Legal Document

Partner App Privacy Policy

Privacy policy and data handling information for ZOKTO partners

Legal Information

Terms of UsePrivacy PolicyRefund & Cancellation PolicyShipping & DeliveryPartner TermsStaff App Privacy PolicyStaff App Terms of UsePartner Privacy

ZOKTO Partner App Privacy Policy

Effective Date: 18 March 2026

This Privacy Policy explains how we collect, use, disclose, store, process, and protect information in connection with the ZOKTO Partner App (the “Partner App”).

The Partner App is a role-based operational application used by authorized partner-side users, including delivery partners, lab sample collection partners, pharmacy-side partner users, laboratory-side partner users, and other partner operational users participating in ZOKTO workflows.

This is not a consumer or patient app privacy policy, and it is not a doctor app privacy policy. It is written specifically for partner operations, where partner users may view or handle limited patient, customer, and workflow information strictly for completing assigned operational tasks.

For clarity:

  • ZOKTO is a trademark/brand of VYSN Technologies Private Limited.
  • ZOKTO Healthcare Private Limited is a subsidiary of VYSN Technologies Private Limited.
  • Depending on operational, contractual, legal, or compliance context, certain ZOKTO services, notices, or support functions may also be issued, managed, or supported through ZOKTO Healthcare Private Limited.

1. Scope, Roles, and Who We Are

Who We Are

The Partner App is operated by VYSN Technologies Private Limited (“VYSN,” “we,” “us,” or “our”) as part of the broader ZOKTO platform and workflow ecosystem.

ZOKTO operates as a technology-enabled workflow coordination and operational platform that supports fulfillment among participating parties, including pharmacies, laboratories, delivery partners, sample collection partners, and operational support teams.

ZOKTO is positioned as a platform, facilitator, and workflow coordinator. It is not an independent medical practitioner, not a hospital, and not a stand-alone medical decision-maker.

The Partner App:

  • Does not provide medical advice;
  • Does not diagnose any condition;
  • Does not replace licensed clinical judgment; and
  • Does not authorize any partner user to act beyond the scope of their assigned operational role.

Who This Policy Applies To

  • Partner Users who access the Partner App through an authenticated account enabled for partner operations; and
  • Information processed about Partner Users, including account, device, session, and usage information, as well as information Partner Users may access or handle through the Partner App in order to complete assigned tasks, including limited patient/customer and workflow information where operationally necessary.

If you use the Partner App on behalf of a pharmacy, laboratory, logistics provider, distributor, or any other partner entity, your organization may have its own internal policies, contracts, and compliance obligations that also apply to your conduct and to your handling of operational data.

India-Focused Operations and Data Localization

The Partner App is intended for operational use in India.

Unless expressly stated otherwise in a separate written agreement, Partner App operational data is stored and processed only within India. We do not transfer Partner App operational data outside India as part of normal Partner App operations.

We also apply strict safeguards designed for sensitive healthcare-adjacent operational data, including HIPAA-compliant / HIPAA-aligned administrative, physical, and technical safeguards where applicable, together with strict access control, purpose limitation, confidentiality controls, and role-based data minimization. Official HHS guidance describes the HIPAA Security Rule as requiring administrative, physical, and technical safeguards for ePHI, and explains that HIPAA applies to covered entities and business associates.

2. Information We Collect and Receive in Partner Workflows

Because the Partner App is role-based and workflow-driven, the information you see and the information we process will depend on your role, your task assignment, your permissions, and the workflow stage.

2.1 Partner User Account and Identity Information

We may collect and process:

  • Your name, phone number, and other identifiers used for authentication and account administration;
  • Your operational role designation, such as delivery, sample collection, pharmacy-side operations, lab-side operations, or similar operational role;
  • Related authorization attributes, such as access level, role flags, center mapping, branch mapping, or operational group mapping;
  • Login, session, and authentication-related data, such as token/session state, login time, and session history; and
  • Partner entity association information, including which pharmacy, laboratory, vendor, or operational entity you belong to, where relevant to routing, access, or assignment.

2.2 Task and Workflow Information

We process operational data required to create, assign, manage, track, and complete tasks, including:

  • Task IDs, request IDs, order IDs, workflow identifiers, and assignment references;
  • Workflow stages and operational status milestones;
  • Timestamps for operational events;
  • Exception notes, handoff records, and completion-related information;
  • Route or ETA-related signals where supported;
  • Availability state, workload metrics, and task history relevant to partner operations; and
  • Operational metadata required for reliability, auditability, fraud prevention, and workflow continuity.

