.png){kind=small}
Privacy Notice
ZERAPHOS, INC.
Privacy Notice
Effective Date: March 21, 2026
Last Revised: April 1, 2026
Incorporated in the State of Delaware, United States of America
1. About Zeraphos
Zeraphos, Inc. is a Delaware-incorporated company that provides tech-enabled care coordination services for NRI families managing the care of elderly parents and family members in India. Through our platform, we connect subscribing families with vetted CareMates and a dedicated Care Coordination Manager who together deliver in-home wellness support, health monitoring, and regular care updates.
This Privacy Notice explains how we collect, use, store, share, and protect information in connection with your use of our website, mobile application, and services. It applies to subscribing family members (Users) and, where relevant, to information collected about Care Recipients (Beneficiaries) in India.
Data Controller: Zeraphos, Inc., incorporated in Delaware, USA
Privacy Contact: privacy@zeraphos.com
Platform: zeraphos.com
2. Scope of This Notice
This Privacy Notice applies when you:
Visit our website or use our mobile application or Platform
Create an account, subscribe to a Care Plan, or sign up for updates
Communicate with us directly, through your Care Coordination Manager, or via social media
Avail any Service offered through the Zeraphos Platform
This Notice does not apply to third-party websites, applications, or services that may be linked from our Platform. We encourage you to review the privacy practices of any third-party service before engaging with it.
3. Information We Collect
3.1 Information You Provide
When you register or use our services, we collect:
Your name, email address, phone number, and country of residence
Your relationship to the Beneficiary (e.g., son, daughter, spouse)
Location of the Beneficiary in India (city or district level)
Care preferences, requirements, and any instructions you share with your CCM
Payment information in connection with subscription and one-time service payments — processed through our payment provider. We do not store card details.
Any other information you voluntarily provide in the course of using the Platform
3.2 Information Collected Automatically
When you access the Platform, we automatically collect:
Device type, operating system, and browser
IP address and approximate geographic location
Pages visited, features used, and time spent on the Platform
Referral source and session identifiers
This information is collected through standard web technologies including cookies, server logs, and analytics tools. It helps us understand how the Platform is used and improve your experience.
3.3 Health and Care Data About the Beneficiary
In the course of delivering services, we collect structured health and care information about your Beneficiary in India. This includes:
Vital parameters recorded during CareMate visits, including blood pressure, pulse rate, body temperature, and oxygen saturation
Medication schedules, adherence records, and daily wellness observations
Visit logs, care activity summaries, and CCM coordination notes
Laboratory test results and diagnostic reports uploaded to the Platform following coordination with diagnostic service providers
Health profiling information provided during onboarding
This data is collected with the explicit consent of the Beneficiary, obtained separately prior to the commencement of services. It is shared with the subscribing User through the Platform as part of the care coordination service.
Zeraphos does not collect, process, or store clinical medical records constituting Protected Health Information (PHI) as defined under the US Health Insurance Portability and Accountability Act (HIPAA). Our Beneficiaries are residents of India and are not US-covered patients under HIPAA.
4. Purposes and Lawful Basis for Processing
Zeraphos processes personal data and special categories of health data for the following purposes, each grounded in an applicable lawful basis under the Digital Personal Data Protection Act, 2023 (India) and other applicable privacy laws:
4.1 Service Delivery and Account Management
Personal data is processed as necessary for the performance of the contractual obligations between Zeraphos and the User, including the establishment and administration of user accounts, coordination of CareMate visits, management of Care Plans, processing of subscription payments, and transmission of care updates and wellness reports through the Platform.
4.2 Health Data Processing for Care Coordination
Special categories of personal data pertaining to the health and physical condition of the Beneficiary are processed on the basis of the explicit consent of the Beneficiary, obtained prior to the commencement of services, for the purpose of delivering, coordinating, and monitoring the care services subscribed to by the User. Such data is processed strictly to the extent necessary for the fulfillment of the agreed Care Plan and the facilitation of on-demand specialist and ancillary services.
