Privacy Policy

⚠️

Important: LabLens Interpreter is an educational tool only. It is not a medical device and does not provide medical diagnoses. Always consult a qualified healthcare professional before making health decisions.

Who We Are
Data We Collect
How We Use Your Data
Data Storage & Security
Data Retention
Your Rights
Cookies
Children's Privacy
Changes to This Policy
Contact Us

🏢

Section 1

Who We Are

LabLens Interpreter is operated as an independent educational health tool. For the purposes of data protection law, the data controller is:

LabLens Interpreter
Website: lablensinterpreter.com
Email: privacy@lablensinterpreter.com
Location: European Union

📋

Section 2

Data We Collect

We collect only the data necessary to provide the service. Here is a complete list of what we collect and why:

Data Type	What It Includes	Why We Collect It
Account data	Email address, password (hashed)	To create and secure your account
Profile data	Biological sex, age (optional)	To apply gender-specific reference ranges
Lab results	Test names, values, units	To classify and explain your results
Symptom journal	Dates, symptoms, energy levels, notes	To help you track your health over time
Family profiles	Sex, age, relationship	To manage multiple health profiles
Email preferences	Alert and reminder settings	To send you relevant notifications
Usage data	App interactions (no tracking pixels)	To improve the service

We do not collect your full name, phone number, address, payment card details (payments are processed by Stripe), or any biometric data beyond what you voluntarily enter.

⚙️

Section 3

How We Use Your Data

We use your data only for the following purposes:

To provide and operate the LabLens Interpreter service
To classify your lab results against clinical reference ranges
To generate plain-language explanations of your results
To send critical value alert emails when dangerous values are detected
To send periodic health reminders if you have enabled them
To maintain your analysis history and symptom journal
To improve the accuracy and quality of the service

We do not use your data for advertising, profiling, or selling to third parties under any circumstances.

Our legal basis for processing under GDPR:

Consent (Article 6(1)(a)) — you give consent when creating your account and accepting the GDPR consent gate
Explicit consent for health data (Article 9(2)(a)) — you explicitly consent to the processing of your laboratory results (health data) and generated explanations via the consent gate before accessing the application
Legitimate interest (Article 6(1)(f)) — for rate limiting and service protection only

🔐

Section 4

Data Storage & Security

Your data is stored using a secure database platform hosted in the EU West (Ireland) region. Our serverless functions run in Frankfurt, Germany. This means your data is stored and primarily processed within the European Union.

Security measures in place:

Encryption at rest — all data is encrypted on disk
Encryption in transit — all connections use HTTPS/TLS
Row Level Security (RLS) — you can only access your own data
Hashed passwords — we never store plain text passwords
No API keys in frontend — sensitive operations happen server-side only
JWT authentication — all API calls require a valid login session
Rate limiting — protects against abuse (10 requests per minute per user)
CORS restriction — API endpoints only accept requests from our domain
Content Security Policy — protects against script injection and clickjacking
Input sanitisation — all lab values are validated and cleaned before processing

🗓️

Section 5

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

Data Type	Retention Period
Account data (email, authentication)	Until you delete your account
Analysis history, family profiles, and symptom journal	24 months after your last analysis, or until you delete them manually
Email preferences	Until you change them or delete your account
Rate-limiting records (IP address)	Automatically deleted within 10 minutes

Inactive account data deletion:

If your account has been inactive for 24 months (no new analysis created), we will:

Send you a warning email notifying you that your data will be deleted in 30 days.
If you log in within 30 days, your data is preserved and the inactivity timer resets.
If you do not log in within 30 days, your analysis history, symptom journal, family profiles, and email preferences are permanently deleted. Your account remains active — you can log in at any time to start fresh.

You can also delete individual analyses at any time from the History view, or request full account deletion by contacting us at privacy@lablensinterpreter.com.

⚖️

Section 6

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right	How to Exercise It
Access (Article 15)	View all your data in the app — dashboard, history, journal, and settings
Rectification (Article 16)	Edit your family profiles or re-run an analysis with corrected values
Erasure (Article 17)	Delete individual analyses from History, or request full account deletion via email
Restriction (Article 18)	Disable email alerts and reminders in Settings
Portability (Article 20)	Request a copy of your data in machine-readable format by emailing us
Objection (Article 21)	Withdraw consent by deleting your account or contacting us
Automated decisions (Article 22)	No automated decisions with legal or significant effects are made. Lab classification is deterministic and transparent. Anthropic provides educational context only.

To exercise any of these rights, contact us at privacy@lablensinterpreter.com. We will respond within 30 days as required by GDPR.

🍪

Section 7

LabLens Interpreter uses only essential cookies required for the app to function:

Authentication cookies — to keep you logged in (set by Supabase)
Language preference — stored in localStorage to remember your language choice

We do not use advertising cookies, tracking pixels, analytics cookies, or any third-party marketing cookies.

👶

Section 8

Children's Privacy

LabLens Interpreter is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@lablensinterpreter.com and we will delete it promptly.

📝

Section 9

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify registered users by email for significant changes.

Continued use of LabLens Interpreter after changes constitutes your acceptance of the updated policy.

✉️

Section 10

For any privacy-related questions, data requests, or concerns, please contact us:

Questions about your privacy?

We respond to all privacy requests within 30 days as required by GDPR.

privacy@lablensinterpreter.com

Table of Contents

Questions about your privacy?