Privacy Policy

Zylohub Privacy Policy

Last updated: 23 March 2026

Zylohub (“Zylohub”, “we”, “us”, “our”) is an on‑demand staffing platform that connects businesses with nearby blue‑collar and gig workers (“Platform”). This Privacy Policy explains in plain English how we collect, use, store, share and protect your personal data when you use our mobile applications, website, and related services in India.

By using Zylohub, you agree to the practices described in this Privacy Policy, in line with applicable Indian data protection and payment regulations, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and relevant RBI directions on payment data.​

1. Who we are (legal details)

Zylohub Global Private Limited

• ​ CIN: U78100TN2026PTC189979
• ​ PAN: AACCZ9177C
• ​ TAN: CHEZ04815G
• ​ Registered Address:​ No.8, 2nd Floor, No.5 Mamatha Apartment,​ Rajachari Street, T. Nagar,​ Chennai
• 600017, Tamil Nadu, India

For the purposes of the DPDP Act, Zylohub Global Private Limited is the Data Fiduciary that decides how and why your personal data is processed.​

2. Scope – who this policy applies to

This Privacy Policy applies to:

• ​ Workers / job seekers who create a profile, apply for jobs, or accept gigs through Zylohub.
• ​ Businesses / recruiters / contractors who post jobs, search for workers, or hire through Zylohub.

• ​ Visitors who use our website, apps, or contact our support channels.

It covers personal data processed in India, or personal data about individuals located in India, as required under the DPDP Act, 2023.​

3. Key definitions

In this document:

• ​ “Personal Data” means any data about an individual who is identifiable by or in relation to such data (for example: name, phone number, PAN, bank account, device ID).​
• ​ “Data Principal” means you, the individual whose personal data is collected and processed.​
• ​ “Data Fiduciary” means Zylohub Global Private Limited, which decides how and why your personal data is processed.​
• ​ “Data Processor” means any third party that processes personal data on our behalf (for example: cloud hosting providers, payment gateways, analytics services).​

4. What data we collect

Depending on whether you are a worker, business, or visitor, and how you use Zylohub, we may collect the following categories of data.

4.1 Identity and contact data

• ​ Full name
• ​ Mobile number (including for OTP / login)
• ​ Email address
• ​ Gender (where provided)
• ​ Date of birth / age (to confirm you are 18+)
• ​ Profile photo

We primarily use your phone number as your login identifier, using OTP‑based authentication via Firebase Authentication.

4.2 Government and KYC data

Where legally required (for payouts, tax, fraud prevention or compliance), we may collect:

• ​ PAN
• ​ Address proof (e.g., voter ID, driving licence, utility bill, rent agreement)
• ​ Other KYC documents permitted under Indian law (for example, DigiLocker‑based documents)​

We do not collect Aadhaar numbers or Aadhaar biometrics for routine onboarding, and will only use Aadhaar‑based KYC if and to the extent explicitly permitted by law and by the Unique Identification Authority of India (UIDAI).​

4.3 Employment and profile data (workers)

• ​ Skills, job categories, languages known
• ​ Work experience, past employers or types of gigs done
• ​ Availability (days, hours, preferred shift)
• ​ City / locality preferences
• ​ Ratings, reviews and feedback given by businesses
• ​ Documents you upload (CV, certificates, badges, etc.)

4.4 Business and organisation data (hirers)

• ​ Business name and businessType (e.g., shop, restaurant, warehouse)
• ​ GST number (if applicable)
• ​ Business address and contact details
• ​ Internal contact person details
• ​ Job postings, role descriptions, requirements

4.5 Location data

From your profile and device, we may process:

• ​ Free‑text location (e.g., “T. Nagar, Chennai”)
• ​ Structured location fields (locationDetails): address, city, district, state, postal code, country (default IN), and Google Place ID where used
• ​ Geographic coordinates (coordinates) in “Point” format (latitude/longitude) for nearby search and map views

From your device (with your permission):

●​ Approximate location based on IP address or network

• ​ Precise GPS location to show nearby jobs or workers and improve matching

You can disable precise location access in your device settings, but some features may not work as intended.

4.6 Emergency contact

We store emergencyContact details that you choose to provide, so that we or a hiring business can reach someone on your behalf in safety‑critical or urgent situations (for example, if you are unreachable during a shift).

4.7 Payment and financial data

To enable payments and payouts, we may collect and store in your paymentDetails:

• ​ Bank account number (bankAccount) – stored in encrypted form
• ​ Bank IFSC (bankIfsc)
• ​ Account holder name (bankHolder)
• ​ Vendor onboarding status (vendorStatus) such as pending, active, rejected, or in bank validation
• ​ Cashfree vendor identifiers (cashfreeVendorId) and related technical fields like vendorAttempt for onboarding retries

We use Cashfree Easy Split as our payment and banking technology provider to handle marketplace‑style split payments and automated settlements between businesses, Zylohub, and workers. Sensitive payment data is primarily handled by RBI‑regulated intermediaries such as Cashfree and partner banks; we receive only the data necessary to identify and reconcile your transactions, verify vendors, and meet legal obligations.

We do not store full card numbers or CVV codes; card data, if used, is processed and stored by the payment gateway in compliance with RBI guidelines.

4.8 Device and technical data

To operate and secure the Platform, we may collect:

• ​ Device type, operating system, app version
• ​ IP address, device identifiers (such as Android ID)
• ​ deviceToken for push notifications (for example, Firebase Cloud Messaging token), used to send job alerts, payment updates, and important account notifications

• ​ Log data: pages or screens viewed, actions taken, timestamps, referral source, crash logs

4.9 Communications and support data

• ​ Messages sent through in‑app chat or masked calling features
• ​ Emails, calls, and messages sent to our support channels
• ​ Feedback, complaints, and grievance submissions
• ​ Ratings and textual feedback records (with timestamps) that you or others leave about jobs and users

4.10 Subscription and verification data

For certain premium or subscription features, we may store:

• ​ Whether you have an active subscription (hasActiveSubscription)
• ​ Current plan identifier (currentPlanId, e.g., “zylohub_pro_monthly”)
• ​ verifiedTick or similar account badges indicating business or identity verification status

4.11 Email verification and security tokens

We may store email verification tokens and expiry times (for example, emailVerifyToken, emailVerifyTokenExpiry) to confirm that you control the email address associated with your account and to prevent abuse.

4.12 Images and media

We store profile pictures and other uploaded media on external secure media storage platforms such as Cloudinary and/or Amazon Web Services (AWS). These providers may process such media and related metadata (for example, IP address, device/browser details) on servers located in India or other countries, subject to their own privacy and data protection commitments.

4.13 Cookies, SDKs and similar technologies

On our website and within our apps, we may use:

• ​ Cookies (browser) to keep you logged in, remember preferences, and measure usage

• ​ SDKs in the app (such as Firebase Analytics, Crashlytics) to understand app performance, crashes, and feature usage

Where required, we will obtain your consent for non‑essential cookies and analytics and provide options to manage your preferences.​

5. Technologies and third‑party services we use

In addition to our own backend, we rely on the following major third‑party services as processors or independent data fiduciaries:

• ​ Firebase (Google) for phone number authentication, OTP flows, push notifications, analytics and crash reporting (Firebase Authentication, Firebase Cloud Messaging, Firebase Analytics / React Native Firebase).
• ​ Google APIs, including Google Maps / Places API, to autocomplete addresses and work with place IDs and map data; this may process your location queries, partial addresses, and device/network identifiers.
• ​ Cashfree Payments for payment collection, split settlement, vendor onboarding and payouts via Easy Split.
• ​ Cloudinary and/or AWS for secure storage and delivery of images and other media assets.

Each of these providers has its own privacy and data handling practices, and they process data under contracts with us or as separate regulated entities, where applicable.​

6. How we collect your data

We collect personal data in the following ways:

• ​ Directly from you when you register, create or update your profile, apply for or post jobs, upload documents or images, or contact support.
• ​ Automatically when you use the Platform, via cookies, SDKs and logs (for example, device info, IP address, pages/screens visited, job interactions).​
• ​ From third parties, such as payment gateways, banks, UPI PSPs, Cashfree, KYC service providers, fraud‑prevention services, or when another user (e.g., a business) shares feedback or ratings about you after a completed job.
• ​ From publicly available or government‑authorised sources (e.g., DigiLocker) with your explicit consent, where such flows are legally permitted.​

7. Why we process your data (purposes)

We use your personal data for the following purposes:

1.​ Account creation and authentication

• ​ To register you as a worker or business user, authenticate logins (including Firebase‑based phone number login), and manage your account and profile. 2.​ Matching and job fulfilment