4.3 Platform Improvement and Safety
Automatically collected usage data and aggregated platform analytics are processed on the basis of Zeraphos's legitimate interests in maintaining, securing, and improving the functionality, performance, and user experience of the Platform, provided such processing does not override the fundamental rights and interests of the data subjects concerned.
4.4 Research, Health Innovation, and AI Development
Anonymized and aggregated health and care data collected through the Platform in the ordinary course of service delivery may be processed by Zeraphos and its authorized partners for purposes including, but not limited to, the development and continuous improvement of artificial intelligence-assisted predictive and preventive health tools, service quality enhancement, and collaborative research initiatives directed at advancing the understanding, prevention, and management of health conditions affecting elderly populations. Zeraphos reserves the right to enter into data partnerships with authorized third-party organizations for such purposes. In all such instances, data shall be processed exclusively in anonymized and aggregated form such that no individual data subject can be identified, and no personally identifiable information shall be disclosed to any third-party research or innovation partner without the explicit consent of the relevant data principal. The User's acceptance of these terms constitutes acknowledgment that such use of de-identified data is a condition of access to the Platform.
4.5 Legal and Regulatory Compliance
Personal data may be processed to the extent necessary to comply with applicable legal and regulatory obligations, respond to lawful orders of courts or governmental authorities, enforce the terms of the Service Agreement, and protect the rights, property, and safety of Zeraphos, its users, CareMates, and the public.
4.6 Marketing Communications
Where you have provided consent, we may use your contact details to send you service updates, platform announcements, and relevant communications. You may withdraw this consent at any time by contacting privacy@zeraphos.com or using the unsubscribe mechanism in any communication.
5. Disclosure and Transfer of Personal Data
Zeraphos does not sell, rent, or trade personal data. Personal data and health data may be disclosed to third parties solely in the following circumstances and subject to appropriate safeguards:
5.1 CareMates and Care Coordination Network
CareMates and Care Coordination Managers are provided with such personal and health information pertaining to the Beneficiary as is strictly necessary for the safe and effective delivery of the relevant care service. All such persons are subject to confidentiality obligations commensurate with the sensitivity of the data disclosed.
5.2 Network Providers and Third-Party Service Partners
Where services are fulfilled through Network Providers, including home nursing agencies, diagnostic laboratories, transport operators, or clinical specialists, such providers are furnished with the minimum personal data necessary to discharge their service obligations. Network Providers are contractually required to process such data solely for the purpose of service delivery and in accordance with applicable privacy and data protection laws.
5.3 Technology and Infrastructure Vendors
Zeraphos engages third-party vendors for cloud hosting, payment processing, communications infrastructure, and platform analytics. Such vendors process personal data solely as data processors acting under Zeraphos's instructions and are prohibited from using the data for any independent purpose. Zeraphos maintains data processing agreements with all material technology vendors.
5.4 Legal Compulsion and Regulatory Disclosure
Personal data may be disclosed without prior notice to the data subject where such disclosure is required by applicable law, regulation, court order, or the lawful directive of a competent governmental or regulatory authority, or where disclosure is reasonably necessary to protect the legal rights, property, or safety of Zeraphos, its users, or third parties.
5.5 Corporate Transactions
In the event of a merger, acquisition, restructuring, or sale of all or substantially all of the assets of Zeraphos, personal data held by Zeraphos may be transferred to the acquiring or successor entity as part of such transaction. Where required by applicable law, affected users shall be notified prior to the transfer and afforded an opportunity to exercise applicable data subject rights.
6. Data Storage, Localization, and Security
Personal data and special categories of health data pertaining to Beneficiaries are stored on secure cloud infrastructure located within India, in compliance with the applicable data localization requirements under the Digital Personal Data Protection Act, 2023 (India) and such rules and notifications as may be issued thereunder from time to time. User account data and operational data may additionally be stored on infrastructure located in the United States in connection with the management of the Zeraphos platform by Zeraphos, Inc.
Zeraphos implements and maintains appropriate technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include, without limitation, encryption of data in transit using Transport Layer Security (TLS) protocols, encryption of data at rest, role-based access controls, regular security assessments, and incident response procedures.
