Legal

DPDP data rights

Your rights under India's Digital Personal Data Protection Act, 2023 — and exactly how to use them.

Last updated: 20 April 2026

The Digital Personal Data Protection Act, 2023 ("DPDP Act") gives every person in India clear rights over their personal data. This page explains the rights you have with respect to Zuzu, and how to use them.

1. Your rights at a glance

  • Right to information — know what personal data we hold about you and how we use it.
  • Right to access — request a copy of your personal data.
  • Right to correction and erasure — correct inaccurate data and, where appropriate, have it deleted.
  • Right to grievance redressal — escalate concerns to our Grievance Officer and, if needed, to the Data Protection Board of India.
  • Right to nominate — nominate another person to exercise these rights if you are unable to.
  • Right to withdraw consent — withdraw any consent you previously gave, at any time.

2. How to make a request

You can exercise any DPDP right through the in-app "Data & privacy" settings, or by emailing contact@zuzuhealthcare.com from the email address registered on your Zuzu account. Please include:

  • Your registered name, email, and/or phone number.
  • The specific right you want to exercise.
  • Any context that helps us locate the right data (e.g. city, approximate booking date).

3. Response timelines

We aim to respond within the timelines required under the DPDP Act and its rules. If additional time is needed — for example to complete a deletion across all systems — we will tell you and keep you updated.

4. Consent and purpose

We only collect personal data with your consent and for a specific, stated purpose. We do not use it for anything unrelated. If we want to use existing data for a new purpose, we will seek fresh consent.

5. Processing of children's data

Personal data of children (under 18) is only processed with verifiable parental or legal-guardian consent. Behavioural advertising or profiling of children is not carried out.

6. Transfers outside India

Where data is processed on cloud infrastructure that has regions outside India, we select providers that operate Indian data centres and take contractual measures to ensure equivalent protection consistent with the DPDP Act.

7. Breach notification

In the event of a personal-data breach, we will notify you and the Data Protection Board of India as required under the Act and its rules.

8. Grievance redressal

If we have not resolved a concern to your satisfaction, you may escalate to our Grievance Officer. See the grievance officer page for contact details. You may also approach the Data Protection Board of India.

Emergency? Call 108