This Privacy Policy explains how Zello Life ("we", "our") collects, uses, shares, and protects your personal information. By using Zello Life, you agree to these practices.
1. Information we collect
- Account and identification data: name, email, specialty, license ID, and optional photo.
- Usage and support data: access logs, in-app actions, feedback.
- Consultation data (when applicable): recordings, transcripts, and generated documents as configured by the user.
- Patient data registered by the professional: identification, contact details, health plan, reported clinical history, and patient consent.
- Business-form data: name, work email, role, practice, team size, current system, request type, message, and contact-consent record.
- Visit-attribution data: UTM parameters, campaign identifiers (such as GCLID when present), landing page and path, browser-provided URL, and referrer.
- Technical data: IP address, device, browser, and cookies/similar technologies.
2. Legal bases and purposes
- Contract performance: operate product features and support.
- Legitimate interests: improve services, prevent fraud, ensure availability.
- Consent: process sensitive data and non-essential cookies.
- Respond to practice and integration requests, assess business demand, and measure which campaigns led to a contact.
- Business forms are not intended for patient data; do not enter clinical or identifiable patient information in these fields.
- Legal compliance: respond to legal requests and regulatory obligations.
3. Sharing
We do not sell personal data. We may share information:
- With processors/providers under contract and confidentiality.
- To comply with legal obligations or law enforcement.
- To protect Zello Life, users, and the public when necessary.
4. Security
- Encryption in transit and at rest where applicable.
- Access controls and audit logs.
- Backups and business continuity processes.
5. Your rights
- Access and confirmation of processing.
- Correction of inaccurate or outdated data.
- Anonymization, blocking or deletion of unnecessary/excess data.
- Portability and information on data sharing.
- Consent withdrawal and objection to unlawful processing.
- Data export, patient anonymization, and account deletion through the Data and privacy area.
- For leads and business requests without an account, rights may be exercised through the privacy contact listed at the end of this Policy.
6. Retention and deletion
We keep data for as long as necessary for the stated purposes and/or legal requirements. Leads and business requests are reviewed according to the need to respond, manage the business relationship, measure acquisition, meet obligations, and exercise legal rights. We do not currently apply one automatic deletion deadline to these records. A data subject may request access, correction, objection, or deletion through the privacy contact, and the request will be assessed under the applicable legal bases and security needs. Patients may be removed from active workflows through soft deletion or anonymized upon request. Account deletion handles linked data according to applicable technical rules and legal obligations.
7. Audit and operational security
Changes to sensitive tables, such as patients, consultations, and reports, may generate audit records containing the action, table, record identifier, date, IP address, and user agent for security, traceability, and abuse prevention.
9. Changes to this policy
We may update this Policy from time to time. The current version is the one published in the platform with the update date.
10. Contact (DPO)
- Email: [email protected]