Legal & Privacy
Last updated: April 3, 2026
Terms of Service
Welcome to LabInsightX (labinsightx.com), a product of Esox Studio, a design and technology studio based in Lahore, Punjab, Pakistan. By accessing or using our website and services, you agree to the following terms.
About the Service
LabInsightX is an educational health awareness tool. You upload a blood test report (PDF or image), and our AI analyzes the biomarkers to provide a color-coded, plain-language explanation of your results. The service is designed to help you understand your lab work — it is not a medical device, does not provide diagnoses, and does not replace professional medical advice.
Who Can Use LabInsightX
You must be at least 18 years old to use this service. By uploading a lab report, you confirm that you are the patient named on the report, or that you have legal authorization to access that patient's medical information (e.g., you are a parent/guardian).
Your Responsibilities
- You are responsible for the accuracy and legality of the files you upload.
- You must not upload reports belonging to others without their explicit consent.
- You agree not to use the service for any unlawful purpose or to misrepresent AI-generated interpretations as professional medical diagnoses.
- You acknowledge that all results are educational and must be verified with a qualified healthcare provider.
Intellectual Property
The LabInsightX name, logo, design, and underlying code are the property of Esox Studio. You may not copy, reproduce, or redistribute any part of the service without written permission. Your uploaded lab reports and the resulting analyses remain your property.
Service Availability
We aim to keep LabInsightX available 24/7, but we do not guarantee uninterrupted service. We may perform maintenance, update features, or modify pricing at any time. Active paid subscribers will always be notified of material changes.
Limitation of Liability
LabInsightX and Esox Studio shall not be liable for any health decisions made based on the AI-generated analysis. The service is provided "as is" without warranties of any kind. Our total liability is limited to the amount you paid for the service in the preceding 12 months.
Governing Standards
LabInsightX is designed to align with internationally recognized data protection frameworks including GDPR (EU General Data Protection Regulation) and the privacy principles of HIPAA (Health Insurance Portability and Accountability Act). Our privacy-first architecture — where no Protected Health Information is stored — reflects the "minimum necessary" standard central to both frameworks.
Privacy Policy
Our Core Privacy Commitment
We never store your lab report files, biomarker values, or AI-generated health analysis in our database. Your health data passes through our system in real-time and is immediately discarded after processing. We built this into the architecture from day one — it is not a policy, it is how the code works.
Who We Are
LabInsightX is operated by Esox Studio, a registered design and technology studio founded and run by Sajjad, based in Lahore, Punjab, Pakistan. The founder has 7+ years of experience building healthcare software interfaces, including work on clinical NLP tools, medical coding platforms, and healthcare AI products.
We believe transparency builds trust. That's why we disclose our identity, our location, and exactly how your data flows through our system.
What Data We Collect
| Data Type | Stored? | Purpose |
|---|---|---|
| Email address | Yes | Account authentication, email delivery of reports |
| Account plan & subscription status | Yes | Manage your subscription and analysis limits |
| Report metadata (file name, date, biomarker count) | Yes | Show report history on your dashboard |
| Lab report files (PDF/images) | Never stored | Sent to AI for real-time processing, then immediately discarded |
| Biomarker values & health data | Never stored | Exist only in your browser session |
| AI-generated analysis & recommendations | Never stored | Delivered to your browser only — save via PDF or email |
What We Explicitly Do NOT Store
To be absolutely clear: our database contains zero health information. We do not store your lab report files, biomarker names, biomarker values, reference ranges, AI interpretations, risk assessments, or any health-related content. This is enforced at the code level — the database columns for health data are set to NULL and are never written to.
Your Control Over Your Data
After your lab report is analyzed, the results exist only in your browser. You have two options to save your results:
- Download as PDF — generated entirely in your browser (client-side), never touches our servers
- Email to yourself — sent via our email provider (Resend) directly to your inbox, then the content is gone from our system
If you close your browser tab without saving, your analysis is gone permanently. We cannot recover it because we never had it.
How Your Data Is Handled
We believe you deserve to know exactly what happens to your lab report from the moment you upload it. Here is the complete data flow:
Data Flow — What Happens When You Upload
You upload your lab report
Your PDF or image is sent from your browser to our secure API endpoint via HTTPS (TLS 1.3 encryption in transit).
Your file exists in server memory only
We send it to the AI for analysis
Your report is forwarded to the Anthropic Claude API for interpretation. This is the only third party that processes your data. Anthropic retains API data for up to 7 days for safety monitoring, then deletes it. They do not use API data to train their models.
Processing takes ~20–60 seconds
AI returns the analysis
Claude API sends back a structured JSON response with biomarker interpretations, severity classifications, and recommendations.
Your original file is discarded from memory
Results delivered to your browser
The analysis is sent directly to your browser. Only metadata (file name, date, biomarker count) is saved to our database.
No health data enters our database
You decide what to keep
Download as PDF (generated in your browser) or email it to yourself. If you do neither, the data is gone when you close the tab.
You are always in control
About Anthropic (Our AI Provider)
We use the Anthropic Claude API to analyze your lab reports. Anthropic provides two key data handling arrangements for the Claude API:
Anthropic Data Handling Arrangements
Zero Data Retention (ZDR): Customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse.
HIPAA Readiness: For organizations handling protected health information (PHI), Anthropic offers HIPAA-ready API access with a signed Business Associate Agreement (BAA).
Here is what this means for your data:
- Data sent via the Anthropic API is not used to train their AI models.
- Under Anthropic's standard commercial API policy, inputs and outputs are retained for up to 7 days for trust and safety purposes, after which they are automatically deleted.
