Doctorlab – a brand of Conasphere Technologies Private Limited
Effective Date: January 18, 2026
Doctorlab is the brand name of Conasphere Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at Kua Khai Pump House, Mancheswar, Bhubaneswar, Odisha – 751017, India ("Conasphere", "we", "us", or "our"). Conasphere is committed to protecting your privacy and the confidentiality of your personal and health-related information.
This Privacy Policy explains how we collect, use, disclose, store, secure, and protect your personal data when you:
Visit our website [ doctorlab.in ]
Use our mobile application (Doctorlab)
Book diagnostic tests, health packages, or home collection services
Interact with lab partners through our platform
Access test reports or other services
By accessing or using the Doctorlab platform ("Platform"), you consent to the practices described in this Policy. If you do not agree, please do not use our services.
We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") for processing your digital personal data.
1. Information We Collect
We collect the following types of information:
Personal Information
Name, age, gender, date of birth, mobile number, email address, address (including PIN code for service area).
Government-issued ID (e.g., Aadhaar number – only if voluntarily provided and masked as permitted), PAN (for payments/refunds where required).
Health-Related Information (Sensitive Personal Data)
Test/package booked, medical history/symptoms (if provided during booking or consultation).
Sample collection details, test results/reports (uploaded by lab partners).
Prescriptions, doctor notes, or other health records shared for service delivery.
Technical & Usage Information
Device information (IP address, browser type, OS, device ID).
Location data (approximate via IP or precise with consent for home collection).
Log data, cookies, usage patterns, booking history, payment details (processed via secure gateways – we do not store full card/CVV).
From Lab Partners & Third Parties
Test results, collection status, and reports shared by partnered labs.
Feedback/ratings you provide about labs/services.
2. How We Collect Information
Directly from you during registration, booking, profile update, or support queries.
Automatically via cookies, pixels, analytics tools (e.g., Google Analytics).
From lab partners when they fulfill bookings and upload reports.
From payment gateways (transaction IDs, not full card details).
3. How We Use Your Information
We process your data for legitimate purposes, including:
To facilitate bookings, home sample collection, test processing, and report delivery.
To verify identity, process payments/refunds, and send confirmations/notifications (SMS/email/push).
To share reports with you and authorized healthcare providers (with your consent or as necessary for diagnosis/treatment).
To improve services, analyze usage, prevent fraud, and ensure Platform security.
To comply with legal obligations (e.g., reporting to authorities, audits).
For internal quality checks, dispute resolution, and customer support.
Aggregated/anonymized data for analytics, research, or business insights (non-identifiable).
We do not use your data for unrelated marketing without explicit consent.
4. Sharing & Disclosure of Information
We share data only as necessary:
With partnered diagnostic labs for fulfilling bookings (they act as independent data fiduciaries/processors).
With service providers (e.g., payment gateways, cloud storage, SMS/email vendors) under strict confidentiality agreements.
With healthcare professionals/physicians (if you authorize access to reports for diagnosis).
To comply with law, court orders, government requests, or protect rights/safety.
In case of merger, acquisition, or sale of assets (your data remains protected).
We do not sell your personal data to third parties.
5. Consent & Your Rights (Under DPDP Act)
Consent is free, specific, informed, unconditional, and unambiguous.
You can withdraw consent (may impact service delivery).
Rights include: Access, correction/erasure, nomination, grievance redressal.
For children/disabled persons: Verifiable parental/guardian consent required.
Exercise rights by emailing [[email protected]] or via app settings.
6. Data Security
We implement reasonable security safeguards (encryption, access controls, firewalls) to protect against unauthorized access, loss, or breach. However, no system is 100% secure. In case of a data breach, we will notify you and the Data Protection Board as required under DPDP Act.
7. Data Retention
We retain data only as long as necessary for the purpose collected, or as required by law (e.g., medical records typically 3-5 years or per ICMR/NABL guidelines). Post-purpose, data is deleted/anonymized unless legally required.
8. Cookies & Tracking
We use cookies for functionality, analytics, and personalization. You can manage preferences via browser settings. Third-party analytics may place cookies.
9. International Transfers
Data is primarily processed in India. If transferred outside (e.g., cloud providers), we ensure adequate protections per DPDP Act rules.
10. Children's Privacy
Our services are not directed at children under 18. We do not knowingly collect data from children without verifiable parental consent.
11. Grievance Redressal
For privacy concerns, contact our Grievance Officer:
We will respond within timelines prescribed under DPDP Act.
12. Changes to This Policy
We may update this Policy. Changes will be posted here with the revised effective date. Significant changes will be notified via email/app notification.
13. Governing Law & Jurisdiction
This Policy is governed by Indian laws, including the DPDP Act. Disputes are subject to exclusive jurisdiction of courts in Bhubaneswar, Odisha.