• ​ To match workers with relevant jobs based on skills, location and availability.
• ​ To show businesses profiles of suitable workers, and show workers details of relevant job posts.
• ​ To share necessary contact and profile details between a worker and a business after there is a clear intent to hire or work together. 3.​ Payments, split payouts and invoicing

• ​ To calculate earnings, Zylohub success fees, payouts and any applicable deductions.
• ​ To process payments and refunds through Cashfree and other payment/UPI partners, including support for split payments between multiple parties using Easy Split.
• ​ To comply with applicable tax, invoicing, anti‑fraud and accounting obligations under Indian law.​ 4.​ Platform operations and improvements

• ​ To monitor usage, fix bugs, improve performance and reliability.
• ​ To analyse how features are used and decide what to build next, using tools such as Firebase Analytics and Crashlytics. 5.​ Safety, fraud prevention and trust

• ​ To verify identities where required (for example, through PAN or other KYC).
• ​ To detect and prevent suspicious transactions, fake profiles, spam, or platform abuse.
• ​ To enforce our Terms of Use and protect users and Zylohub from harm.​ 6.​ Communication

• ​ To send transactional messages: OTPs, job updates, confirmations, payout alerts, security alerts and important service announcements.
• ​ To respond to your questions, support tickets, grievances and feedback. 7.​ Marketing and engagement (optional)

• ​ To send you offers, tips, feature announcements, and surveys, only where you have provided consent or where permitted by law.​
• ​ You can opt out of marketing communications at any time through app settings or the unsubscribe link. 8.​ Legal compliance and dispute handling

• ​ To comply with Indian laws, including tax, anti‑money‑laundering, and data protection regulations.
• ​ To respond to law‑enforcement requests, court orders, or regulatory inquiries, where legally required.​

Our processing is based on your consent where required, and on other lawful grounds recognised under Indian law such as performance of contract, legal obligation, and legitimate uses.​

8. Consent and your choices under Indian law

Under the DPDP Act, 2023, we must obtain valid consent where required and give you clear notice explaining what data is collected, why, and how you can exercise your rights.​

• ​ Consent will be free, specific, informed, unconditional and unambiguous, given through a clear affirmative action (for example, a checkbox or an “Agree & Continue” button).
• ​ You can withdraw your consent at any time through in‑app settings or by contacting us; withdrawal will not affect past processing already completed but will stop future processing for that purpose, except where continued processing is required by law.​
• ​ In some cases, we may process your data without fresh consent when allowed by law (for example, to comply with tax/payment regulations or to prevent fraud).​

9. How we share your data

We do not sell your personal data. We only share it in the ways described below, and only to the extent necessary for the purpose.

9.1 With other Zylohub users

• ​ When a worker applies to a job or accepts an offer, we share relevant profile information (such as name, skills, ratings, city, and contact methods) with the business.
• ​ When a business posts a job, we may share basic business profile information and job details with matching workers.

We do not make sensitive identifiers like PAN or full bank account numbers visible to other users.

9.2 With service providers / data processors

We use trusted third parties to run parts of our service, including:

• ​ Cloud hosting and infrastructure providers
• ​ SMS/OTP and email service providers
• ​ Firebase Authentication, Firebase Cloud Messaging, Firebase Analytics / Crashlytics
• ​ Payment gateways, UPI PSPs and banking partners such as Cashfree Payments
• ​ Analytics, log management and monitoring providers
• ​ KYC / document verification providers (where used)
• ​ Media storage/CDN providers such as Cloudinary and/or AWS

These providers act as data processors or independent data fiduciaries and are bound by contracts and regulatory obligations to process your personal data only for specified purposes and with appropriate security safeguards.​

9.3 For payments and regulatory compliance

To process payments and comply with RBI and other financial regulations, we may share relevant payment, KYC and transaction information with:

• ​ Payment aggregators and gateways
• ​ UPI PSPs and partner banks
• ​ Auditors and tax authorities, where required by law

Payment system data is stored and processed in accordance with RBI’s data localisation and security requirements for payment system operators and payment aggregators.

9.4 For legal reasons and safety

We may disclose data if we believe it is reasonably necessary to:

• ​ Comply with applicable laws, regulations, legal processes, or governmental requests.
• ​ Enforce our Terms of Use or protect our rights, property, or safety, or that of our users or the public.​

9.5 Business transfers

If we are involved in a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction, subject to continued protection consistent with this Privacy Policy and applicable law.