Notwithstanding the foregoing, no data transmission or storage system can be guaranteed to be entirely secure. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, Zeraphos shall notify the affected data subjects and, where required, the relevant supervisory authority, in accordance with applicable legal obligations.
If you suspect unauthorized access to or compromise of your account, you must notify Zeraphos immediately at privacy@zeraphos.com.
7. Data Retention
Personal data is retained for the duration of the User's active Subscription and for a period not exceeding five (5) years following the termination or expiry thereof, unless a longer retention period is required or permitted by applicable law, regulatory obligation, or for the establishment, exercise, or defence of legal claims. Health and care data pertaining to the Beneficiary shall be retained for an equivalent period, subject to the subsistence of the Beneficiary's consent and any applicable statutory retention requirements.
Upon the expiry of the applicable retention period, personal data shall be securely deleted or anonymized in accordance with Zeraphos's data lifecycle management procedures. Anonymized data, from which no individual can reasonably be identified, may be retained indefinitely for research, analytics, and platform improvement purposes.
8. Your Rights
As a User or as the authorized representative of a Beneficiary, you have the following rights in respect of personal data held by Zeraphos:
Right of Access — to request confirmation of whether Zeraphos holds personal data about you and to obtain a copy of such data
Right of Correction — to request the correction of inaccurate or incomplete personal data
Right of Erasure — to request the deletion of personal data, subject to applicable legal retention obligations and Zeraphos's legitimate operational requirements
Right to Data Portability — to request a copy of personal data provided by you in a structured, machine-readable format
Right to Withdraw Consent — to withdraw consent for data processing activities based on consent, without affecting the lawfulness of processing carried out prior to withdrawal
Right to Grievance Redressal — to raise a complaint or grievance with Zeraphos's designated privacy contact in respect of any alleged violation of applicable data protection law
To exercise any of the foregoing rights, submit a written request to privacy@zeraphos.com. Zeraphos shall respond within thirty (30) days of receipt of a valid request, subject to identity verification and any applicable legal exceptions.
9. Cookies and Tracking Technologies
Our Platform uses cookies and similar tracking technologies to recognize returning visitors, analyze usage patterns, and maintain session state. You may control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of the Platform.
Zeraphos does not use cookies or tracking technologies to serve targeted third-party advertising and does not permit advertising networks to collect data through the Platform for behavioral advertising purposes.
10. Minors
The Zeraphos Platform and Services are intended solely for use by adults. We do not knowingly collect personal information from individuals under the age of 18. If you have reason to believe that a minor has provided personal information to Zeraphos without appropriate consent, please notify us at privacy@zeraphos.com and we will take prompt steps to delete such information.
11. Third-Party Links and Services
The Platform may contain links to third-party websites or services. Zeraphos has no control over, and assumes no responsibility for, the privacy practices or content of such third-party services. We encourage you to review the privacy policies of any third-party services you access through links on our Platform.
12. Amendments to This Notice
Zeraphos reserves the right to revise, supplement, or replace this Privacy Notice at any time. The revised Notice shall be effective from the date of publication on the Platform. Where amendments are material, Zeraphos shall endeavour to notify Users by electronic communication to the registered email address on file. The User's continued access to or use of the Platform following the publication of any revised Notice shall constitute irrevocable acceptance of the Notice as amended. It is the User's responsibility to periodically review this Notice for updates.
13. Governing Law and Jurisdiction
This Privacy Notice and all matters pertaining to the processing of personal data in connection with the Zeraphos Platform and Services shall be governed by and construed in accordance with the laws of India, including without limitation the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, as amended. Any dispute arising out of or in connection with this Notice shall be subject to the exclusive jurisdiction of the courts of competent jurisdiction in Kerala, India, consistent with the governing law and jurisdiction provisions of the Zeraphos Service Agreement and Terms of Use.
14. Contact Us
For all privacy-related queries, data subject requests, consent withdrawals, or grievances, please contact:
Privacy and Data Protection: privacy@zeraphos.com
General Inquiries: hello@zeraphos.com
Platform: zeraphos.com
Zeraphos, Inc. | Incorporated in the State of Delaware, United States of America
Zeraphos, Inc. | Your eyes. Your hands. Their home.