Privacy Policy

This Privacy Policy describes how LabZila Inc. ("LabZila," "we," "us," or "our") collects, uses, stores, and discloses information about you when you access or use our laboratory information management system (LIMS) platform, website, and related services (collectively, the "Services"). By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

1 Information We Collect

1.1 Information You Provide

We collect information you provide directly when you create an account, use our Services, or communicate with us:

• Account Information: Name, email address, phone number, company name, job title, and password when you register for an account.
• Billing Information: Payment card details, billing address, and transaction history processed through our PCI-compliant payment processor.
• Laboratory Data: Sample data, test results, instrument readings, workflow configurations, and other data you input into the LIMS platform.
• Communications: Information you provide when contacting support, submitting feedback, or participating in surveys.
• User Content: Documents, standard operating procedures, reports, and other files you upload to the platform.

1.2 Information Collected Automatically

When you use our Services, we automatically collect certain technical and usage information:

• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, features used, actions taken, time spent on pages, and navigation patterns.
• Log Data: IP address, access times, referring URLs, and error logs for security and troubleshooting purposes.
• Performance Data: Page load times, system performance metrics, and crash reports.

1.3 Information from Third Parties

We may receive information from integrated third-party services (e.g., instrument manufacturers, ERP systems) that you connect to LabZila, as well as from business partners and publicly available sources.

2 How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the LabZila LIMS platform, including processing laboratory data, generating reports, and managing workflows.
• Account Management: To create and manage your account, authenticate users, and provide customer support.
• Billing & Payments: To process subscription payments, generate invoices, and manage billing inquiries.
• Communication: To send service notifications, security alerts, product updates, and respond to your inquiries.
• Security & Compliance: To detect and prevent fraud, enforce our terms of service, maintain audit trails, and comply with regulatory requirements including 21 CFR Part 11.
• Analytics & Improvement: To analyze usage patterns, measure performance, conduct research, and improve our Services.
• Legal Obligations: To comply with applicable laws, regulations, and legal processes.

3 Data Storage & Security

We implement industry-leading security measures to protect your data:

• Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.
• Infrastructure: Data is stored on SOC 2 Type II certified cloud infrastructure with multi-region redundancy.
• Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), and principle of least privilege.
• Monitoring: Continuous security monitoring, intrusion detection, and automated threat response.
• Backups: Automated daily backups with point-in-time recovery and geo-redundant storage.
• Physical Security: Data centers with 24/7 physical security, biometric access, and environmental controls.

While we implement robust security measures, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable multi-factor authentication on your account.

4 Third-Party Sharing & Disclosure

We do not sell your personal information. We may share your information with third parties only in the following circumstances:

• Service Providers: With trusted vendors who perform services on our behalf (e.g., cloud hosting, payment processing, analytics), subject to contractual data protection obligations.
• Integrations: With third-party services you choose to connect to LabZila (e.g., instrument software, ERP systems), as directed by you.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, with notice to affected users.
• Consent: With your explicit consent or at your direction.
• Aggregated Data: We may share anonymized, aggregated data that cannot reasonably identify you for industry research and benchmarking.

5 Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for platform functionality, authentication, and security. Cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our Services to improve performance and features.
• Preference Cookies: Remember your settings, language preferences, and customizations.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. Optional and can be disabled.

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of our Services.

6 Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

To exercise any of these rights, please contact us at privacy@labzila.com. We will respond to your request within 30 days.

7 GDPR Compliance

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data in accordance with the General Data Protection Regulation (GDPR). Our lawful bases for processing include:

• Contract Performance: Processing necessary to deliver our Services under the subscription agreement.
• Legitimate Interests: Processing for product improvement, security, and fraud prevention, balanced against your rights.
• Legal Obligation: Processing required to comply with applicable laws and regulations.
• Consent: Processing based on your explicit consent, which you may withdraw at any time.

We offer Data Processing Agreements (DPAs) to all customers. For international data transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

8 Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy:

• Active Accounts: Data is retained for the duration of your subscription and active use of the Services.
• Post-Termination: Upon account termination, we retain your data for 90 days to allow for reactivation, after which it is securely deleted.
• Audit Trails: Audit log data required for regulatory compliance (e.g., 21 CFR Part 11) is retained for a minimum of 7 years or as required by applicable regulations.
• Billing Records: Financial transaction records are retained for 7 years in accordance with tax and accounting regulations.
• Backups: Data may persist in encrypted backups for up to 90 days after deletion from primary systems.

9 Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Services after the effective date of changes constitutes acceptance of the updated policy.