Privacy Policy

1. Who we are

Zylrio is a cloud-based laboratory information system (LIS) for pathology labs in India. We help labs register patients, enter results, generate NABL-compliant PDFs, and deliver them via WhatsApp.

2. What data we collect

We collect and process the following on behalf of labs using Zylrio:

• Patient name, age, gender, and WhatsApp number
• Test panel selections and result values
• Collection date, report date, referring doctor
• Payment amounts and status
• Lab staff email addresses (via Supabase Auth)
• Lab settings: name, address, logo, signatory details

3. How we use data

Data is used solely to provide the Zylrio service: generating reports, delivering them to patients via WhatsApp, and showing dashboards to lab staff.

We do not sell, share, or monetise patient data in any way.

4. Data storage and security

All data is stored on Supabase (AWS, South Asia region). PDFs are in Supabase Storage. The app is hosted on Vercel. Both use HTTPS and encryption at rest. Access is restricted by Row Level Security — each lab only sees its own data.

5. Data processor relationship

Zylrio is a Data Processor under the DPDP Act 2023. The laboratory is the Data Fiduciary and is responsible for obtaining patient consent to collect and process their data.

6. Retention and deletion

Patient data is retained while the lab has an active account. Labs may request full data deletion at any time. On account termination, data is deleted within 30 days.

7. Third-party services

• Supabase — database, auth, file storage
• Vercel — application hosting
• Meta WhatsApp Cloud API — report delivery

8. Patient rights

Patients may contact their lab to request access, correction, or deletion of their personal data. Labs are responsible for responding to such requests.

9. Contact

For privacy questions: reaganmendes0@gmail.com