Legal

Privacy Policy

Last updated: April 6, 2026

1. Who We Are

LabLens (lablens.co) is an AI-powered health education service. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

Information you provide

  • Mobile phone number (used for OTP-based authentication)
  • Name and email address (optional, provided during onboarding)
  • Lab report PDFs that you upload
  • Health context you provide before uploading a report: fasting status, medications taken, chronic conditions, and other health factors you choose to disclose. This information is used solely to improve the accuracy of AI analysis for your report.
  • Family member names and relations you add to your account

Information collected automatically

  • Device fingerprint (used to prevent free report abuse)
  • IP address (used to prevent free report abuse)
  • Usage data including pages visited and features used
  • Report upload history and analysis results

3. How We Use Your Information

  • To authenticate your identity via phone OTP
  • To process and analyze your uploaded lab reports
  • To store your report history and health trends
  • To deliver analysis results to your email if provided
  • To prevent abuse of the free report offer
  • To analyse anonymized, aggregated usage trends for internal service improvement. We do not use your identifiable health data to train AI models.
  • To communicate service updates, maintenance, or changes
  • To process payments via Razorpay

4. Lab Report Data

We treat your health data with the highest care:

  • Uploaded PDFs are processed in memory and deleted from our servers immediately after analysis
  • Extracted marker data and AI-generated analysis are stored securely in your account
  • Raw PDF files are never stored permanently on our servers
  • Health data is never sold to third parties, advertisers, or insurance companies
  • We do not share your identifiable health data with any third party without your consent
  • Anonymized, aggregated health trends may be used internally to improve the Service

5. Third-Party Services

We use the following third-party services to operate LabLens:

  • Firebase (Google) - authentication, database, and hosting
  • Anthropic Claude — AI analysis of lab reports. Your extracted lab marker data, health context, age, and gender are sent to Anthropic PBC (United States) for AI processing. In cases where text extraction is insufficient, PDF page content may also be sent for visual analysis. This transfer is governed by a Data Processing Agreement with Anthropic. See Anthropic's privacy policy at anthropic.com.
  • Razorpay - payment processing. We do not store card or UPI details
  • Resend - transactional email delivery
  • Google Cloud Run - API hosting
  • FingerprintJS - device fingerprinting to prevent free report abuse
  • PostHog - product analytics. We track feature usage, page interactions, and performance metrics. No personally identifiable health data, report content, or marker values are sent to PostHog.

Each third party operates under their own privacy policy. We share only the minimum data necessary for each service to function.

Data transferred to US-based services (Anthropic, PostHog, Resend) is governed by Data Processing Agreements with each provider. We share only the minimum data necessary for each service to function. Health data is never transferred without a contractual data processing agreement in place.

6. Data Storage and Security

  • All data is stored on Google Firebase infrastructure with encryption at rest
  • All data transmission uses HTTPS/TLS encryption
  • Access to user data is restricted to authenticated account holders
  • We do not store passwords - authentication is via OTP only
  • Payment information is handled entirely by Razorpay and never touches our servers
  • Despite our security measures, no system is 100% secure. We cannot guarantee absolute security of your data

7. Data Retention

  • Account data is retained for as long as your account is active
  • Report analysis results and marker history are retained for the lifetime of your account, plus one year after your last login. After two years of inactivity, we will notify you before deletion.
  • Raw PDF text extracted during analysis is deleted immediately after analysis completes and is not stored long-term.
  • IP addresses used for abuse prevention are retained for 90 days then automatically deleted.
  • Device fingerprint data is retained for one year after your free report is used, then deleted.
  • You can request complete account deletion at any time

8. Your Rights

You have the right to:

  • Access all data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Withdraw consent for optional data uses
  • Receive a copy of your data in a portable format

To exercise any of these rights, email us at support@lablens.co. We will respond within 30 days.

9. Children's Privacy

LabLens is not intended for use by children under 18. We do not knowingly collect personal data from minors. If you believe a minor has used our Service, contact us and we will delete the data promptly. Parents may create family member profiles for minors within their own account.

10. Cookies and Tracking

  • We use Firebase authentication cookies necessary for account sessions
  • We do not use advertising cookies or third-party tracking pixels
  • Device fingerprint data is used solely to enforce the one-free-report policy and is not used for advertising, profiling, cross-site tracking, or any purpose beyond abuse prevention.
  • We do not serve advertisements and do not allow advertisers to track you

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. For material changes affecting how we handle your health data, we will notify you via email if you have provided one.

12. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

support@lablens.co

We aim to respond to all privacy inquiries within 7 business days.

Grievance Officer (IT Rules 2021)

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the designated Grievance Officer for LabLens is:

  • Name: Govind Maheshwari
  • Email: support@lablens.co
  • Address: Aligarh, Uttar Pradesh, India

Any grievance must be acknowledged within 24 hours and resolved within 15 working days of receipt.