Privacy Policy

Last updated: February 17, 2026

1. Information We Collect

When you use LabLi, we collect:

  • Account Information: Email address and name (via Google sign-in)
  • Health Data: Lab reports you upload, including test names, values, reference ranges, and dates
  • Usage Data: How you interact with our service (pages visited, features used)
  • Device Information: Browser type, device type, IP address

2. How We Use Your Information

We use your information to:

  • Provide and maintain the LabLi service
  • Parse and organize your lab reports
  • Generate trends and insights from your health data
  • Improve our AI parsing accuracy
  • Send service-related communications
  • Respond to your requests and support inquiries

3. Data Storage & Security

Your data is:

  • Stored securely on Supabase (PostgreSQL database with encryption at rest)
  • Transmitted using TLS/SSL encryption
  • Accessible only to you through your authenticated account
  • Never sold to third parties

4. Important: What "Encrypted" Means

We believe in being transparent about how your data is protected:

What we DO have:

  • Encryption in transit: All data between your browser and our servers is encrypted (HTTPS/TLS)
  • Encryption at rest: Your data is encrypted on disk in our database (AES-256)
  • Row-level security: Database rules ensure you can only access your own data
  • Secure authentication: Google OAuth or email/password with secure session management

What we DON'T have:

  • End-to-end encryption: Your data is not encrypted with a key only you control

What this means in practice:

  • Our database provider (Supabase) could technically access your data
  • Our AI provider (Anthropic) processes your PDFs to extract test results
  • We (LabLi) can see your data to provide support if needed

Why not end-to-end encryption? End-to-end encryption would prevent us from parsing your PDFs using AI (the core feature), generating insights and trends, and providing any server-side features. This is the same trade-off made by most health apps including Apple Health (when syncing), MyFitnessPal, and similar services.

5. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication
  • Anthropic (Claude): AI-powered PDF parsing and insights
  • Google: OAuth authentication
  • Cloudflare: Hosting and CDN

These services have their own privacy policies and may process your data according to their terms.

6. AI Processing

When you upload a lab report:

  • The PDF is sent to Anthropic's Claude AI for parsing
  • Claude extracts test names, values, and reference ranges
  • We do not use your data to train AI models
  • Anthropic's data retention policies apply during processing

7. Your Rights

You have the right to:

  • Access: View all data we have about you
  • Export: Download your data in CSV format
  • Delete: Request deletion of your account and all associated data
  • Correct: Update inaccurate information

8. Data Retention

We retain your data:

  • As long as your account is active
  • For 30 days after account deletion (for recovery purposes)
  • After 30 days, data is permanently deleted

9. Cookies

We use essential cookies for:

  • Authentication (keeping you logged in)
  • Preferences (cookie consent status)

We do not use advertising or tracking cookies.

10. Children's Privacy

LabLi is not intended for children under 13. We do not knowingly collect data from children under 13.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@labli.app

Medical Disclaimer: LabLi is not a medical device. The information provided is for educational purposes only and should not replace professional medical advice, diagnosis, or treatment. Always consult your healthcare provider for medical decisions.