2.3 Patient/Customer and Order-Related Information Visible to Partner Users

Depending on role and workflow stage, Partner Users may be able to view limited patient/customer and order/request information only to the extent necessary for assigned operational execution. This may include:

  • Patient/customer name and phone number;
  • Pickup or delivery address, locality, landmarks, or location pin;
  • Order/request details needed for fulfillment;
  • Prescription-related information where relevant to an assigned fulfillment workflow;
  • Lab sample collection details, such as slot, instructions, identifiers, or sample-linked workflow information; and
  • Report-related status, metadata, or files where relevant to role-appropriate workflow steps.

Where the Partner App processes health-related information, prescription-related information, medical-record-linked information, lab information, or other sensitive healthcare-adjacent data, we treat that information as highly restricted and apply strict confidentiality, access-control, and security safeguards.

2.4 Uploads You Provide in the Partner App

Depending on your role and workflow, the Partner App may allow or require you to upload:

  • Proof photos;
  • Invoice or receipt images;
  • Sample labels or other workflow-related operational documents;
  • Report-related files or handoff-related records where role-appropriate; and
  • Operational notes or exception notes.

Uploads may sometimes capture sensitive information, including faces, labels, prescriptions, addresses, or identifiers. Partner Users must upload only what is required for the assigned task and should avoid capturing unrelated persons or unnecessary sensitive details.

2.5 Location Information

Where enabled and relevant to your role, the Partner App may collect approximate or precise location information in order to:

  • Support pickup/drop/sample navigation;
  • Support operational verification;
  • Reduce misuse, fraud, and false completion claims;
  • Resolve disputes about field activity; and
  • Improve assignment and coordination efficiency in the field.

Location is used in a workflow-appropriate and role-appropriate manner, subject to device permissions and operational need.

2.6 Device, Network, Diagnostic, and Security Information

To operate the Partner App securely and reliably, we may collect:

  • Device model, OS version, app version, language, and related device attributes;
  • Device/session identifiers where required for security and operational continuity;
  • IP address, network type, connectivity status, and related network information;
  • Crash data, performance logs, latency metrics, and diagnostics; and
  • Security/integrity signals such as suspicious session activity, repeated authentication failures, or abnormal access patterns.

3. How We Receive Information

We may receive the above categories of information:

  • Directly from you when you log in, use the Partner App, upload files, or update tasks;
  • From ZOKTO platform systems and workflow engines that generate assignments and operational routes;
  • From partner entities and administrators that onboard or manage Partner Users;
  • From internal operational teams supporting dispatch, quality, or compliance; and
  • From service providers that support hosting, notifications, communications, app performance, security, and monitoring, subject to appropriate controls.

4. How We Use Information in Partner Operations

We use information for specific, limited, operational purposes connected to task execution, platform reliability, safety, compliance, and workflow integrity.

4.1 Operating Core Workflows

We use information to:

  • Authenticate Partner Users and provide role-based access;
  • Assign tasks and display role-appropriate task details;
  • Enable workflow actions such as accept, decline, pickup confirmation, handover confirmation, delivery confirmation, sample collection confirmation, report-related actions, returns, and exception handling; and
  • Maintain continuity and correctness of active operational workflows.

4.2 Enabling Communications for Task Execution

Depending on role and workflow, we may use information to facilitate operational communication with relevant parties, such as:

  • Patient/customer contacts;
  • Pickup or drop contacts;
  • Pharmacy or lab contacts;
  • Partner hubs;
  • Internal operational support teams; and
  • Other workflow participants where communication is necessary for task completion.

4.3 Operational Integrity, Quality, and Support

We use information to:

  • Maintain task history and workflow records;
  • Investigate and resolve disputes;
  • Detect and prevent misuse, fraud, false completion, or unauthorized access;
  • Support operational troubleshooting and partner support; and
  • Investigate exceptions, handoff mismatches, missed pickups, address issues, or similar problems.

4.4 Safety, Compliance, and Auditability

We use information to:

  • Maintain audit trails for key workflow events;
  • Support compliance, investigations, and lawful requests where applicable;
  • Enforce partner rules, operational restrictions, and data-handling obligations; and
  • Monitor security, reliability, and sensitive-data access controls.

4.5 Improving the Partner App

We may also use limited operational, usage, and diagnostic information to:

  • Understand feature usage;
  • Fix bugs and improve performance;
  • Improve workflow design, task reliability, and operational efficiency; and
  • Strengthen security, fraud prevention, and role-based data protection.

The Partner App is not positioned as an advertising-led product. Partner workflow data is processed primarily for operations, integrity, security, support, and service improvement.

5. Role-Based Access, Operational Visibility, and Sharing

Role-scoped access is one of the core privacy principles of the Partner App.

5.1 Role-Based and Task-Scoped Visibility

Partner Users do not all see the same information. In general:

  • Access is limited by role;
  • Access is limited by task assignment;
  • Visibility may change depending on workflow stage; and
  • Partner Users should only see information necessary for tasks assigned to them or their authorized operational queue.

