Health Data Consent Policy

Labkro, operated by Oppexl Technologies LLP, collects and processes health-related personal data to enable you to book diagnostic tests and receive accurate, location-relevant results. This policy explains what health data we collect, why, and how you can control it — in line with the IT (SPDI) Rules, 2011 and the emerging Digital Personal Data Protection Act, 2023 framework.

• Demographic data: Age and gender, used to personalise test recommendations and communicate health package relevance.
• Test booking history: The names of diagnostic tests you have booked, dates, and the lab used.
• Home collection information: Relevant health context you voluntarily provide (e.g., "fasting required", known conditions) to help the phlebotomist prepare appropriately.
• Test reports (if shared): If a lab digitally shares your report through Labkro, we temporarily store it for your retrieval. We do not analyse or process report data for any other purpose.

• To match you with labs that offer the test you need in your location
• To pass necessary details (test type, patient name, contact) to the booked lab
• To enable home collection providers to prepare appropriately
• To display your past bookings in your profile for reference
• To send preparation instructions (e.g., fasting reminders) before your appointment

We do not use your health data to build advertising profiles, sell to insurers, or share with pharmaceutical companies.

• The lab you booked: They receive your name, mobile number, test type, and appointment time — the minimum needed to serve you.
• Home collection phlebotomists: Your name, address, test type, and any preparation notes you provided.
• Labkro internal staff: Only support staff handling a specific dispute or support request.
• No one else — including other labs, insurers, or marketing partners — without your explicit consent.

By completing registration and your first booking, you consent to the collection and processing of health data as described here.

You have the right to:

• Withdraw consent at any time by emailing privacy@labkro.in. Note that withdrawal may prevent us from completing active bookings.
• Access all health data we hold about you.
• Request deletion of your health data. We will delete data not subject to statutory retention obligations within 30 days of your request.
• Opt out of health-related notifications at any time via your profile settings.

Booking records (including test type and lab details) are retained for 3 years from the date of the booking to comply with applicable medical records regulations. Test reports, if stored, are retained for 1 year after which they are permanently deleted unless you request earlier deletion.

Health data is classified as Sensitive Personal Data or Information (SPDI) under Indian law. We apply enhanced security measures to SPDI, including encryption at rest and in transit, strict access controls, and audit logging of all access to health records.

For patients under 18, the parent or legal guardian provides consent for health data processing. The guardian's account is the responsible account for all health data associated with a minor's bookings.

For any health data concerns or to exercise your rights:
Oppexl Technologies LLP — Data Protection
Email: privacy@labkro.in