Privacy Policy

Effective May 27, 2026 · STRATOSIA DIGITAL PRIVATE LIMITED

STRATOSIA DIGITAL PRIVATE LIMITED (“Company”, “we”, “us”) operates Zennor, a cloud-based operating system for aesthetic clinics, dermatology clinics, and med spas in India. This Privacy Policy explains how we collect, use, and protect information when clinics and their patients use Zennor. It is compliant with the IT Act 2000, IT (SPDI) Rules 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA 2023).

1. Who This Policy Applies To

This policy covers:

  • Clinic Administrators & Staff — registered business users on the Zennor admin dashboard.
  • Patients / End-Users — individuals interacting with clinics via Zennor (loyalty, memberships, bookings, QR redemption).

Important: Zennor acts as a data processor for clinic operational and patient data. Each clinic (the data controller) is independently responsible for obtaining valid patient consent before entering any patient data into Zennor.

2. Information We Collect

Clinic Account Information

  • Clinic name, owner name, email, phone number, business address, GSTIN, billing details
  • Login credentials (passwords stored encrypted)

Clinic Operational & Patient Data

  • Patient names, phone numbers, appointment history, treatment records
  • Membership status, loyalty points, wallet balances, order history, invoices
  • Before/after media and educational content uploaded by clinics

Clinics own all their operational and patient data. Zennor processes it solely to deliver platform services and does not sell or exploit this data.

Technical & Usage Data

  • IP address, device type, browser, session logs, cookies, analytics identifiers
  • Push notification tokens (where permission is granted)

Payment Information

Payments are processed by third-party gateways including PayU. Zennor does not store full card or banking credentials.

3. Health & Sensitive Personal Data

Treatment history and health-adjacent data constitutes Sensitive Personal Data under Indian law. We apply heightened safeguards including role-based access controls, encryption in transit and at rest, and no sharing with third parties beyond infrastructure providers.

Medical Disclaimer: Zennor is a clinic management platform. It does not provide medical advice, diagnosis, or treatment recommendations, and does not create a doctor-patient relationship. All clinical decisions are the sole responsibility of the clinic and its licensed practitioners.

4. How We Use Information

  • Provide, maintain, and improve the Zennor platform
  • Enable loyalty programs, memberships, bookings, and QR-based redemption
  • Process payments and issue invoices
  • Send service-related communications and push notifications
  • Provide customer support, monitor security, and prevent fraud
  • Comply with applicable Indian laws and regulatory obligations

5. Data Sharing

We share information only with:

  • Cloud Infrastructure — Google Firebase for data hosting and real-time services
  • Payment Processors — PayU for transaction processing
  • Analytics & Communication — authorised providers under confidentiality obligations
  • Legal Authorities — where required by Indian law or court order

We do not sell data to advertisers or data brokers.

6. Data Security

  • HTTPS/TLS encryption for all data in transit
  • Secure cloud infrastructure with role-based access controls
  • Regular security monitoring and incident response processes

No system can guarantee absolute security. In the event of a data breach, we will notify affected parties as required under applicable law.

7. Data Retention

  • Clinic data is retained while the account is active and for a reasonable period thereafter as required by law.
  • Clinics may request a data export upon account termination.
  • Financial and legal records may be retained for the statutory period under Indian law.

8. Your Rights & Data Subject Requests

If you are a patient or end-user of a Clinic utilizing the Zennor platform, your primary relationship is with the Clinic, which acts as the Data Fiduciary under the DPDPA 2023. Zennor operates solely as a Data Processor, handling your data only upon the direct instructions of the Clinic.

Any requests to exercise your rights as a Data Principal—including requests for data access, correction, or permanent deletion—must be directed to your respective Clinic. Zennor will provide the necessary technological assistance to the Clinic to fulfill these requests within statutory timelines. However, Zennor cannot unilaterally delete your medical records, as such actions are subject to the Clinic’s mandatory medical record retention obligations under Indian healthcare and taxation laws.

9. Cookies

Zennor uses cookies for authentication, security, and analytics. You may block cookies in your browser settings, though some features may not function correctly.

10. Cross-Border Processing

Data may be processed on cloud servers located outside India where appropriate safeguards are in place as required under applicable law.

11. Grievance Officer

  • Name: Siddhesh Zagade
  • Role: Grievance Officer / Director
  • Email: support@zennor.app
  • Address: Borivali West, Mumbai, Maharashtra, India

Grievances will be acknowledged within 48 hours and resolved within 30 days.

12. Changes to This Policy

Material changes will be notified to registered clinic administrators via email or in-platform notification. Continued use after updates constitutes acceptance.

Other Policies

Privacy PolicyTerms & ConditionsRefund PolicyShipping PolicyCancellation PolicyAbout UsContact Us