Overview

Phlebo is a professional mobile application built for licensed phlebotomists, diagnostic laboratories, hospitals, and home collection service providers. This Privacy Policy explains what personal information we collect when you use Phlebo, how we use it, with whom we share it, and what rights you have over it. This application is accessible only to authorized healthcare professionals issued credentials by their employing laboratory or diagnostic center. If you are using Phlebo, your organization has agreed to our Terms of Service and takes responsibility for ensuring this application is used in accordance with applicable healthcare regulations. By using Phlebo, you agree to the practices described in this Privacy Policy. If you do not agree, please stop using the application and contact your administrator.

Who This Policy Applies To

This Privacy Policy applies to:

• Phlebotomists who use the Phlebo mobile application on their Android devices during field operations
• Laboratory administrators and diagnostic center staff who manage the Phlebo organization portal
• Patients whose data is collected, processed, or transmitted through the application as part of home blood collection services
• All releases of the Phlebo Android application available on the Google Play Store

Information We Collect

We collect only what is strictly necessary to operate the application and deliver reliable home collection services. We do not collect information speculatively or for purposes beyond what is described here.

Device Permissions We Request

Phlebo requests the following Android permissions. Every permission is used for a single, clearly defined operational purpose. We do not use any permission for tracking, profiling, or advertising. The table below lists every permission declared in the application and its precise justification.

How We Use Your Information

All data collected through Phlebo is used exclusively to support home blood collection operations. Specifically, we use it to:

• Verify the identity of authorized phlebotomists and maintain secure session access
• Deliver and manage assigned home collection orders and patient appointment details
• Continuously track phlebotomist location — including in the background while the app is minimised — throughout an active shift, enabling the dispatch system to assign incoming collection orders to the nearest available phlebotomist in real time
• Enable phlebotomists to call patients directly from within the app to confirm addresses, notify of arrival, or handle scheduling queries
• Detect incoming phone calls to pause and resume active in-app workflows without data loss
• Record sample collection events with barcode verification and GPS-timestamped audit trails
• Capture, upload, and associate TRFs and supporting patient documents with lab orders
• Process on-site payment collection and issue digital acknowledgment records
• Transmit real-time collection status updates to the laboratory information system
• Generate daily task reports and operational performance summaries for the laboratory
• Send time-sensitive push notifications for new orders and urgent sample pickups
• Support laboratory quality audits and regulatory documentation requirements
• Diagnose and fix technical issues using anonymized crash and error data

How We Share Your Information

We do not sell, rent, license, or share your personal or patient information with third parties for commercial or advertising purposes — ever. We may share information in the following limited circumstances:

• With your employing laboratory or diagnostic center that has deployed and manages the Phlebo application
• With healthcare personnel — such as lab technicians and reporting pathologists — directly involved in processing your submitted sample
• With backend infrastructure providers (cloud hosting, push notification services) who are bound by strict data processing agreements and may not use data for any independent purpose
• With payment processing partners, limited to the transaction data required to complete and record a collection payment, subject to their PCI-DSS compliance obligations
• When required by applicable law, a valid court order, or a lawful request from a government or public health authority
• To detect, prevent, or respond to fraud, security incidents, or violations of our Terms of Service

How We Protect Your Information

We take the security of patient and operational data seriously. The following controls are in place:

• All data in transit is encrypted using TLS 1.2 or TLS 1.3 over HTTPS. The application is being updated to explicitly block cleartext HTTP via Android network security configuration to ensure this in all scenarios
• Data at rest is stored on encrypted, access-controlled servers in hardened cloud infrastructure
• Application login requires organization-issued credentials with brute-force protection and automatic session expiry
• Session tokens are short-lived, secured using Android Keystore where applicable, and invalidated on logout
• Patient data is not cached or stored in plain text on the mobile device
• Sensitive database fields use AES-256 encryption at rest
• Role-based access control limits phlebotomists to their own assigned orders and data
• API endpoints are authenticated and hardened against OWASP Top 10 threats

Our Location Data Practices

Because location — and particularly background location — is one of the most sensitive data types on Android, we want to be completely transparent about exactly when, why, and how it is collected. The disclosures in this section are required by Google Play's Background Location policy. Why background location is necessary for Phlebo Phlebo's core dispatch feature assigns incoming home collection orders to the nearest available phlebotomist in real time. For this to work, the laboratory dispatch system must continuously know the GPS position of every phlebotomist who is on an active shift — not just when they are looking at the app, but also when they have minimised it to use navigation, respond to a message, or handle other tasks on their device. If location tracking paused every time the phlebotomist switched away from Phlebo, the dispatch system would have no way to determine who is nearest to a new order that arrives while the app is in the background. This would cause order assignment delays that directly affect patient care and the viability of time-sensitive sample collection. Foreground-only location is therefore technically insufficient for this use case. Background location access is the minimum necessary permission to deliver the core dispatch functionality of the application. Exactly when background location is collected Background location is collected only when all three of the following conditions are true at the same time: 1. The phlebotomist has logged in and deliberately started an active shift session. 2. The background location service is running and a persistent notification is visible in the Android notification tray, clearly informing the phlebotomist that location is active. 3. The shift remains active — background location collection stops immediately and automatically the moment the phlebotomist ends their shift, logs out, or the service is terminated. Background location is never collected outside a shift session, never collected when the device is idle with no active shift, and is never used for any purpose other than real-time dispatch and collection audit logging. How to control location collection The phlebotomist can stop all location collection at any time by ending their shift within the application. Location permissions can also be reviewed and revoked through Android system settings under Apps → Phlebo → Permissions → Location. Revoking location permission will disable the dispatch and order assignment features of the application.

Foreground Services

Phlebo uses Android Foreground Services to maintain reliable performance during active home collection tasks. In compliance with Google Play policy and Android 14 (API 34) requirements, all foreground service types are explicitly declared in the application's AndroidManifest.xml. A persistent, visible notification is displayed in the Android notification tray at all times while any foreground service is running. Foreground services are never started without a deliberate user action such as beginning a task or shift. The following foreground service types are used:

• Location (type: location) — Continuous GPS tracking throughout the phlebotomist's active shift. Enables real-time proximity dispatch for incoming orders and GPS-timestamped collection audit records. Starts when the shift begins; stops when the shift ends or the user logs out.
• Task Synchronization (type: dataSync) — Keeps order and collection status synchronized with the laboratory while the phlebotomist is navigating in the background.
• Notifications (type: shortService) — Delivers time-critical alerts for new order assignments and urgent sample pickups.

How Long We Keep Your Information

We retain data only for as long as it is needed for the purpose for which it was collected, or as required by applicable law.

• Location and shift data — GPS coordinates and shift activity logs are archived securely after the shift ends, per the laboratory's operational audit policy
• Patient collection records and TRF documents — Retained for 5–7 years as required by applicable health data regulations
• Payment transaction records — Retained per financial and tax compliance requirements
• Anonymized crash and diagnostic logs — Maximum 90 days, then permanently deleted
• Deactivated phlebotomist accounts — Credentials deactivated immediately; operational records archived for audit continuity

Account Deletion & Your Data

In compliance with Google Play's account deletion policy, we provide multiple ways for authorized users to request deletion of their account and personal data.

• In-App: Navigate to Settings → Account → Request Account Deletion
• By Email: Send a request to privacy@phlebo.app with your employee ID, full name, and organization name
• Via Administrator: Ask your laboratory administrator to deactivate your profile in the Phlebo management portal

Your Privacy Rights

Authorized users have the following rights with respect to their personal data. To exercise any right, contact us at privacy@phlebo.app. We will respond to verified requests within 30 days.

• Access — Request a copy of the personal data we hold about you
• Correction — Request that we correct inaccurate or incomplete data
• Deletion — Request that we delete your data, subject to legal retention requirements
• Restriction — Request that we limit how we process your data in certain circumstances
• Portability — Request your data in a portable, machine-readable format where technically feasible
• Objection — Object to processing of your data where it is based on legitimate interest
• Withdrawal of Consent — Withdraw consent at any time without affecting the lawfulness of prior processing

Children's Privacy

Phlebo is designed exclusively for adult healthcare professionals operating in an authorized professional capacity. It is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we discover that information has been inadvertently received from a person under 18, we will delete it immediately. If you have reason to believe a minor has accessed this application, please contact us immediately at privacy@phlebo.app.

Third-Party Services

Phlebo integrates the following categories of third-party services. Each is used only for its stated purpose and is bound by data processing agreements.

• Cloud Infrastructure — Encrypted backend hosting and secure API services; no independent use of data permitted
• Push Notifications (e.g., Firebase Cloud Messaging) — Only anonymized device tokens are transmitted; no patient data is shared
• Payment Gateway — Only the transaction data required to complete and record a payment is shared; governed by the provider's own PCI-DSS compliance and privacy terms
• Crash Diagnostics (e.g., Firebase Crashlytics) — Anonymized error and crash reports only; no patient data or personal identifiers are included
• Barcode Scanning — Fully on-device processing; no scan data is transmitted to any external library vendor

Changes to This Policy

We may update this Privacy Policy to reflect changes in the application, our data practices, or applicable legal requirements. When we make material changes, we will revise the effective date at the top of this document and notify authorized users through an in-app notice at least 7 days before changes take effect. Continued use of Phlebo after the revised effective date constitutes acceptance of the updated policy. If you do not agree, please discontinue use and contact your organization administrator.

Legal Compliance

Phlebo is developed and operated in compliance with:

• Google Play Store Developer Program Policies — including Medical App Policy, Sensitive Permissions Policy, Foreground Service Policy, and Data Safety requirements
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011 under the IT Act, 2000 — India
• Digital Personal Data Protection Act, 2023 (DPDPA) — India
• Applicable laboratory regulatory and healthcare record-retention requirements of the operating jurisdiction

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Privacy Team. We are committed to responding to all privacy-related inquiries within 1 business day.