Privacy Policy

Oppexl Technologies LLP ("Oppexl", "we", "us") operates Labkro at labkro.in. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Platform. By using Labkro you consent to the practices described here.

We comply with the Information Technology Act, 2000, the IT (Amendment) Act, 2008, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Information you provide:

• Mobile number, name, age, and gender at registration
• Email address (optional, for reports and notifications)
• Billing and payment details (processed securely via Cashfree; we do not store card details)
• Health-related information you choose to share (e.g., test history, existing conditions for home collection)

Information collected automatically:

• Device type, browser, IP address, and operating system
• Location data (city/pincode) when you set your location
• Usage data: pages visited, tests searched, bookings made
• Cookies and similar tracking technologies (see Section 7)

• To process and confirm lab test bookings
• To send OTPs, booking confirmations, and appointment reminders via SMS/WhatsApp
• To share relevant information with the lab you booked with (name, phone, test requested)
• To process payments and issue refunds
• To personalise search results based on your location
• To improve the Platform through aggregated, anonymised analytics
• To comply with legal obligations

We will never sell your personal data to third parties for marketing purposes.

We share your data only as follows:

• Lab partners: Name, phone number, and test details necessary to fulfil your booking.
• Payment processor (Cashfree): Payment details necessary to complete transactions.
• Communication providers (e.g., Twilio/MSG91): Mobile number to deliver OTPs and notifications.
• Legal authorities: Where required by law, court order, or government directive.

All third-party partners are bound by confidentiality obligations and may not use your data beyond what is necessary for service delivery.

We retain personal data only for as long as necessary for the purposes set out in this policy or to meet legal obligations. Our standard retention periods are:

On expiry of the applicable period, data is securely deleted or irreversibly anonymised. You may request earlier deletion (see Section 6), subject to statutory retention obligations.

We maintain a documented incident-response procedure. In the event of a personal-data breach that is likely to result in risk to your rights, we will:

• Contain and assess the incident without undue delay;
• Notify the Data Protection Board of India / relevant authority as required under the DPDP Act, 2023;
• Inform affected users promptly via email/SMS, describing the nature of the breach, likely consequences, and the steps we are taking; and
• Record the breach and our response in our internal breach register.

To report a suspected security issue or breach, contact privacy@labkro.in immediately.

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
• Withdrawal of consent: Withdraw consent for processing of sensitive personal data at any time (this may affect your ability to use some features).

To exercise any of these rights, email privacy@labkro.in. We will respond within 30 days.

We use essential cookies to maintain your login session and preferences. We use analytics cookies (anonymised) to understand how the Platform is used. You can disable cookies in your browser settings, but this may affect Platform functionality. We do not use advertising or cross-site tracking cookies.

We implement industry-standard technical and organisational measures to protect your data, including HTTPS encryption, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights, we will notify you and relevant authorities as required by law.

The Platform is not directed to children under 13. We do not knowingly collect personal data from children under 13. Bookings for minors must be made by a parent or legal guardian.

We may update this Privacy Policy periodically. We will notify you of material changes via SMS or in-app notice. Continued use after the effective date constitutes acceptance.

Oppexl Technologies LLP — Privacy Officer
Email: privacy@labkro.in
Website: labkro.in