L
LabSync

Last updated: 21 April 2026

Privacy Policy

Last updated: 21 April 2026

LabSync ("we," "us," or "our") is committed to protecting your privacy and the privacy of the patients whose data is processed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our services.

1. Information We Collect

Tenant (Laboratory) Information:
When you register as a Tenant, we collect your business name, administrator email address, phone number, billing address, and payment details required for subscription processing.

Patient Data (PHI/PII):
As you use the system, we process Protected Health Information (PHI) on your behalf, including patient demographics, contact details, medical history references, and diagnostic test results.

Usage Data:
We automatically collect information your browser sends when you visit our platform, including IP addresses, browser type, pages visited, and timestamps. This is used strictly for system security and debugging purposes.

2. How We Use Your Information

  • To provide, maintain, and improve our laboratory management services
  • To process subscription payments and manage billing
  • To send administrative emails including account verification, password resets, and billing notifications
  • To monitor and analyze usage patterns to improve system performance
  • To comply with applicable legal obligations

3. Data Security & Encryption

All patient Personally Identifiable Information (PII) is encrypted at rest using AES-256 standards. Sensitive fields such as patient names, contact numbers, and medical record details are field-level encrypted before storage. All data transmission between your browser and our servers is secured via TLS 1.3. Access to production databases is restricted to authorized personnel only and is logged for audit purposes.

4. Data Sharing & Third Parties

We do not sell, trade, or rent patient data to third parties. We may share data strictly with vetted subprocessors necessary to operate our service:

  • Cloud Infrastructure: Amazon Web Services (AWS) — for hosting and storage

  • Payment Processing: Razorpay — for subscription billing

  • Email Delivery: For transactional emails related to account management


All subprocessors are bound by data processing agreements and are prohibited from using your data for any purpose other than providing the contracted service.

5. Data Retention

Tenant and patient data is retained for the duration of your active subscription. Upon account deletion, all associated patient records are logically purged from our active databases within 30 days. Backups containing historical data are purged on a rolling 90-day schedule.

6. Your Rights

As a Tenant (Data Controller), you have the right to:

  • Request a complete data export of your laboratory's database

  • Request correction or deletion of inaccurate data

  • Restrict or object to processing of certain data

  • Request total account deletion, which permanently purges all associated records


To exercise any of these rights, contact us at privacy@labsync.in.

7. Cookies

We use essential cookies to maintain your authenticated session. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may impair the functionality of the platform.

8. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via the platform's notification system. Continued use of the service constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions or concerns, contact our Data Protection Officer at privacy@labsync.in.