Privacy Policy
Effective date: 1 May 2026 · Last updated: 1 May 2026 · Version 1.0
Scope. This policy covers the Hybrinomics LIMS web platform (hosted at hybrinomicsdiagnostics.com) and the Hybrinomics LIMS Android application published by Hybrinomics Medical Innovations Pvt Ltd ("HMI") on the Google Play Store. The platform is operated for and on behalf of Hybrinomics Life Science & Diagnostics LLP ("HLD"), the diagnostic laboratory, and other licensed laboratory clients.
1. Who we are
Data Fiduciary (DPDP Act 2023): Hybrinomics Life Science & Diagnostics LLP (HLD) — the laboratory operating the LIMS instance you interact with.
Data Processor: Hybrinomics Medical Innovations Pvt Ltd (HMI) — the software developer maintaining the platform.
Address: 50, 2nd Main, Maruthi Township, B. Hanumanthanagar, Bileshivale, Doddagubbi Post, Bangalore — 560077, Karnataka, India.
Contacts:
2. What information we collect
2.1 Information you provide
- Account details — name, email, mobile number, role (doctor / technician / center / patient), employee ID where applicable.
- Patient information (entered by lab staff) — name, age, sex, contact, referring doctor, clinical history, sample details, test panels, and resulting reports.
- Login credentials — passwords are stored as one-way salted hashes; we never see your plaintext password.
- Communications — messages you send through internal chat, support emails, and feedback forms.
2.2 Information collected automatically by the Android app
| Data type | Why | Optional? |
| Camera | Scan barcode/QR labels on samples; capture report attachments | Yes — ask only when used |
| Photos / media | Attach images to reports; upload patient documents | Yes — only when you pick a file |
| Approximate location | Logistics tracking for sample pickup; security guard patrol module (employees only) | Yes — opt-in per module |
| Biometric (fingerprint / face) | Optional faster login on supported devices; processed locally on your device, never transmitted | Yes — toggle in Profile |
| Device identifiers | Push notification routing, session security, crash diagnostics | No — required for app to function |
| Usage / interaction logs | Server-side audit trails (NABL/ISO 15189 traceability) | No — required for accreditation |
2.3 Information from cookies and local storage
The web platform uses session cookies for authentication and CSRF protection. The Android app stores authentication tokens in encrypted secure storage on the device. We do not use third-party advertising or behavioural tracking cookies.
3. How we use your information
- To register patients, process diagnostic samples, generate test reports, and deliver them to the right recipient.
- To bill patients/insurers and maintain financial records as required by law.
- To run the laboratory's internal workflows (sample tracking, QC, equipment logs, internal chat, employee records).
- To meet NABL / ISO 15189:2022 accreditation requirements for traceability and audit trails.
- To send transactional notifications (report ready, sample collection, account events).
- To detect and prevent fraud, abuse, and unauthorized access.
- To improve the software (anonymized usage patterns, crash diagnostics).
We do not sell your personal data, do not use it for advertising, and do not share it with data brokers.
4. Lawful bases (DPDP Act 2023 §7)
- Consent — for patient health data processing, marketing communications, optional features (biometric login, location-based modules).
- Legitimate uses (§7) — for medical emergency, court order, employment-related records, and compliance with Indian laws (Clinical Establishments Act, NABL, ICMR guidelines, IT Rules).
- Contract performance — for staff and registered users with whom HLD/HMI has an active service agreement.
5. Sharing and disclosure
We share information only with:
- Authorised lab personnel — within HLD or partner laboratory you have engaged.
- Referring doctors and patients — to deliver reports to the right recipient.
- Service providers under DPA — cloud hosting (DigitalOcean, India region), email delivery, SMS gateway, push-notification (FCM). Each is contractually bound to security and confidentiality.
- Government authorities — where required by law (notifiable diseases reporting, court orders, regulator requests).
We do not transfer personal data outside India except to the extent the Central Government permits under DPDP §16. Production data resides in India region.
6. Retention
- Patient diagnostic records — retained for at least 5 years (NABL 112 standard) and up to 10 years for histopathology slides/blocks where applicable.
- Account & audit logs — retained for 3 years from last activity for accreditation and security forensics.
- Mobile-app device tokens — purged within 30 days after sign-out or app uninstall.
- Backups — encrypted at rest; rotated on a 30-day cycle.
7. Your rights
Under the DPDP Act 2023 (Chapter III) you have the right to:
- Access a summary of your personal data we process.
- Request correction or erasure of inaccurate or no-longer-needed data.
- Withdraw consent (where consent is the lawful basis) — withdrawal does not affect prior lawful processing.
- Nominate another individual to exercise these rights on your behalf.
- Lodge a grievance — see Section 10 below.
To exercise any right, write to hld@hybrinomics.com from the email registered on your account.
8. Security
We apply reasonable security safeguards including:
- TLS 1.2+ for all data in transit.
- Bcrypt password hashing.
- Role-based access controls; least-privilege defaults.
- Audit logging of report access and modification (NABL traceability).
- Encrypted backups; encrypted secure-storage on the Android app for auth tokens.
- Periodic vulnerability review and security updates.
No system is perfectly secure. If you suspect unauthorized access to your account, contact support@hybrinomics.com immediately.
9. Children
The platform is used by laboratories to record patient data including minors, with consent of a parent or guardian as required by Indian law. The Android app itself is not directed at children under 18 as end-users; minors should not register their own accounts.
10. Grievance officer (DPDP §8(10))
Grievance Officer: Dr. Prabhu Meganathan
For: Hybrinomics Life Science & Diagnostics LLP
Email: hld@hybrinomics.com
Phone: +91 73488 51954
Address: 50, 2nd Main, Maruthi Township, B. Hanumanthanagar, Bileshivale, Doddagubbi Post, Bangalore — 560077, Karnataka, India.
We respond to grievances within 30 days. Unresolved grievances may be escalated to the Data Protection Board of India once it commences operations.
11. Changes to this policy
We will post material changes on this page and update the "Last updated" date. For app users, a notice will appear at next sign-in. Continued use after the effective date constitutes acceptance.
12. Contact
Questions about this policy? Write to support@hybrinomics.com for the software/app, or hld@hybrinomics.com for laboratory/patient-data matters.