10. International data transfers

We primarily aim to store and process personal data in India, especially payment‑related data that must stay within India as per RBI requirements.

However, some of our service providers (for example, Firebase, Cloudinary, AWS, Google Maps/Places, email providers) may process limited personal data on servers in other countries. In such cases, we will ensure that appropriate safeguards are in place and that such transfers comply with applicable Indian law and any notifications made under the DPDP Act.​

11. How long we keep your data (retention)

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law.​

In general:

• ​ Active accounts: We keep your core profile and account data while your account remains active.
• ​ Closed accounts: If you delete your account or request deletion, we will delete or anonymise your personal data within a reasonable period, except where we are legally required to retain certain records (for example, transaction records for tax and accounting).
• ​ Payment and KYC records: Retained for the period mandated under applicable tax and financial regulations.

• ​ Logs and analytics: Kept for shorter, business‑justified periods and then deleted or anonymised.

Where possible, we will anonymise data (so it can no longer be linked to you) instead of deleting entire datasets, to preserve aggregate statistics and platform performance insights.​

12. How we protect your data (security)

We implement reasonable technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration or destruction, in line with the DPDP Act and industry security best practices.​

These measures include, as appropriate:

• ​ Encryption in transit: All communication between your device and our servers is protected using HTTPS/TLS.
• ​ Encryption at rest: We use strong encryption standards such as AES‑256 to store sensitive data, including bank account numbers and other high‑risk financial identifiers, in our databases.​
• ​ Access controls: Strict internal access controls and least‑privilege policies for internal systems and staff.
• ​ Password security: Secure password storage, OTP‑based login and strong authentication mechanisms.
• ​ Infrastructure security: Regular security patches, framework updates, firewall rules and infrastructure hardening.
• ​ Monitoring and logging: Logging and monitoring of suspicious activities, failed login attempts and unusual access.
• ​ Policies and training: Internal policies and awareness for team members on secure data handling and incident response.​

No system is completely secure, but we work continuously to improve our security posture and reduce risk through audits, testing and remediation.​

13. Your rights and choices

Under applicable Indian data protection law, you may have the following rights over your personal data:​

1.​ Right to access: You can request a copy of the personal data we hold about you.

2.​ Right to correction: You can request correction or updation of inaccurate or

incomplete data. 3.​ Right to deletion: You can request deletion of your personal data, subject to legal

retention requirements. 4.​ Right to withdraw consent: Where we rely on consent, you can withdraw it at any

time for that purpose. 5.​ Right to grievance redressal: You can raise a complaint with our Grievance Officer

and, if unsatisfied, with the Data Protection Board of India (once operational).

You can exercise many of these rights by contacting us using the details in the “Contact us and grievance redressal” section below, or through in‑app options where available.​

We may need to verify your identity before acting on certain requests, and we may not be able to fully comply with a request if we are legally required to keep certain data (for example, for tax, accounting, or fraud‑prevention).

14. Children’s data

Zylohub is not intended for individuals under 18 years of age, and we do not knowingly collect personal data from anyone under 18.​

If we become aware that we have collected personal data from a minor without appropriate consent or legal basis, we will delete that data as soon as reasonably possible.

15. Third‑party links and services

Our Platform may contain links to third‑party websites, apps, or services (for example, payment gateways, map providers, external job links).

We are not responsible for the privacy practices or content of those third‑party services. We encourage you to read their privacy policies before interacting with them.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make material changes, we will:

• ​ Update the “Last updated” date at the top of this page; and
• ​ Provide a prominent notice in the app/website or via email/notification, where appropriate.

Your continued use of Zylohub after such changes become effective will mean that you accept the updated policy.

17. Contact us and grievance redressal

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, you can contact our designated Grievance Officer at:

Grievance Officer – Zylohub Global Private Limited​ Email:

support@zylohub.com

​ Address:​ No.8, 2nd Floor, No.5 Mamatha Apartment,​ Rajachari Street, T. Nagar,​ Chennai – 600017, Tamil Nadu, India

We aim to acknowledge and resolve grievances within the timelines prescribed under Indian law (or, where not specified, within a reasonable period, typically within 15–30 days).​

Once the Data Protection Board of India is fully operational, you may also have the right to escalate unresolved complaints to the Board, after first exhausting our internal grievance process, as envisaged under the DPDP Act.​