Labshare
Labshare

Labshare Platform Privacy Policy

Last Updated: January 28th, 2026

1. Introduction & Scope

Labshare ("we," "us," or "our") provides a platform designed for research and clinical laboratories within academic, hospital, and institutional settings to manage inventory, share resources, coordinate equipment reservations, and facilitate collaboration. This Privacy Policy describes how we collect, use, disclose, and protect information through our mobile applications and website (the "Services").

Important Notice on Protected Health Information (PHI):

  • Our Services are architected for the management of laboratory supplies, equipment, and operational workflows. They are not designed or certified for the storage or processing of Protected Health Information (PHI) as defined by the U.S. Health Insurance Portability and Accountability Act (HIPAA).
  • We expressly prohibit users from inputting, uploading, or storing PHI (e.g., patient names, medical record numbers, diagnostic results) into the Services. Labshare is not a "HIPAA Business Associate" and our platform should not be used for activities that would create such a relationship. Users are solely responsible for ensuring their use of the Services complies with all applicable data protection laws.

2. Information We Collect

We collect information to provide, secure, and improve our Services.

a. Information You Provide:

  • Account Profile: Name, institutional email address, phone number, and role/lab affiliation.
  • Laboratory Operational Data: Inventory item details (e.g., catalog numbers, quantities, locations), equipment reservation schedules, grant or project codes (if entered), and notes related to lab management.
  • Collaboration Data: Information you choose to share within your institution or, via controlled settings, with explicitly approved external collaborators (e.g., listings of available shared equipment or surplus supplies).
  • Communications: Records of your support inquiries, feedback, and correspondence with us.

b. Information Collected Automatically:

  • Usage & Device Data: IP address, device type, operating system, browser type, app version, feature usage logs, and crash diagnostics. We use tools like Supabase for analytics, with data anonymized where possible.
  • Camera & Location (Optional): With your explicit device-level permission, the camera is used to scan barcodes. Approximate location (at the city/institution level) may be used to enable features like finding nearby shared resources within your institution's network. We do not collect continuous background location data.

3. How We Use Your Information

We use your information for the following legitimate business purposes:

  • Service Delivery & Operations: To create and maintain your account; provide inventory management, reservation systems, and intra-institutional sharing features; and authenticate users.
  • Security & Integrity: To monitor for and prevent fraudulent logins, abuse, and security incidents; enforce our Terms of Service; and maintain audit logs of system activity.
  • Service Improvement: To analyze aggregated, de-identified usage trends to fix bugs, improve performance, and develop new features.
  • Communication: To send you essential administrative messages (e.g., security alerts, policy updates), respond to support requests, and communicate about your account.
  • Compliance: To comply with applicable U.S. laws and regulations and respond to lawful requests from authorities.

4. How We Share & Disclose Information

We do not sell or rent your personal information.

  • Within Your Institution: Your lab data and profile are visible to administrators and other users within your institutional instance as configured by your institutional administrators. Sharing of resource listings across labs is typically contained within the institution's private instance.
  • With Your Consent: Features enabling collaboration with external institutions require explicit administrative approval from both sides. Data sharing in these scenarios is limited to what you specifically publish for that purpose.
  • Service Providers: We engage trusted, contract-bound vendors for infrastructure, hosting, and analytics (e.g., Google Cloud, Supabase, Firebase). These providers process data solely on our instructions and are vetted for security.
  • Legal Obligations: We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of Labshare, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred. We will notify you and ensure the successor entity respects this Privacy Policy.

5. Data Security

We implement security measures aligned with industry standards and frameworks, including:

  • Encryption: Data in transit is protected via TLS/HTTPS. Sensitive data at rest, including passwords (hashed and salted) and personal identifiers, is encrypted.
  • Access Controls: Strict role-based access control (RBAC) limits data access to authorized personnel based on the principle of least privilege. Access is logged and audited.
  • Infrastructure Security: Our services operate on secure, reputable cloud platforms with robust physical and network security.
  • Policies & Training: We maintain internal information security policies and provide training to relevant staff.
  • Your Role: You are responsible for maintaining the confidentiality of your login credentials and for all activities under your account.

While we employ these safeguards, no electronic system can be 100% secure. We commit to promptly notifying affected users in the event of a data breach as required by law.

6. Data Retention

  • We retain your personal data for as long as your account is active or as needed to provide the Services.
  • Upon account deletion (initiated by you or your institution's administrator), we will initiate a process to delete or irreversibly anonymize your personal data from our active systems within a reasonable timeframe, subject to the following:
    • Retention required to comply with legal or regulatory obligations.
    • Data necessary for legitimate business purposes, such as security audit logs, fraud prevention, or financial record-keeping.
    • Residual data may persist in secure, encrypted backups for a limited period before final purging.

7. Your Rights & Choices (Including International Users)

  • Access & Correction: You can review and update your account profile via the Services.
  • Data Deletion: You can request account deletion by contacting your institutional administrator or us at the email below.
  • Permissions: You can manage camera and location permissions via your device settings.
  • Communications: You can opt-out of non-essential promotional emails.
  • International Data Transfers: Our Services are operated from the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S., which may have different data protection laws. By using the Services, you consent to this transfer. For users in the European Economic Area (EEA), United Kingdom, or other regions with specific privacy laws, we will process your data on the basis of our contractual obligations (Terms of Service) and legitimate interests in providing a secure service. We will honor data subject rights (e.g., access, rectification, erasure) as required by applicable law.

8. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy. Material changes will be communicated via the Services or email. Your continued use after changes constitutes acceptance.

10. Contact Us

For privacy-related questions, requests, or to report a potential security issue, contact:

We are committed to working with you to resolve any concerns.

← Back to Home