible for keeping their login credentials confidential.
5. Data Protection
ZairoHealth uses reasonable safeguards to protect stored and transmitted data.
These safeguards may include:
- Secure transmission where supported
- Encrypted storage where appropriate
- Access restrictions for sensitive records
- Backup and recovery procedures
- Secure document handling
- Logging and monitoring of important system activity
- Data minimization and retention controls
6. Verification Document Security
Doctor verification, KYC, hospital partner, and professional documents may contain sensitive information.
ZairoHealth restricts access to such documents to authorized personnel, verification partners, service providers, or legal/regulatory purposes where necessary.
Users should upload only documents required for verification or service delivery.
7. Application and Platform Security
ZairoHealth aims to maintain platform security through practices such as:
- Secure development practices
- Regular review of app and website functionality
- Bug fixing and security updates
- Protection against common misuse, fraud, spam, and abuse
- Monitoring for suspicious account or platform activity
- Use of trusted infrastructure and service providers
8. Payment Security
Payments may be processed through third-party payment gateways or financial service providers.
ZairoHealth does not intend to store complete card, banking, UPI, or payment credentials unless permitted and handled securely by authorized payment partners.
Users should not share payment credentials, OTPs, passwords, or banking details with anyone claiming to represent ZairoHealth.
9. Vendor and Third-Party Security
ZairoHealth may work with cloud providers, analytics tools, communication providers, payment gateways, verification partners, support tools, and other service providers.
Where appropriate, ZairoHealth expects vendors and partners to use reasonable security and confidentiality measures for data processed on behalf of ZairoHealth.
10. Employee and Internal Security
Personnel with access to ZairoHealth systems or data are expected to:
- Use data only for authorized purposes
- Maintain confidentiality
- Follow access and security procedures
- Avoid unauthorized sharing or downloading of data
- Report suspected incidents or policy violations
- Protect credentials and devices used for platform operations
11. User Responsibilities
Users must help keep their accounts and data secure by:
- Using strong passwords
- Keeping login credentials confidential
- Not sharing OTPs or account access
- Logging out from shared devices
- Keeping devices and apps updated
- Avoiding suspicious links or phishing messages
- Reporting unauthorized access immediately
- Uploading only accurate and necessary documents
12. Incident Management
If ZairoHealth becomes aware of a security incident, we may take steps such as:
- Investigating the issue
- Restricting affected access
- Securing impacted systems
- Notifying affected users where appropriate
- Notifying authorities where legally required
- Taking corrective action to reduce future risk
13. Data Backup and Recovery
ZairoHealth may maintain backups and recovery procedures to support platform continuity, disaster recovery, and data restoration.
Backup data may be retained for a limited period and protected through access restrictions and security controls.
14. Security Limitations
While ZairoHealth uses reasonable safeguards, no digital platform, app, website, server, or communication system can be guaranteed to be completely secure.
Users should avoid uploading unnecessary sensitive information and should promptly report suspicious activity.
15. Reporting Security Issues
If you believe your account has been compromised or you discover a security issue, contact us immediately:
ZairoHealth Security Team
Email: support@zairohealth.com
Website: https://zairohealth.com
Please include relevant details such as screenshots, device information, account email or phone number, date and time, and a short description of the issue.
16. Policy Updates
ZairoHealth may update this Information Security Policy from time to time. Updated versions will be posted on the website or app with a revised “Last updated” date.
Continued use of ZairoHealth after changes means you accept the updated policy.