Privacy Policy

Last updated: April 1, 2026

LabFlow LIMS ("LabFlow", "we", "us") is committed to protecting the privacy of our customers, their staff, and the patients whose data is processed through our platform. This policy explains how we collect, use, store, and protect your information.

1. Information We Collect

  • Account Information: When your laboratory is onboarded, we collect organization name, contact details, branch addresses, and administrator credentials.
  • User Data: Names, email addresses, phone numbers, and roles for each user account created within your organization.
  • Patient Data: Patient demographics, test orders, sample information, and test results entered into the system by authorized laboratory personnel. This data is owned by your organization and processed on your behalf.
  • Usage Data: Log files, access times, pages viewed, and feature usage patterns to improve our service.
  • Device Information: Browser type, operating system, and device identifiers for security and compatibility purposes.

2. How We Use Your Information

  • Service Delivery: To provide, maintain, and improve LabFlow LIMS functionality for your laboratory operations.
  • Patient Report Delivery: To generate and send test result reports via WhatsApp or other channels as initiated by your laboratory staff.
  • Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Security: To detect, prevent, and address fraud, abuse, and security incidents.
  • Analytics: To understand how our service is used and to develop new features (using aggregated, de-identified data only).

3. Data Storage & Security

  • All data is stored on secure, encrypted servers. We use industry-standard encryption for data in transit (TLS 1.3) and at rest (AES-256).
  • Patient data and laboratory results are isolated per organization using multi-tenant architecture. No organization can access another organization's data.
  • We perform regular security audits and maintain access logs for all administrative actions.
  • Database backups are performed daily and stored in geographically separate locations.

4. Data Sharing

  • We do not sell, rent, or share your data with third parties for marketing purposes.
  • We may share data with: (a) service providers who assist in operating our platform (hosting, email delivery), bound by confidentiality agreements; (b) law enforcement when required by valid legal process; (c) your organization's designated administrators.
  • WhatsApp message delivery is facilitated through the WhatsApp Business API. Message content and recipient phone numbers are processed by Meta Platforms Inc. according to their privacy policy.

5. Data Retention

  • Patient data and test results are retained for as long as your organization maintains an active subscription, plus 90 days after account closure to allow for data export.
  • Upon written request, we will permanently delete all organization data within 30 days.
  • Aggregated, de-identified analytics data may be retained indefinitely.

6. Your Rights

  • Access: You may request a copy of all data associated with your organization.
  • Correction: You may update or correct any inaccurate information through the application or by contacting support.
  • Deletion: You may request deletion of your organization's data, subject to legal retention requirements.
  • Export: You may export your data in standard formats (CSV, PDF) at any time through the application.

7. Cookies

  • We use essential cookies for authentication and session management. These are strictly necessary for the service to function.
  • We do not use advertising or tracking cookies.

8. Changes to This Policy

  • We may update this privacy policy from time to time. We will notify all organization administrators via email at least 14 days before any material changes take effect.

9. Contact

  • For privacy-related inquiries, contact us at info@labflow.pro or +972 59 734 1694.