Privacy Policy

Last updated: August 15, 2025

Who we are

This Privacy Policy describes how Innovators Generation (“we”, “us”, “our”) collects, uses, and protects information in the application Lab Management (LIMS) (“the App”) and related web services (collectively, “Services”).

Scope

This policy covers data processed when you use the App, web portals, APIs, and support channels. If you enable integrations (e.g., cloud storage, analytics, speech-to-text), those providers may process data under their own privacy terms.

Information we collect

1) Patient & Laboratory Data (may include PHI/PII if you enter it)

• Patient identifiers (e.g., name, ID, date of birth), demographics, ordering provider, and contact information.
• Orders, accessions, specimens, test panels, results (quantitative/qualitative), flags, interpretations, attachments (e.g., PDFs, images).
• Audit data (e.g., who created/modified a record, timestamps) to support traceability.

2) User/Account Data

• Account details (name, email, role), organization, department.
• Authentication metadata and authorization roles/permissions.

3) Device & App Diagnostics

• App version, device model, OS version, usage events, crash logs, performance metrics (non-identifying).

4) Optional Inputs (only if you enable them)

• Attachments (files, images) you upload to a record.
• Microphone/camera data if you choose features that capture images or dictate notes.
• AI assistance prompts and outputs (if you enable AI features); we recommend de-identifying PHI before use.

How we use information

• Operate core LIMS workflows (orders, specimens, results, reporting, audit, exports).
• Provide user authentication, role-based access, and organization controls.
• Generate reports and structured documents you request.
• Maintain security, prevent misuse, and respond to support inquiries.
• Improve stability and performance (diagnostics/analytics where enabled).

Legal bases / Lawful processing

Depending on your jurisdiction and relationship, we process data under one or more of:

• Contract – to provide the Services you requested.
• Legitimate Interests – to secure and improve the Services.
• Consent – for optional features (e.g., certain integrations/analytics/AI).
• Legal Obligation – where we must retain or disclose data to comply with law.

Security

• Encryption in transit (TLS) and at rest (where we host or store).
• Role-based access control, least-privilege, session management, and audit logging.
• Segregation of environments and periodic vulnerability management.
• You are responsible for safeguarding exported files, local backups, or systems under your control.

Data storage & retention

• Customer/Organization-controlled data: Patient/lab records are typically held under your organization’s control. Retention is configured by your admins according to policy/law.
• Diagnostics: Aggregated or pseudonymized diagnostics may be retained only as long as needed to operate and improve the Service.
• You may request deletion of account data or support tickets by contacting us (see Contact).

International transfers

Depending on your location and enabled services, data may be processed in other countries. Where required, we use appropriate safeguards (e.g., SCCs).

Third-party services / Sub-processors

We may use trusted providers to deliver functionality; only necessary data is shared:

• Cloud infrastructure/hosting (e.g., AWS, Google Cloud, Azure).
• Crash and performance analytics (if enabled).
• AI assistance or speech-to-text services (only if you enable them).
• Email support and service desk tooling.

Note: If AI or speech services are enabled, we recommend de-identifying PHI. Where required, we can provide a Data Processing Agreement (DPA) or Business Associate Agreement (BAA) for covered entities—contact us.

Your choices & rights

• Access/Correction/Deletion: Contact your administrator for records under organizational control; contact us for account/support data we manage.
• Export: Use in-product export features where available.
• Optional features: You can disable analytics/AI/speech features in settings (where available).
• Do Not Sell or Share (CCPA/CPRA): We do not sell personal information. You may submit a request via email below.

Children’s privacy

The App is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Regulatory notes (summary, non-exhaustive)

• HIPAA (U.S.): If you are a Covered Entity/Business Associate, you are responsible for entering into a BAA with us before transmitting PHI to our hosted services. Contact us for a DPA/BAA if applicable.
• GDPR (EEA/UK): Innovators Generation acts as a Data Processor for customer-controlled data and as a Data Controller for account/support/diagnostic data. You have rights of access, rectification, erasure, restriction, portability, and objection, subject to limits.
• CCPA/CPRA (California): We do not “sell” or “share” personal information as defined by law.

AI-assisted features (if enabled)

• Inputs and outputs you submit to AI providers are used solely to return the responses you request (subject to each provider’s privacy terms).
• We provide in-app reporting to flag problematic or unsafe outputs to us for review and improvement.
• Do not include PHI unless you have legal authorization and safeguards in place; prefer de-identified data.

Data breach notification

If we become aware of a breach affecting your data in our care, we will notify you and relevant authorities where required by law and our agreements.

Changes to this policy

We may update this policy from time to time. If changes are material, we will provide reasonable notice (e.g., in-app, email, or by updating the date above).

Contact & data requests

• Developer / Entity: Innovators Generation
• App: Lab Management (LIMS)
• Support & Privacy: zub165@yahoo.com
• Policy URL: https://zub165.github.io/Lab-Report/privacy.html
• Postal: Please email us to request a mailing address for official privacy correspondence.