Skip to content
LabSync-Plus

Privacy Policy

Last Updated: March 2026

1. Introduction

LabSync-Plus ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (labsyncplus.com) and use our platform, including the lab console (labs.labsyncplus.com), the patient portal (patients.labsyncplus.com), and the LabSync-Plus mobile application (collectively, the "Platform").

Our Platform serves two primary user groups: laboratory personnel("Lab Users") and patients. This policy covers information practices for both groups.

2. Information We Collect

2.1 Lab User Information

Lab User accounts are created by LabSync-Plus upon a Tenant Administrator's request. During account setup we collect:

  • Full name
  • Email address
  • Phone number
  • Role within the laboratory (e.g., Tenant Admin, Branch Manager, Technician, Receptionist)
  • Time-based one-time password (TOTP) enrolment data for multi-factor authentication

2.2 Patient Information

When a laboratory registers a patient through our Platform, the following information may be collected:

  • Full name, gender, and date of birth
  • Phone number and email address
  • WhatsApp availability status
  • Optionally: blood group, National Identity Card (NIC) number, emergency contact name and phone number, and residential address

2.3 Medical and Investigation Data

The Platform processes medical investigation data including sample information, test results, and laboratory reports. This data is entered and managed by the laboratory and is stored in strict tenant-isolated environments.

2.4 Information Collected Automatically

  • Browser type, device information, and operating system
  • IP address and general location data
  • Pages visited, session duration, and navigation patterns
  • Cookies and similar technologies (see our Cookie Policy)

2.5 Information from Contact Forms and Inquiries

  • Messages submitted through our website contact forms
  • Demo request details, including laboratory and business information

3. How We Use Your Information

  • To provide, operate, and maintain the Platform and its services
  • To authenticate users and maintain secure sessions
  • To process investigation registrations, results, and reports
  • To send transactional alerts and notifications (see Section 5)
  • To respond to inquiries, demo requests, and support tickets
  • To process billing and commission calculations
  • To improve our Platform, services, and user experience
  • To comply with applicable legal and regulatory obligations

4. Consent

4.1 Patient Consent for Alerts

When a patient is registered on the Platform, consent for service alerts (such as registration confirmations, result releases, and critical value notifications) is enabled by default. These alerts are essential to the delivery of laboratory services.

Consent for marketing communications is disabled by default and must be explicitly granted by the patient.

4.2 Withdrawing Consent

Patients may withdraw consent for marketing communications at any time by contacting the laboratory or by using the unsubscribe mechanism provided in each communication. Please note that transactional and service-related alerts cannot be opted out of while you have active registrations or an active relationship with a laboratory on our Platform.

5. Notifications and Communication Channels

The Platform supports SMS, email, and WhatsApp channels for patient notifications. Laboratories configure which channels they use. Notification types include:

  • Essential Alerts — Sent automatically for investigation registrations, edits, cancellations, result releases, and critical value detections. Essential alerts default to SMS.
  • Optional Alerts — Laboratories may enable additional notifications for events such as patient registration, quality control failures, and other operational events.
  • Marketing Communications— Only sent with the patient's explicit consent.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or medical data to any third party. Specifically:

  • We never sell medical data under any circumstances.
  • We never use medical records or patient data to train artificial intelligence or machine learning models.
  • We never sell or disclose patient personal details for commercial purposes.

We may share data with trusted third-party service providers who assist us in operating the Platform (e.g., SMS delivery, email services, payment processing, cloud infrastructure). These providers are contractually bound to protect your data and may only process it on our behalf for the purposes we specify.

We may disclose information when required by law, regulation, court order, or governmental request, or when necessary to protect our rights, safety, or property.

7. Data Isolation and Security

All laboratory and patient data on our Platform is tenant-isolated. Each laboratory's data is logically separated, ensuring that no laboratory can access another laboratory's records.

We implement robust technical and organisational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest
  • Mandatory time-based one-time password (TOTP) multi-factor authentication for all lab users
  • Phone-based OTP verification for patient portal access
  • Role-based access controls within each tenant
  • Regular security assessments and monitoring

8. Patient Portal and Mobile Application

The patient portal (patients.labsyncplus.com) allows patients to access their laboratory reports by verifying their identity via SMS one-time password (OTP). To prevent misuse, patients are limited to five (5) successful report downloads and three (3) failed verification attempts per 24-hour period.

The LabSync-Plus mobile application (currently under development) will require multi-factor authentication and will allow patients to view reports across all laboratories they have visited on our Platform.

9. Data Retention

We retain your personal information and medical data for as long as necessary to fulfil the purposes outlined in this policy and to comply with applicable legal obligations.

If a laboratory cancels its subscription and leaves the Platform, patient data will remain accessible to patients for a minimum of three (3) monthsfollowing the laboratory's departure. During this period, patients will be notified that the laboratory is no longer active on the Platform and will be encouraged to download their records. After the three-month retention period, we reserve the right to delete the data to free up resources or for other operational reasons.

For active accounts, we retain data for the duration of the service relationship and for any additional period required by applicable law or regulation.

10. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information, subject to legal retention requirements
  • Withdraw consent for marketing communications at any time
  • Request a copy of your data in a portable format
  • File a complaint with the relevant supervisory authority

To exercise any of these rights, please contact us using the details in Section 15 or reach out to the laboratory that registered your information on the Platform.

11. Children's Privacy

Our Platform may process information about minors when they are patients at a laboratory. This information is provided and managed by the laboratory, typically with the involvement of a parent or legal guardian. We do not knowingly collect personal information directly from children. Laboratories are responsible for ensuring that appropriate parental or guardian consent is obtained where required by law.

12. Healthcare Data Standards

Our Platform is developed with recognised healthcare data protection standards in mind. Medical data processed through the Platform is subject to additional safeguards as outlined in our service agreements with laboratory clients.

Disclaimer: LabSync-Plus is a laboratory management and reporting tool. It does not provide medical advice, diagnosis, or treatment recommendations. All medical decisions should be made by qualified healthcare professionals.

13. International Data Considerations

Our servers and infrastructure may be located in jurisdictions outside your country of residence. By using the Platform, you acknowledge that your data may be transferred to and processed in these jurisdictions, subject to appropriate safeguards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. For significant changes affecting how we handle medical or personal data, we will make reasonable efforts to notify affected users directly.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your data is handled, please contact us at: