Privacy Policy

Welcome to MySmartLab ("we," "our," or "us"). MySmartLab is a cloud-based pathology lab management software operated by MySmartLab Technologies Pvt. Ltd., headquartered in Bengaluru, Karnataka, India.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our lab management platform. By using our Service, you acknowledge that you have read and agree to this Privacy Policy.

We collect different types of information depending on how you interact with MySmartLab.

2.1 — Information You Provide Directly

• Account Information: Your name, email address, phone number, lab name, address, and billing details when you register.
• Patient Data: Names, phone numbers, ages, test orders, and lab results entered by your lab staff. This data is owned by you (the lab operator).
• Payment Information: Billing details processed through secure payment partners. We do not store raw card numbers.
• Communications: Support queries, feedback, or messages you send us via email, WhatsApp, or in-app chat.
• Staff Accounts: Names and credentials for additional users added by the lab administrator.

2.2 — Information Collected Automatically

• IP address, browser type, device type, and operating system
• Pages visited, time spent, and navigation patterns within the app
• Log data including access timestamps and error reports
• Cookies and similar tracking technologies (see Section 07)

We use collected information to provide, improve, and secure our services. Specifically, we use your data to:

• Create and manage your MySmartLab account and lab profile
• Deliver core features — patient registration, report generation, billing, and dispatch
• Send transactional communications (alerts, report confirmations, renewal notices)
• Provide customer support and respond to your queries
• Improve and develop new features based on usage analytics
• Detect and prevent fraud, security incidents, and technical issues
• Comply with applicable Indian laws and regulations (IT Act 2000, SPDI Rules 2011)
• Send optional marketing communications — only with your explicit consent, easy to opt out

We do not sell, rent, or trade your personal or patient data. We only share data in these limited circumstances:

• Service Providers: Trusted vendors (cloud hosting, SMS/email gateways, payment processors) under strict confidentiality agreements.
• WhatsApp Business API: Patient phone numbers and report links are transmitted to WhatsApp solely to deliver reports you initiate.
• Legal Requirements: If required by law, court order, or government authority under the Indian IT Act.
• Business Transfers: In the event of a merger, acquisition, or sale of assets — with prior notice to users.
• With Your Consent: Any other sharing only with your explicit, informed consent.

We take security of your data — especially sensitive patient health data — extremely seriously. Our measures include:

• AES-256 Encryption: All stored data is encrypted at rest using industry-standard AES-256 encryption.
• SSL/TLS in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
• Role-based Access Controls: Fine-grained permissions ensure only authorized staff can access specific features and data.
• Automated Daily Backups: Regular backups with point-in-time recovery to prevent data loss.
• Security Audits: Regular penetration testing and vulnerability assessments by independent security firms.
• Incident Response Plan: Documented breach response procedures with user notification compliant with applicable laws.

We retain your data only as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: All data is retained for the full duration of your subscription and for 90 days following cancellation.
• Patient Data Export: Lab owners may request a full data export (CSV or PDF) at any time during active subscription.
• Patient Report Access: QR-linked patient reports remain accessible for 12 months after generation.
• After Account Deletion: Personal data is permanently deleted within 30 days from active systems; backup copies within 90 additional days.
• Legal Holds: Certain data may be retained longer if required by applicable law or ongoing proceedings.
• Anonymized Analytics: Aggregated, de-identified usage data may be retained indefinitely for product improvement.

We use cookies and similar tracking technologies to enhance your experience on our website and platform.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality of the MySmartLab application.

As a MySmartLab user (and where applicable, as a patient), you have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to Portability: Receive your data in a machine-readable format (CSV/PDF).
• Right to Withdraw Consent: Withdraw marketing consent at any time without affecting prior processing.
• Right to Object: Object to processing of your data for direct marketing or profiling.
• Right to Complain: Lodge a complaint with the relevant data protection authority.

To exercise any rights, email privacy@MySmartLab.app or WhatsApp +91 9096062177. We respond within 30 days.

MySmartLab's platform is designed for use by medical diagnostic laboratories and healthcare professionals. Our service is not directed at individuals under the age of 18 as end users.

That said, MySmartLab may process health data of minor patients as part of legitimate lab testing ordered by a parent, guardian, or licensed physician. Such data is treated with the same — or higher — level of care as adult patient data.

If you believe we have inadvertently collected personal data from a minor without appropriate consent, please contact us immediately at privacy@MySmartLab.app.

Our website and application may contain links to third-party websites or services — including payment gateways, WhatsApp, and YouTube (for demo videos). This Privacy Policy applies only to MySmartLab's own services.

We are not responsible for the privacy practices of any third-party services. Please review their respective privacy policies:

• WhatsApp / Meta — governed by Meta's Privacy Policy
• Razorpay — governed by Razorpay's Privacy Policy
• YouTube / Google — governed by Google's Privacy Policy
• Google Analytics — subject to Google's Data Processing Terms

We may update this Privacy Policy from time to time. When we make material changes, we will:

1. Update the "Last Updated" date at the top of this page
2. Send a notification to your registered email address
3. Display a prominent notice within the MySmartLab application
4. For significant changes, request your fresh acknowledgment before continued use

Your continued use of MySmartLab after any changes constitutes acceptance of the revised Policy.

If you have any questions, concerns, or requests about this Privacy Policy, reach out through any of the following channels:

We are committed to resolving any privacy concerns. If we are unable to satisfy your concern, you have the right to escalate to the relevant data protection authority.