- Enterprise customers can opt into Zero Data Retention (ZDR) where data is not stored at rest at all after the response is returned.
- Anthropic offers HIPAA-compliant API access with a signed Business Associate Agreement (BAA) for organizations handling PHI.
- You can review Anthropic's full data retention policy at Anthropic API & Data Retention Docs.
As LabInsightX grows, we plan to pursue a Zero Data Retention agreement and HIPAA BAA with Anthropic to further minimize the data exposure window for our users.
Encryption & Security
- All data in transit is encrypted via HTTPS/TLS — your upload, the API call, and the response are all encrypted.
- Our database (hosted on Supabase) uses encryption at rest and Row Level Security (RLS) policies — users can only access their own metadata.
- Authentication is handled via Supabase Auth with support for email/password and Google OAuth.
- Our application is hosted on Vercel, which provides automatic SSL certificates and DDoS protection.
Cookies & Analytics
We use Google Analytics to understand aggregate usage patterns (page views, session duration, country-level geography). Google Analytics uses cookies. We do not link analytics data to your account or health information. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.
Your Rights
Regardless of where you are located, you have the right to:
- Access — Request a copy of the data we hold about you (account email, plan type, report metadata).
- Deletion — Request complete deletion of your account and all associated metadata. Email us and we will process this within 7 business days.
- Portability — Download your analysis results via PDF at any time before closing your session.
- Withdrawal of consent — You provide consent before every upload via a required checkbox. You can stop using the service at any time.
GDPR & International Users
While we are based in Pakistan, we serve users globally and aim to meet the standards of the EU General Data Protection Regulation (GDPR). Our privacy-first architecture — where no health data is stored — means there is minimal personal data to protect in the first place. If you are in the EU/EEA, the legal basis for processing your data is your explicit consent (provided via the upload consent checkbox) and legitimate interest (providing the service you requested).
HIPAA Compliance Roadmap
LabInsightX is an educational tool, not a covered entity or business associate under HIPAA. However, our architecture reflects HIPAA's "minimum necessary" principle — we collect and retain the absolute minimum data required to deliver the service. No Protected Health Information (PHI) is stored in our systems.
Anthropic (our AI provider) offers HIPAA-ready API access with a signed Business Associate Agreement (BAA) and Zero Data Retention (ZDR) arrangements for qualifying organizations. As LabInsightX scales, our compliance roadmap includes:
- Anthropic BAA for HIPAA-compliant API access
- Zero Data Retention (ZDR) agreement with Anthropic
- Supabase Pro with BAA ($25/mo) for database-level compliance
- SOC 2 Type II certification
Children's Privacy
LabInsightX is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has used our service, please contact us and we will delete any associated data.
Payments & Billing
Payment Processor
All payments are processed by LemonSqueezy, a Merchant of Record (MoR) platform. This means:
- LemonSqueezy is the legal seller — they handle your payment, taxes (VAT/GST), invoicing, and chargebacks on our behalf.
- Your credit card or payment details are processed entirely by LemonSqueezy. We never see, handle, or store your payment information.
- LemonSqueezy is PCI-DSS compliant and uses industry-standard encryption for all transactions.
- You can review LemonSqueezy's privacy policy at lemonsqueezy.com/privacy.
Pricing Plans
| Plan | Price | Analyses |
|---|---|---|
| Free | $0 | 3 analyses |
| Pro Monthly | $2.99/month | 15 analyses per month |
| Pro Annual | $1.99/month ($23.88/year) | 15 analyses per month |
Prices may change. Active subscribers will be notified at least 30 days before any price increase takes effect on their plan.
Subscription Management
You can cancel your subscription at any time through the LemonSqueezy customer portal (link provided in your subscription confirmation email). Your access continues until the end of your current billing period.
Refund Policy
We want you to feel confident trying LabInsightX. Here is our refund policy:
7-Day Money-Back Guarantee
If you are not satisfied with your Pro subscription, you can request a full refund within 7 days of your initial purchase. No questions asked.
How to Request a Refund
Email us at support@labinsightx.com with your account email and we will process your refund within 5–7 business days. Refunds are issued through LemonSqueezy to your original payment method.
After 7 Days
After the 7-day window, we do not offer refunds for the current billing period. However, you can cancel your subscription at any time and your access will remain active until the end of the billing cycle.
Free Tier
The free tier (3 analyses) requires no payment and is non-refundable as no charge was made.
Medical Disclaimer
⚠️ Important: LabInsightX is NOT a medical device
LabInsightX provides educational health information only. The AI-generated analysis is not a medical diagnosis, medical advice, or a substitute for professional healthcare.
Always consult a qualified healthcare provider before making any health decisions based on your lab results. Do not start, stop, or change any medication or treatment based solely on information provided by LabInsightX.
AI can make errors. Reference ranges and interpretations are general guidelines and may not apply to your specific health situation, age, sex, medications, or medical history.
By using LabInsightX, you acknowledge and accept that:
- The service is for educational and informational purposes only.
- AI-generated interpretations may contain inaccuracies and should always be verified by a healthcare professional.
- LabInsightX and Esox Studio are not liable for any health outcomes resulting from reliance on AI-generated analysis.
- You will not use LabInsightX results as a basis for emergency medical decisions. If you have a medical emergency, contact your local emergency services immediately.
Contact Us
If you have questions about these terms, our privacy practices, or need to exercise your data rights, reach out:
Company
Esox Studio
Location
Lahore, Punjab, Pakistan
Website
Response Time
Within 48 hours on business days
Policy Updates
We may update these terms and privacy policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. For material changes affecting paid users, we will send an email notification.