Grievance Redressal — Zuro Healthcare

India-only operations — under DPDP Act 2023, IT Act 2000 + SPDI Rules 2011, and CERT-In Directions 2022.

We do not operate under foreign data-protection regimes. This page describes how to raise a grievance with us, with the Data Protection Board of India, or with CERT-In.

Grievance Officer

As required by Rule 5(9), Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Name

Biplav Nayak · Founder, BartLabs Technologies Pvt Ltd

grievance@zurohealth.com

Service-level

Acknowledged within 24 hours · resolved within 30 days

When to write to the Grievance Officer

You believe Zuro is mishandling your personal or sensitive personal data.
Your DPDP § 11 access / correction / erasure request is not actioned within the published SLA.
You spotted an unauthorised disclosure or suspect a breach.
You want to escalate before approaching the Data Protection Board of India.

Data Protection Officer

Voluntarily appointed under DPDP Act 2023 § 10 (mandatory once Zuro is notified as a Significant Data Fiduciary).

Name

Biplav Nayak (interim) · Founder, BartLabs Technologies Pvt Ltd

dpo@zurohealth.com

Remit

DPDP Act 2023 compliance, Data Principal rights requests, breach response

CERT-In Point of Contact

Required by Direction (iv) of the CERT-In Directions, 28 April 2022.

Name

Biplav Nayak (interim) · Founder, BartLabs Technologies Pvt Ltd

security@zurohealth.com

Remit

6-hour incident reports to incident@cert-in.org.in under CERT-In Directions 2022

Verified cyber-incidents are reported by Zuro to incident@cert-in.org.in within 6 hours of detection, in line with Direction (ii) of the 2022 directions.

Escalation path

Write to our Grievance Officer

First, email grievance@zurohealth.com. You will get an acknowledgement within 24 hours.

Escalate to our DPO

If unresolved within 30 days, write to dpo@zurohealth.com.

Approach the Data Protection Board of India

Under DPDP Act § 13, the DPB can adjudicate grievances. Once the Board is operational, complaints will be filed at the URL the Ministry of Electronics and Information Technology publishes.

Sectoral regulators

National Medical Commission (doctor-conduct issues): nmc.org.in
National Health Authority (ABDM / ABHA): abdm.gov.in
Reserve Bank of India (payment grievances): rbi.org.in (Razorpay handles PA escalation directly)

What we will do

For each grievance we receive, Zuro will: log the request in the support tracker, write a row to audit_logs for the regulator-readable trail, investigate, respond with a decision within 30 days, and offer the right of appeal.

For verified breaches we will additionally notify CERT-In within 6 hours and the Data Protection Board within 72 hours, alongside any affected Data Principals — see our Data Protection page for the full incident-response timetable.

India-only operations — under DPDP Act 2023, IT Act 2000 + SPDI Rules 2011, and CERT-In Directions 2022.

We do not operate under foreign data-protection regimes. This page describes how to raise a grievance with us, with the Data Protection Board of India, or with CERT-In.

Grievance Officer

As required by Rule 5(9), Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Name

Biplav Nayak · Founder, BartLabs Technologies Pvt Ltd

grievance@zurohealth.com

Service-level

Acknowledged within 24 hours · resolved within 30 days

When to write to the Grievance Officer

You believe Zuro is mishandling your personal or sensitive personal data.
Your DPDP § 11 access / correction / erasure request is not actioned within the published SLA.
You spotted an unauthorised disclosure or suspect a breach.
You want to escalate before approaching the Data Protection Board of India.

Data Protection Officer

Voluntarily appointed under DPDP Act 2023 § 10 (mandatory once Zuro is notified as a Significant Data Fiduciary).

Name

Biplav Nayak (interim) · Founder, BartLabs Technologies Pvt Ltd

dpo@zurohealth.com

Remit

DPDP Act 2023 compliance, Data Principal rights requests, breach response

CERT-In Point of Contact

Required by Direction (iv) of the CERT-In Directions, 28 April 2022.

Name

Biplav Nayak (interim) · Founder, BartLabs Technologies Pvt Ltd

security@zurohealth.com

Remit

6-hour incident reports to incident@cert-in.org.in under CERT-In Directions 2022

Verified cyber-incidents are reported by Zuro to incident@cert-in.org.in within 6 hours of detection, in line with Direction (ii) of the 2022 directions.

Escalation path

Write to our Grievance Officer

First, email grievance@zurohealth.com. You will get an acknowledgement within 24 hours.

Escalate to our DPO

If unresolved within 30 days, write to dpo@zurohealth.com.

Approach the Data Protection Board of India

Under DPDP Act § 13, the DPB can adjudicate grievances. Once the Board is operational, complaints will be filed at the URL the Ministry of Electronics and Information Technology publishes.

Sectoral regulators

National Medical Commission (doctor-conduct issues): nmc.org.in
National Health Authority (ABDM / ABHA): abdm.gov.in
Reserve Bank of India (payment grievances): rbi.org.in (Razorpay handles PA escalation directly)

What we will do