Privacy Policy
Last updated: February 27, 2026
Overview
Labs Tracker ("we", "our", or "the app") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information, including any health-related data you choose to upload.
Health Data & HIPAA Notice
Important: Labs Tracker is a personal consumer wellness tool. We are not a healthcare provider, health plan, or healthcare clearinghouse. We are not a covered entity or business associate under HIPAA (the Health Insurance Portability and Accountability Act). This service is not HIPAA-compliant.
By using Labs Tracker, you acknowledge that:
- Any health data you upload is treated as personal information under general data protection laws, not as Protected Health Information (PHI) under HIPAA
- You are voluntarily uploading your own health data for personal tracking purposes only
- You are not uploading data on behalf of patients or in connection with any healthcare service
- While we implement strong security measures, we do not guarantee the specific safeguards required by HIPAA
- You should not use this app as a replacement for medical records systems provided by your healthcare provider
- You assume all risk associated with uploading health-related data to this service
If you require HIPAA-compliant storage of your medical records, please use a service specifically designed and certified for that purpose.
Information We Collect
We collect the following information:
- Account Information: Email address and encrypted password when you create an account
- Health Data: Lab results and biomarker data that you upload via PDF or enter manually
- Usage Data: Basic analytics about how you use the app (no personal health data is included)
How We Use Your Information
Your information is used solely to:
- Provide the lab results tracking service
- Store and sync your data across devices
- Send account-related emails (verification, password reset)
- Improve the app's functionality
Data Storage & Security
We take security seriously:
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
- Access Control: Your data is protected by row-level security policies - only you can access your data
- Session Security: Automatic session timeout after 30 minutes of inactivity
- Infrastructure: Data is stored on Supabase (hosted on AWS) with enterprise-grade security
- Audit Logging: Database access is logged for security monitoring
- No Sharing: We never sell, share, or provide your health data to third parties
Security Incident Response
In the unlikely event of a data breach affecting your personal information:
- We will investigate and contain the incident promptly
- We will notify affected users via email within 72 hours of discovery
- We will provide information about what data was affected and steps you can take
- We will report to relevant authorities as required by law
Data Retention
Your data is retained as long as your account is active. You can delete your data at any time:
- Use the "Clear All Data" button to delete all lab results
- Contact us to delete your entire account
Your Rights
You have the right to:
- Access: View all data we have about you
- Export: Download your data in a standard format
- Delete: Request deletion of all your data
- Correct: Update or correct your information
Third-Party Services
We use the following third-party services:
- Supabase: Database and authentication
- Vercel: Web hosting
- Anthropic (Claude): AI-powered PDF parsing (PDFs are processed but not stored by Anthropic)
- Resend: Transactional emails
Cookies
We use essential cookies only for authentication purposes. We do not use tracking or advertising cookies.
Children's Privacy
This app is not intended for children under 13. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.
Contact Us
If you have questions about this privacy policy or your data, contact us at:
support@labs-tracker.com