1. Introduction

Quantum CorpHealth Pvt. Ltd. (“Company”, “we”, “us”, or “our”), operating as Doctor911 and the Labgrow LIMS platform, is committed to protecting the privacy and confidentiality of your data. This Privacy Policy describes how we collect, use, store and disclose personal information when you use our Laboratory Information Management System (“Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Lab & Account Data

• Lab name, address, GSTIN, and contact details
• Admin user name, email address, and phone number
• Staff user profiles and role assignments
• Subscription and billing information

2.2 Patient Data

• Name, date of birth, gender, phone number, and email address
• Unique Health ID (UHID) generated by the system
• Sample and test order information
• Laboratory test results and diagnostic reports
• ABHA (Ayushman Bharat Health Account) ID if voluntarily linked
• WhatsApp and SMS consent preferences

2.3 Usage Data

• Log data including IP addresses, browser type, pages visited, and timestamps
• Machine analyzer heartbeat and connectivity data
• Feature usage analytics (aggregated, non-identifiable)

3. How We Use Your Information

• To provide and operate the Labgrow LIMS Service
• To generate PDF diagnostic reports and deliver them via WhatsApp, email, or SMS
• To process GST invoices and manage billing records
• To send critical value alerts to clinical staff
• To maintain NABL-required audit trails and quality control records
• To send transactional emails (account registration, password reset, subscription notices)
• To improve the Service through aggregated, anonymised analytics
• To comply with applicable laws and regulatory requirements

4. Data Storage & Security

All data is stored on Amazon Web Services (AWS) infrastructure located in the Asia Pacific (Mumbai) — ap-south-1 region, ensuring data residency within India.

We implement appropriate technical and organisational security measures including:

• AES-256-GCM encryption for sensitive fields at rest
• TLS 1.2+ encryption for all data in transit
• Bcrypt password hashing (cost factor 12)
• JWT-based authentication with short-lived access tokens (15 minutes)
• Role-based access control (8 roles from lab_admin to viewer)
• Immutable audit logs for all data access and modifications

5. Data Sharing

We do not sell, rent, or trade your personal or patient data to any third parties. We may share data only in the following limited circumstances:

• Report delivery: Patient reports are sent via WhatsApp (Interakt API), SMS (Fast2SMS), and Email (AWS SES) only with the patient's consent.
• ABHA integration: If the lab uses the ABHA feature, health records may be shared with the National Health Authority (NHA) as per their API terms.
• Legal compliance: We may disclose data when required by Indian law, court order, or government authority.
• Service providers: AWS (hosting and email), limited to what is necessary to operate the Service.

6. Data Retention

We retain your data for as long as your subscription is active plus 3 years after subscription termination, to comply with medical record retention requirements under Indian law.

After the retention period, data is permanently deleted from our systems. You may request an earlier export of your data before termination (see Section 7).

7. Your Rights

As a lab administrator or patient, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request an export of your lab data in a machine-readable format (CSV/JSON).
• Consent withdrawal: Withdraw consent for WhatsApp/SMS communication at any time via lab settings.

To exercise any of these rights, please email privacy@labgrow.in.

8. Cookies

The web dashboard uses a single authentication cookie (lims_token) to maintain your login session. No third-party tracking cookies or advertising cookies are used.

9. Children's Privacy

The Service is intended for use by medical professionals and laboratory staff. Patient records may include minors for legitimate diagnostic purposes. Such data is handled with the same care and security as adult patient data.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered lab admins by email when material changes are made. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related queries, data requests, or complaints, please contact our Privacy Officer: