Privacy Policy

Last updated on 28th May 2026

This Privacy Policy describes the policies and procedures of Access Home Lab Solutions LLP (“ACCESS”, “Company”, “we”, “us” or “our”) on the collection, use, storage, disclosure, retention and deletion of your information when you use our website, mobile applications, partner applications and related services.

ACCESS is a Limited Liability Partnership incorporated under the laws of India and having its registered office at Door No. 28/69/1, Patturaikkal, Thrissur, Kerala - 680008.

The terms “you” and “your” refer to the user of the ACCESS platform. The term “Services” refers to services offered by ACCESS through its website, mobile applications, customer application, delivery partner application and other digital or physical service channels.

This Privacy Policy applies to:

• Customers and patients using ACCESS services.
• Hospitals, laboratories and partner institutions using ACCESS services.
• Delivery partners, phlebotomists, field executives and employees using the Access Phlebs application.
• Users visiting our website or communicating with ACCESS through phone, WhatsApp, email, application or other channels.

Please read this Privacy Policy carefully before using the ACCESS platform or submitting any personal information to ACCESS. This Policy is part of and incorporated within the Terms of Use.

YOUR CONSENT

By using the ACCESS platform and services, you agree and consent to the collection, use, storage, transfer, sharing, retention and deletion of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use or access the ACCESS platform or services.

Wherever required by law, ACCESS will obtain your specific consent before collecting or processing certain categories of information.

POLICY CHANGES

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated date.

Significant changes may be communicated to users through website notice, app notification, email, WhatsApp or other appropriate communication channels, wherever required.

Continued use of the ACCESS platform and services after changes are published will be considered acceptance of the revised Privacy Policy.

PART A: PRIVACY POLICY FOR ACCESS CUSTOMERS, PATIENTS, WEBSITE USERS, HOSPITALS AND LAB PARTNERS

INFORMATION WE COLLECT FROM YOU

We may collect personal information and service-related information from customers, patients, hospitals, laboratories and other users depending on the nature of the service used.

This may include:

• Name, age, gender, mobile number, email address and address.
• Location or sample collection address.
• Prescription details, test details, sample details and booking information.
• Patient identification details required for diagnostic service fulfilment.
• Medical reports, laboratory reports and test history, where applicable.
• Payment status, transaction ID, invoice details, refund details and billing information.
• Communication records through phone, WhatsApp, email, website, application or support channels.
• Device information, IP address, app usage data, crash logs and technical logs required for security, troubleshooting and service improvement.

ACCESS collects only such information that is reasonably necessary to provide diagnostic sample collection, logistics, report delivery, customer support, billing and related healthcare services.

INFORMATION COLLECTED FROM HOSPITALS AND LAB PARTNERS

When ACCESS provides services to hospitals, laboratories, diagnostic centres or institutional partners, we may collect:

• Name, designation, phone number, email ID and official contact details of hospital/lab personnel.
• Patient details required for sample handling and report delivery.
• Test order details, sample type, sample pickup and drop details.
• Billing, reconciliation, payment, invoice and credit-related information.
• Operational communication related to sample movement, test status and report delivery.

Such information is used only for service delivery, operational coordination, billing, compliance and business communication.

HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

• To create, process and manage diagnostic test bookings.
• To collect samples from home, hospital, lab or other approved locations.
• To transport samples safely between hospitals, laboratories and partner institutions.
• To deliver reports to customers, hospitals, labs or authorized users.
• To maintain a history of test bookings and reports, where applicable.
• To communicate booking status, sample status, payment status and report status.
• To provide customer support and respond to queries or complaints.
• To process invoices, payments, refunds and reconciliation.
• To prevent fraud, misuse, operational errors and unauthorized access.
• To improve our services, application performance, operational efficiency and customer experience.
• To conduct internal reporting, analytics, audits and research using anonymized or aggregated data wherever possible.
• To comply with legal, regulatory, tax, audit, accounting, healthcare and contractual obligations.

We may also send service updates, notifications, offers or promotional communication. Users may opt out of promotional communication by contacting ACCESS.

HOW WE SHARE YOUR INFORMATION

ACCESS may share your information only when required for service delivery, legal compliance, business operations or legitimate operational purposes.

Partner Hospitals and Laboratories

We may share patient details, prescription details, test details, sample details and report-related information with the hospital or laboratory selected by you or required for processing the test.

Delivery Partners and Phlebotomists

We may share limited order, location and contact information with assigned phlebotomists or delivery partners to complete sample collection, sample pickup, sample delivery and report-related coordination.

Technology and Service Providers

We may share information with third-party vendors who support hosting, cloud storage, payment processing, notifications, communication, analytics, application maintenance, security and technical support.

Payment Service Providers

Payment information may be processed by third-party payment gateways. ACCESS does not store full card numbers, CVV, UPI PINs, net banking passwords or other sensitive payment credentials.

Academic or Research Partners

Where information is used for academic, operational or research purposes, ACCESS will use anonymized or aggregated data wherever possible. Identifiable data will be shared only with appropriate consent, institutional approval or legal basis, wherever required.

Government, Legal or Regulatory Authorities

We may disclose information to courts, government authorities, law enforcement agencies, regulators, auditors or other authorized bodies if required under applicable law, legal process, investigation, fraud prevention, safety or compliance requirements.

Internal ACCESS Teams

Information may be accessed by authorized ACCESS personnel from operations, customer support, finance, compliance, HR, IT, legal and management teams on a need-to-know basis.

DATA SECURITY

ACCESS uses reasonable administrative, technical and operational safeguards to protect personal information against unauthorized access, misuse, loss, alteration or disclosure.

These safeguards may include:

• Role-based access control.
• Password-protected systems.
• Restricted access to medical and operational records.
• Secure hosting and storage practices.
• Audit logs and monitoring.
• Internal confidentiality processes.
• Limited access to data based on job responsibility.

However, no digital platform can guarantee absolute security. Users are responsible for keeping their login credentials, OTPs and device access secure.

DATA RETENTION

ACCESS retains personal information only for as long as necessary for service delivery, legal compliance, audit, dispute resolution, safety, fraud prevention, accounting, taxation and healthcare-related purposes.

Type of Data	Retention Period
Customer profile, contact details and saved address	During active use and up to 3 years after last activity, unless deletion is requested earlier.
Test booking records, prescription details, sample records and report delivery records	Up to 8 years, or longer if required by law, medical record requirements, hospital/lab policy, legal or regulatory obligations.
Payment, invoice, refund, tax and reconciliation records	Up to 8 years, or as required under tax, audit, accounting or legal requirements.
Customer support communication	Up to 3 years from closure of the query or complaint.
App usage logs, crash logs and technical logs	Usually up to 12–24 months, unless required longer for security, investigation or legal purposes.
Marketing consent and opt-out records	Until consent is withdrawn and thereafter as required to maintain opt-out/suppression records.

If any information is required for legal claims, investigations, regulatory compliance, fraud prevention, medical continuity, tax compliance, audit or contractual obligations, ACCESS may retain such information for a longer period as permitted or required by law.

After the applicable retention period, information will be deleted, anonymized or securely archived.

DATA DELETION

Users may request deletion of their personal information or account data, subject to legal, medical, regulatory, contractual, audit and operational requirements.

Customers and patients may request data deletion by:

• Using the account deletion or support option inside the ACCESS app, where available; or
• Sending an email to info@accesslabz.com with the subject line: Data Deletion Request.

The request should include:

• Registered name.
• Registered mobile number.
• Registered email ID, if any.
• Specific request, such as account deletion, address deletion, report deletion or full data deletion.

ACCESS may verify the identity of the requester before processing the deletion request. Once verified, ACCESS will delete or anonymize personal information that is no longer required for service, legal, medical, audit, taxation, dispute or regulatory purposes.

Valid deletion requests will generally be processed within 30 days of verification.

Certain information may not be deleted immediately if it is required for:

• Medical or diagnostic records.
• Hospital/lab coordination records.
• Tax, accounting, invoice, payment or audit requirements.
• Legal claims, disputes, investigations or regulatory compliance.
• Fraud prevention, safety and security.
• Contractual obligations with hospitals, labs, partners or service providers.

Deleted information may continue to exist in encrypted backups or archival systems for a limited period and will be overwritten, deleted or anonymized during routine backup cycles, usually within 90 days, unless longer retention is required for legal, security, audit or disaster recovery purposes.

PART B: ACCESS PHLEBS – DELIVERY PARTNER, PHLEBOTOMIST AND EMPLOYEE PRIVACY POLICY ADDENDUM

This section specifically applies to individuals using the Access Phlebs application, including delivery partners, phlebotomists, field executives, employees, contractors and other service personnel engaged by ACCESS.

The Access Phlebs application is used for sample pickup, sample delivery, duty tracking, attendance, route management, task allocation, order status updates, operational monitoring and compliance.

This section should be read together with the general Privacy Policy above. In case of any conflict, this Access Phlebs-specific section will apply to the extent it relates to delivery partner, phlebotomist, field executive or employee data.

INFORMATION COLLECTED FROM ACCESS PHLEBS USERS

When you use the Access Phlebs application, ACCESS may collect the following information:

• Name, employee ID, partner ID, phone number and profile details.
• Photograph or profile picture, where required.
• Attendance data, including login time, logout time, duty status, timestamp and location.
• Device information, device ID, app version, IP address, crash logs and technical logs.
• Real-time location or background location during duty hours, logged-in working hours or active assigned tasks.
• Route details, travel status, pickup location, drop location and task route information.
• Sample pickup details, sample drop details, order status, payment status and task completion status.
• Proof of pickup, proof of delivery, photographs or other operational records, where applicable.
• Payment, incentive, reimbursement, settlement and performance-related information.
• Compliance, audit, safety, escalation and complaint-related information.

ACCESS does not intentionally track Access Phlebs users when they are logged out, off duty or not assigned to active operational work, except where limited technical logs may be generated for security, troubleshooting or compliance purposes.

PURPOSE OF COLLECTION FOR ACCESS PHLEBS USERS

• To verify identity and attendance.
• To allocate sample pickup and delivery tasks.
• To track sample movement from pickup to delivery.
• To optimize routes and improve operational efficiency.
• To confirm duty status, task status and task completion.
• To coordinate with hospitals, laboratories, customers and internal operations teams.
• To ensure sample safety, chain of custody and service quality.
• To prevent fraud, misuse, false attendance, unauthorized task closure or operational errors.
• To process payments, incentives, reimbursements and settlements.
• To monitor service performance and resolve complaints or escalations.
• To ensure internal compliance, audit readiness, safety and regulatory compliance.
• To troubleshoot app issues and improve the Access Phlebs application.

LOCATION DATA COLLECTION IN ACCESS PHLEBS

The Access Phlebs application may collect location information, including real-time and background location, during duty hours, logged-in working hours or active task assignment.

Location data is collected for:

• Assigning nearby pickup and delivery tasks.
• Tracking sample pickup and sample delivery.
• Monitoring route progress and estimated arrival.
• Ensuring sample safety and chain of custody.
• Verifying attendance and duty status.
• Preventing misuse, fraud or false task completion.
• Ensuring safety and operational compliance.

Location data is not used for unrelated personal tracking.

Access Phlebs users are required to enable location permission for the app to function properly during duty or assigned work. If location permission is disabled, certain app features may not work, and ACCESS may be unable to assign or verify tasks.

CAMERA, STORAGE AND DEVICE PERMISSIONS IN ACCESS PHLEBS

The Access Phlebs application may request camera, storage/media, notification, internet and device-related permissions.

These permissions may be used for:

• Capturing attendance photos.
• Uploading proof of pickup or proof of delivery.
• Capturing sample-related images where required.
• Uploading documents or operational records.
• Sending task notifications and service alerts.
• Maintaining app security, troubleshooting and performance monitoring.

Permissions are used only for operational, compliance, safety and service-related purposes.

SHARING OF ACCESS PHLEBS USER DATA

Access Phlebs user data may be shared with:

• Authorized ACCESS operations, HR, finance, compliance, IT, legal and management teams.
• Hospitals, laboratories or customers only to the limited extent required for pickup, delivery, identification or service coordination.
• Technology vendors, hosting providers, communication platforms and app maintenance providers.
• Payment, accounting or reimbursement service providers.
• Government, legal, regulatory or law enforcement authorities where required by law.
• Auditors, consultants or professional advisors where required for compliance, investigation, dispute resolution or business operations.

ACCESS does not sell Access Phlebs user data to third parties.

RETENTION OF ACCESS PHLEBS USER DATA

ACCESS retains Access Phlebs user data only for as long as necessary for operational, legal, HR, audit, compliance, payment, safety, fraud prevention and dispute resolution purposes.

Type of Access Phlebs Data	Retention Period
Profile details, employee/partner ID and contact details	During engagement and up to 7 years after disengagement.
Attendance records and duty logs	Up to 3 years, unless required longer for audit, dispute, HR, payment or legal purposes.
Location, route and task movement logs	Usually up to 24 months, unless required longer for audit, dispute, fraud prevention, safety or legal purposes.
Sample pickup, sample drop, task completion and handover records	Up to 3 years, or longer if required for hospital/lab audit, dispute, compliance or legal purposes.
Payment, incentive, reimbursement and settlement records	Up to 8 years, or as required under tax, accounting, audit or legal requirements.
Device logs, crash logs and technical logs	Usually up to 12–24 months, unless required longer for security, troubleshooting or investigation.
Complaint, escalation, disciplinary or compliance records	Up to 7 years, or longer if required for legal, HR, audit or regulatory purposes.

After the applicable retention period, data will be deleted, anonymized or securely archived.

DATA DELETION FOR ACCESS PHLEBS USERS

Access Phlebs users may request deletion of their personal data by sending an email to: info@accesslabz.com with the subject line: Access Phlebs Data Deletion Request.

The request should include:

• Full name.
• Registered phone number.
• Employee ID or partner ID, if applicable.
• Nature of request, such as profile deletion, account deletion or specific data deletion.

ACCESS may verify the identity of the requester before processing the deletion request. Once verified, ACCESS will delete or anonymize information that is no longer required for employment, engagement, payment, audit, legal, sample handling, safety, fraud prevention, compliance or dispute resolution purposes.

Some Access Phlebs data may not be deleted immediately if it is required for:

• Attendance verification.
• Payment, incentive or reimbursement records.
• Sample pickup, sample delivery or chain-of-custody records.
• Hospital/lab audit or customer complaint resolution.
• Legal claims, disputes, investigations or regulatory compliance.
• Fraud prevention, safety, security or disciplinary records.
• Tax, accounting, payroll or statutory requirements.

Valid deletion requests will generally be processed within 30 days of verification, subject to the exceptions mentioned above.

Deleted information may remain in encrypted backups or archival systems for a limited period and will be overwritten, deleted or anonymized during routine backup cycles, usually within 90 days, unless longer retention is required for legal, audit, security or disaster recovery purposes.

RIGHTS OF ACCESS PHLEBS USERS

Access Phlebs users may contact ACCESS to:

• Access their personal information.
• Correct inaccurate profile or contact details.
• Request clarification on data collected through the app.
• Request deletion of eligible personal data.
• Raise concerns regarding location tracking, attendance data or task records.
• Withdraw consent where processing is based on consent, subject to operational and legal limitations.

Requests may be sent to info@accesslabz.com. Certain app features may not work if required permissions such as location, camera, notification or internet access are disabled.

THIRD-PARTY LINKS AND SERVICES

The ACCESS website or applications may contain links to third-party websites, hospitals, laboratories, payment gateways or partner platforms.

ACCESS is not responsible for the privacy practices, content or security of third-party platforms. Users are advised to review the privacy policies of those platforms separately.

COOKIES AND WEBSITE TRACKING

Our website may use cookies, analytics tools or similar technologies to improve website performance, understand visitor behaviour and provide a better user experience.

Users may disable cookies through browser settings, but some website features may not function properly.

CHILDREN’S DATA

ACCESS services may be used for diagnostic testing of minors only through parents, guardians, hospitals or authorized caregivers.

ACCESS does not knowingly collect personal information directly from children without appropriate parental, guardian, hospital or lawful authorization.

INTERNATIONAL TRANSFER

ACCESS primarily operates in India. However, some technology, hosting, cloud, communication or analytics service providers may process or store information on servers located outside India.

Where such transfer occurs, ACCESS will take reasonable steps to ensure that personal information is protected in accordance with applicable laws and this Privacy Policy.

GRIEVANCE AND CONTACT DETAILS

Access Home Lab Solutions LLP
Door No. 28/69/1, Patturaikkal, Thrissur, Kerala - 680008
Email: info@accesslabz.com
Phone: 9288008801

For data deletion requests, please use the following subject lines:

• Data Deletion Request – for customer, patient or general user data.
• Access Phlebs Data Deletion Request – for delivery partner, phlebotomist, field executive or employee data.

ACCESS will review and respond to valid privacy or deletion requests within a reasonable period, generally within 30 days of verification.