Information Security Policy

Last updated: July 11, 2026

This Information Security Policy explains ZairoHealth’s approach to protecting information, systems, user accounts, documents, communications, and platform data across the ZairoHealth website, mobile applications, and related services.

This policy should be read with our Privacy Policy, Terms & Conditions, Consent Policy, Data Retention Policy, and other applicable platform policies.

1. Purpose

ZairoHealth is committed to protecting user data, healthcare professional information, hospital partner data, verification documents, transaction records, and platform systems from unauthorized access, misuse, loss, alteration, or disclosure.

2. Scope

This policy applies to:

  • ZairoHealth website and mobile apps
  • User accounts and profile data
  • Doctor verification and KYC documents
  • Hospital partner records
  • Job, shift, event, service, and order data
  • Support and communication records
  • Internal systems, tools, vendors, and service providers
  • Employees, contractors, partners, and authorized personnel handling ZairoHealth data

3. Security Principles

ZairoHealth aims to follow these security principles:

  • Collect only information needed for platform purposes
  • Limit access to authorized personnel
  • Use reasonable technical and organizational safeguards
  • Protect sensitive documents and identity data
  • Monitor for misuse, fraud, and unauthorized activity
  • Maintain confidentiality, integrity, and availability of systems
  • Review and improve security practices over time

4. Access Control

ZairoHealth may use access control measures such as:

  • User authentication
  • Password protection
  • Role-based access
  • Limited internal access to sensitive data
  • Administrative access restrictions
  • Account suspension for suspicious activity
  • Review of privileged access where appropriate

Users are responsible for keeping their login credentials confidential.

5. Data Protection

ZairoHealth uses reasonable safeguards to protect stored and transmitted data.

These safeguards may include:

  • Secure transmission where supported
  • Encrypted storage where appropriate
  • Access restrictions for sensitive records
  • Backup and recovery procedures
  • Secure document handling
  • Logging and monitoring of important system activity
  • Data minimization and retention controls

6. Verification Document Security

Doctor verification, KYC, hospital partner, and professional documents may contain sensitive information.

ZairoHealth restricts access to such documents to authorized personnel, verification partners, service providers, or legal/regulatory purposes where necessary.

Users should upload only documents required for verification or service delivery.

7. Application and Platform Security

ZairoHealth aims to maintain platform security through practices such as:

  • Secure development practices
  • Regular review of app and website functionality
  • Bug fixing and security updates
  • Protection against common misuse, fraud, spam, and abuse
  • Monitoring for suspicious account or platform activity
  • Use of trusted infrastructure and service providers

8. Payment Security

Payments may be processed through third-party payment gateways or financial service providers.

ZairoHealth does not intend to store complete card, banking, UPI, or payment credentials unless permitted and handled securely by authorized payment partners.

Users should not share payment credentials, OTPs, passwords, or banking details with anyone claiming to represent ZairoHealth.

9. Vendor and Third-Party Security

ZairoHealth may work with cloud providers, analytics tools, communication providers, payment gateways, verification partners, support tools, and other service providers.

Where appropriate, ZairoHealth expects vendors and partners to use reasonable security and confidentiality measures for data processed on behalf of ZairoHealth.

10. Employee and Internal Security

Personnel with access to ZairoHealth systems or data are expected to:

  • Use data only for authorized purposes
  • Maintain confidentiality
  • Follow access and security procedures
  • Avoid unauthorized sharing or downloading of data
  • Report suspected incidents or policy violations
  • Protect credentials and devices used for platform operations

11. User Responsibilities

Users must help keep their accounts and data secure by:

  • Using strong passwords
  • Keeping login credentials confidential
  • Not sharing OTPs or account access
  • Logging out from shared devices
  • Keeping devices and apps updated
  • Avoiding suspicious links or phishing messages
  • Reporting unauthorized access immediately
  • Uploading only accurate and necessary documents

12. Incident Management

If ZairoHealth becomes aware of a security incident, we may take steps such as:

  • Investigating the issue
  • Restricting affected access
  • Securing impacted systems
  • Notifying affected users where appropriate
  • Notifying authorities where legally required
  • Taking corrective action to reduce future risk

13. Data Backup and Recovery

ZairoHealth may maintain backups and recovery procedures to support platform continuity, disaster recovery, and data restoration.

Backup data may be retained for a limited period and protected through access restrictions and security controls.

14. Security Limitations

While ZairoHealth uses reasonable safeguards, no digital platform, app, website, server, or communication system can be guaranteed to be completely secure.

Users should avoid uploading unnecessary sensitive information and should promptly report suspicious activity.

15. Reporting Security Issues

If you believe your account has been compromised or you discover a security issue, contact us immediately:

ZairoHealth Security Team
Email: support@zairohealth.com
Website: https://zairohealth.com

Please include relevant details such as screenshots, device information, account email or phone number, date and time, and a short description of the issue.

16. Policy Updates

ZairoHealth may update this Information Security Policy from time to time. Updated versions will be posted on the website or app with a revised “Last updated” date.

Continued use of ZairoHealth after changes means you accept the updated policy.