This page was last updated on 27th Feb 2026.
ZILOY is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, process, use, disclose, transfer, and safeguard your Personal Data when you use our website, mobile applications, mental health assessments, telehealth services, corporate wellness programs, and related services (“Services”). This Privacy Policy complies with International Standards of Data Privacy and Security.
Personal Data: Any information relating to an identified or identifiable natural person. Sensitive Personal Data: Data relating to health, biometric data, mental health records, or other information requiring enhanced protection. Processing: Any operation performed on Personal Data including collection, storage, use, disclosure, or deletion.
Identity Information: Name, email, mobile number, date of birth, gender, nationality, Emirates ID (if required). Health & Sensitive Data: Mental health assessments, counselling session records, electronic health records (EHR), stress indicators, wearable data (if voluntarily provided). Corporate Program Data: Company name, work email, participation data. Technical Data: IP address, browser type, device information, cookies and analytics data.
We process Personal Data based on explicit consent, contractual necessity, legal obligations, public health protection, or legitimate interests in accordance with HIPAA standards. Sensitive health data is processed only with explicit consent unless otherwise permitted by law.
• Deliver mental wellness assessments and telehealth services
• Provide personalized wellness journeys
• Improve platform functionality
• Ensure regulatory compliance
• Conduct anonymized research and analytics We do not sell Personal Data.
We may share Personal Data with:
• Licensed healthcare professionals
• IT and cloud service providers under strict confidentiality agreements
• Employers (only anonymized reports unless explicit consent is given)
• Regulatory or legal authorities where required by law.
Personal Data is retained only as long as necessary to provide Services, comply with healthcare regulations, and meet legal obligations. Data is securely deleted or anonymized when no longer required.
We implement appropriate technical and organizational safeguards including encryption, secure cloud infrastructure, access controls, confidentiality agreements, and regular security audits.
Under UAE PDPL, you have the right to:
• Access your Personal Data
• Request correction
• Request deletion (subject to legal limits)
• Restrict or object to processing
• Withdraw consent
• Request data portability