How it WorksFeaturesPartnerContactDownload App

Privacy Policy

Last updated: April 24, 2026

1. Information We Collect

Ten Labs Diagnostics ("we", "us", "our") collects personal information necessary to provide diagnostic testing services, home sample collection, and digital report delivery. This includes:

  • Identity & contact data: Full name, date of birth, gender, mobile number, email address, and residential address (for sample collection).
  • Health data: Diagnostic test orders, clinical history, prescriptions, previous test reports, and test results generated by our labs or partner labs.
  • Payment data: UPI ID, card details, net banking, or wallet information – all processed through PCI-DSS compliant payment gateways. We do not store full card numbers.
  • Location data: With your explicit consent, we collect precise GPS location to track our phlebotomist in real time for home visits.
  • Device & usage data: IP address, device ID, app usage patterns, and log data to improve our services and ensure security.

2. How We Use Your Information

Your data is used strictly for healthcare and operational purposes:

  • To process and fulfil your diagnostic test orders.
  • To schedule home sample collection and assign a trained phlebotomist.
  • To share test samples with our accredited labs or partner labs for analysis.
  • To deliver digital reports via the Ten Labs app, email, or SMS.
  • To provide customer support, handle queries, and notify you about test results or any delays.
  • To improve our platform, conduct internal analytics, and ensure quality compliance (NABL, ISO, ICMR guidelines).
  • To detect and prevent fraud, unauthorised access, or other security incidents.
  • To comply with legal obligations (e.g., mandatory reporting of notifiable diseases).

3. Legal Basis for Processing (for GDPR/DPDPA compliance)

We process your data based on:

  • Consent: When you voluntarily provide information and agree to this policy.
  • Contractual necessity: To perform the diagnostic service you requested.
  • Legal obligation: To comply with health regulations and court orders.
  • Legitimate interest: To improve our services and prevent fraud, where your rights do not override those interests.

4. Data Sharing & Disclosure

We never sell or rent your personal or health data. We may share it only in the following circumstances:

  • With partner labs: To perform specialised tests not processed in-house. These labs are contractually bound to maintain confidentiality and use data only for the specific test.
  • With logistics partners: For sample pickup and delivery of reports (only name, address, and contact number).
  • With phlebotomists: Your name, address, and contact number for home collection appointments.
  • With regulatory or law enforcement agencies: When required by law (e.g., court order, public health directive).
  • With your explicit consent: For any other purpose you authorise.

5. Data Security & Retention

We implement industry-standard security measures:

  • All health records and personal data are encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access is restricted to authorised personnel on a need-to-know basis, with multi-factor authentication and audit logs.
  • We conduct regular vulnerability scans, penetration tests, and staff training on data protection.
  • Your data is retained for 8 years from the date of last test (as required by Indian medical record retention laws) or as needed to resolve disputes. After that, it is anonymised or deleted securely.

6. Your Rights Over Your Data

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update inaccurate or incomplete information (e.g., change of address).
  • Deletion: Request deletion of your data, subject to legal retention requirements.
  • Restriction: Limit how we use your data while a complaint is being resolved.
  • Portability: Receive a machine-readable copy of your data to transfer to another provider.
  • Withdraw consent: You can withdraw consent for non-essential processing (e.g., location tracking) at any time.

To exercise these rights, contact our Grievance Officer at support@tenlabs.in. We will respond within 30 days.

7. Cookies & Tracking Technologies

Our website uses essential cookies for authentication and security. We do not use third-party advertising cookies or tracking scripts without your explicit consent. You can manage cookie preferences through your browser settings.

8. Children’s Privacy

Our services are intended for individuals aged 18 and above. If we become aware that we have collected personal information from a child under 18 without parental consent, we will delete it immediately. Parents/guardians ordering tests for minors must provide valid consent and may access their child's data.

9. Grievance Redressal & Data Protection Officer

If you have any concerns about privacy or data handling, please contact our Grievance Officer:

Mr. Ramesh K.
Data Protection Officer
Ten Labs Diagnostics
Plot 42, Jubilee Hills, Hyderabad – 500033
Email: support@tenlabs.in
Phone: +91 40 1234 5678

You may also lodge a complaint with the relevant data protection authority (e.g., Indian Data Protection Board, if established).

10. Changes to This Privacy Policy

We may update this policy from time to time. The "Last updated" date at the top indicates the latest revision. Material changes will be notified via our app, email, or website banner. Continued use of our services after changes constitutes acceptance of the revised policy.