We design the Partner App around data minimization and purpose limitation. Partner Users are expected to access and use only the minimum information required to complete their assigned operational work.

5.2 Why Patient/Customer Data May Be Visible to Partners

In partner workflows, limited patient/customer information may be visible to authorized Partner Users because it may be necessary to:

  • Deliver medicines or packages;
  • Collect samples and hand them over correctly;
  • Support pharmacy-side or laboratory-side processing;
  • Manage pickups, drops, and handovers; and
  • Support report-related operational workflows where role-appropriate.

This visibility is strictly for authorized operational execution and not for personal, commercial, or off-platform use.

5.3 How Information May Be Shared

Information may be shared or made available in a controlled manner only as necessary for operations, including with:

Partner Entities Involved in Fulfillment

  • Pharmacies and pharmacy-side operational users;
  • Laboratories and laboratory-side operational users;
  • Delivery partners and sample collection partners; and
  • Distributor-side or other authorized operational users where relevant.

Internal Operations and Administrative Teams

Authorized internal staff supporting dispatch, quality, support, compliance, security, disputes, and partner management.

Service Providers and Technology Vendors

We may use service providers for:

  • Hosting and storage;
  • Notifications, messaging, and communications;
  • Mapping/navigation;
  • Monitoring, diagnostics, and security; and
  • Infrastructure support.

These providers are given only the level of access reasonably necessary for their function and are expected to operate under contractual and practical controls.

Legal, Regulatory, and Compliance Disclosures

We may disclose information where required by law, lawful process, regulatory request, or where reasonably necessary to protect rights, security, safety, platform integrity, or participants in ZOKTO workflows.

6. India-Only Storage, No Cross-Border Transfer, and Sensitive Data Protection

We treat Partner App operational data — especially healthcare-adjacent and workflow-linked personal data — with strict confidentiality and high-security handling standards.

6.1 India-Only Storage and Processing

As a core operating principle, Partner App operational data is stored and processed within India.

We do not transfer Partner App operational data outside India as part of normal Partner App operations.

6.2 Sensitive Data Safeguards

Where Partner App workflows involve health-related, prescription-related, diagnostic, or similar sensitive information, we apply strict security and access controls designed to protect confidentiality, integrity, and limited-purpose use. These safeguards may include:

  • Role-based access restrictions;
  • Task-scoped visibility;
  • Authentication and session controls;
  • Audit logging and monitoring;
  • Access limitation on a need-to-know basis;
  • Secure processing of uploads and operational files; and
  • Administrative, physical, and technical safeguards aligned with strict healthcare data protection expectations, including HIPAA-style / HIPAA-compliant controls where applicable. Official HHS materials describe the Privacy Rule as protecting individually identifiable health information and the Security Rule as requiring administrative, physical, and technical safeguards for ePHI.

6.3 No Unauthorized Cross-System or Off-Platform Use

We do not permit Partner Users to copy, export, or reuse patient/customer or workflow-linked sensitive data outside authorized operational workflows, except where strictly required for an authorized operational step and allowed by applicable controls, contracts, and law.

7. Device Permissions, Operational Records, and Misuse Controls

7.1 Device Permissions and Why They May Be Requested

Depending on role and workflow, the Partner App may request permissions such as:

  • Camera — for proof capture and operational document capture;
  • Photos / Files / Storage — for uploading workflow-related files or viewing/download of role-appropriate files;
  • Location — for routing, navigation, verification, and operational integrity;
  • Phone / Dialer — for task-related operational calls where permitted;
  • Notifications — for task alerts, reminders, and workflow events; and
  • Internet / Network Access — for syncing tasks, uploading proofs, and communicating with platform systems.

7.2 Task Records, Logs, and Audit Trails

The Partner App may create and retain operational records such as:

  • Task acceptance or decline events;
  • Status changes and workflow progression events;
  • Upload records;
  • Timestamps and workflow history;
  • Session or device-linked operational metadata where required;
  • Exception notes and support traces; and
  • Relevant location signals where enabled and operationally necessary.

These records support service reliability, partner support, dispute resolution, compliance, security investigations, fraud prevention, and auditability.

7.3 Strict Operational-Use Requirement

Partner Users are authorized to access information in the Partner App only for assigned operational purposes. Partner Users must not:

  • Access tasks or information outside their role or queue;
  • Use patient/customer information for personal or non-operational purposes;
  • Copy, share, screenshot, publish, or externally store sensitive data except where explicitly required for an authorized workflow;
  • Bypass role controls or workflow restrictions; or
  • Upload irrelevant content or excessive sensitive information beyond what the task requires.

We may investigate misuse, restrict access, suspend accounts, or take other appropriate action where required for platform safety, legal compliance, or operational integrity.

