Privacy Policy
Last updated: March 2026
1. Who we are
ZiroWait is a queue management and appointment booking platform built for clinics, salons, banks, and other service businesses in India. We help businesses manage patient and customer queues digitally, reducing wait times and improving the experience for everyone.
This policy explains what data we collect, why we collect it, and how we protect it. If you have any questions, contact us at support@zirowait.com.
2. Data we collect
We collect only what is needed to provide the service:
| Customer name | To identify you in the queue and on your token |
| Phone number (WhatsApp) | To send your token, position updates, and appointment reminders |
| Appointment date & time | To schedule and remind you of your booking |
| Service selected | To route you to the correct doctor or service |
| Queue position & wait time | To give you accurate status updates |
| Business owner email & phone | To manage their account and send OTP for login |
3. What we do NOT collect
- We do not collect medical records, prescriptions, or diagnoses
- We do not collect payment card or banking details
- We do not track your location unless you voluntarily share it via WhatsApp for travel-time guidance
- We do not use cookies for advertising or tracking
- We do not sell, rent, or share your data with any third party for marketing
4. How we use your data
- Send your queue token and position updates via WhatsApp
- Send appointment confirmations and reminders
- Show your name on the clinic's staff dashboard so they can call you
- Help the business understand queue patterns (aggregate counts only — no individual tracking)
5. WhatsApp messaging
When you interact with ZiroWait via WhatsApp, messages are sent through the official WhatsApp Business API (Meta Platforms). Your phone number is used solely to deliver queue and appointment messages for the specific business you contacted. We do not send promotional messages unless you explicitly opt in.
You can stop receiving messages at any time by replying STOP or by contacting the business directly.
6. Data storage and security
Your data is stored on secure servers hosted on AWS (ap-south-1, Mumbai region) and Supabase. We use industry-standard encryption in transit (HTTPS/TLS) and at rest. Access to the database is restricted to authorised ZiroWait engineers only.
Queue entry data (name, phone, token) is retained for 90 days and then automatically deleted. Appointment records are retained for 1 year for the benefit of the business managing follow-ups.
7. Your rights
You have the right to:
- Access — ask us what data we hold about your phone number
- Delete — request deletion of your data at any time
- Correct — request correction of inaccurate data
To exercise any of these rights, email us at support@zirowait.com with your phone number. We will respond within 7 business days.
8. Third-party services
| Service | Purpose | Their policy |
|---|---|---|
| Meta (WhatsApp Business API) | Message delivery | meta.com/privacy |
| AWS | Server hosting | aws.amazon.com/privacy |
| Supabase | Database hosting | supabase.com/privacy |
| Vercel | Web hosting | vercel.com/legal/privacy-policy |
We do not share your personal data with these providers beyond what is strictly necessary to deliver the service.
9. Changes to this policy
We may update this policy as the product evolves. Significant changes will be communicated via the business owner's registered email. The latest version is always available at zirowait.vercel.app/privacy.
Questions? Write to us at support@zirowait.com — we reply within 2 business days.