8. Data Retention and Security

8.1 Data Retention

We retain information for as long as reasonably necessary for purposes including:

  • Completing and maintaining continuity of operational workflows;
  • Preserving audit trails and handling disputes;
  • Supporting fraud prevention and platform integrity;
  • Meeting legal, contractual, and compliance obligations; and
  • Improving service reliability and internal reporting.

Retention periods may vary depending on data type, workflow, contract, legal requirement, and operational necessity.

We do not state a single fixed retention period in this Privacy Policy because different categories of data may require different retention treatment.

8.2 Data Security

We implement reasonable and appropriate technical, organizational, and operational safeguards designed to protect information against unauthorized access, misuse, alteration, disclosure, and destruction. Security measures may include:

  • Authenticated account controls;
  • Role-based and task-scoped access restrictions;
  • Audit logging and suspicious-activity monitoring;
  • Limited internal/service-provider access on a need-to-know basis;
  • Secure handling of uploads and workflow documents; and
  • Strict healthcare-data-protection practices designed to support confidential handling of sensitive operational information.

No method of transmission or storage is completely secure. While we take strong measures to protect data, absolute security cannot be guaranteed.

9. Choices, Rights, Correction Requests, and Grievance Handling

9.1 Partner User Choices and Controls

You can generally:

  • Manage certain permissions, such as camera, location, and notifications, through your device settings;
  • Request updates to certain account information through your partner administrator or supported Partner App workflows; and
  • Log out and secure your device to reduce risk of unauthorized access.

Restricting permissions may reduce your ability to complete certain tasks.

9.2 Access, Correction, and Deactivation Requests

Subject to verification, operational constraints, legal obligations, and retention needs, we may provide practical channels for Partner Users to request:

  • Access to certain account-related information;
  • Correction of inaccurate account information;
  • Deactivation of account access; and
  • Deletion or restriction requests, where feasible and legally permissible.

To request the deletion of your account and associated data, please email our support team at support@zokto.in. We will process your request and delete all identifiable data within 90 days, except where retention is legally required for compliance, auditability, fraud prevention, dispute handling, or lawful requests.

Where records are necessary for auditability, dispute handling, fraud prevention, compliance, or lawful retention, we may retain those records even if account access is deactivated.

9.3 Grievance and Privacy Contact

For privacy questions, correction requests, grievances, or concerns relating to information handled in connection with the Partner App, you may contact:

VYSN Technologies Private Limited

7-1/99, 6 58, Sai Prabhat Nagar,
Temple City, Trunk Road (Khammam),
Khammam (Urban), Khammam – 507003,
Telangana, India
Email: info@vysn.in
CIN: U62099TS2025PTC198900

You may also write to:

ZOKTO / ZOKTO Healthcare Private Limited

7-1/99, 6-58, Sai Prabhat Nagar,
Temple City, Trunk Road (Khammam),
Khammam (Urban), Khammam – 507003,
Telangana, India
Email: info@zokto.in
CIN: U62099TS2025PTC206004

The current ZOKTO website publicly lists info@zokto.in on its contact page, and public company records reflect the ZOKTO Healthcare Private Limited CIN as provided.

10. Children and Unauthorized Users

The Partner App is intended only for authorized operational users. It is not designed for children or for general public access.

If you believe an unauthorized person has accessed the Partner App using your credentials or device, you must notify your partner administrator and contact us promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in workflows, features, security practices, operational controls, compliance needs, or legal requirements.

When we make material changes, we will take reasonable steps to make the updated Privacy Policy available through the website and/or the in-app policy link.

Continued use of the Partner App after an update may constitute acceptance of the updated Privacy Policy to the extent permitted by law.

12. Final Clarification on Sensitive Data Handling

Because the Partner App may involve healthcare-adjacent operational information, we take a strict approach to confidentiality, restricted access, auditability, India-only data handling, and no-cross-border operational data transfer.

Partner Users are expected to use the Partner App only for authorized operational purposes and to handle all patient/customer and workflow-linked information with the highest level of care, confidentiality, and discipline.

13. Company Details

VYSN Technologies Private Limited

Corporate Identification Number (CIN): U62099TS2025PTC198900

Registered Office: 7-1/99, 6 58, Sai Prabhat Nagar, Temple City, Trunk Road (Khammam), Khammam (Urban), Khammam – 507003, Telangana, India

Email: info@vysn.in

ZOKTO Healthcare Private Limited

Corporate Identification Number (CIN): U62099TS2025PTC206004

Date of Incorporation: 06 November 2025

Status: Active

Registered Office: 7-1/99, 6-58, Sai Prabhat Nagar, Temple City, Trunk Road (Khammam), Khammam (Urban), Khammam – 507003, Telangana, India

Email: info@zokto.in