Welcome to AloLabs+ ("we," "us," "our," or "the Company"). We are committed to protecting your
privacy and handling your personal and health information with the highest level of care and
security.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you
use our mobile application and services (collectively, the "Service"). AloLabs+ is a healthcare
technology platform that connects patients with laboratory testing services in the Kurdistan Region
of Iraq, primarily operating in the Duhok area.
🏥 What We Do:
Facilitate booking of medical laboratory tests
Provide home blood sample collection through our certified technicians (authorized by Hanasa
Medical Lab)
Coordinate laboratory testing with certified medical laboratory partners
Deliver digital test results through our secure app
Manage appointments and medical history
⚠️ Important: By using our Service, you agree to the collection and use of
information in accordance with this Privacy Policy. If you do not agree with our policies and
practices, please do not use our Service.
Our Commitment: We comply with applicable Iraqi and Kurdistan Regional Government
privacy laws and regulations, as well as Apple App Store and Google Play Store requirements for
health-related applications.
2Information We Collect
We collect various types of information to provide and improve our Service. The information we
collect falls into several categories:
2.1 Personal Information
👤
Name
First and last name
📧
Email
Email address
📱
Phone
Phone number
🎂
Birth Date
Date of birth
⚧
Gender
Gender information
🏠
Address
Home address for sample collection
📸
Profile Picture
Optional photo
👨👩👧👦
Family Info
Family member accounts
2.2 Health Information (Sensitive Data)
🔐 Highly Sensitive Information: Health data is protected with the highest
security standards and medical confidentiality laws.
Lab Test Orders: Tests you request and book through our app
Test Results: Laboratory blood test results and medical reports
Medical History: Health information relevant to your tests
Previous Results: Historical test results you upload
Prescriptions: Doctor prescriptions for medical tests
2.3 Location Data
GPS Location: Used to find nearby laboratories and show maps
Home Address: For scheduling sample collection at your location
Real-time Location: During active appointments to track technician arrival
Background Location: Only collected during active appointments (you can disable
this)
2.4 Photos and Camera Access
Profile Pictures: Optional photos for your account
Medical Documents: Photos of prescriptions and previous reports you upload
Camera Access: Only when you actively take photos within the app
2.5 Device Information
Phone model and manufacturer
Operating system (iOS or Android) and version
Device identifier (for security purposes)
App version you're using
IP address
Crash reports and error logs (to fix bugs)
2.6 Usage Information
Features and pages you use in the app
Time spent in the app
Buttons you click and interactions
Appointment history and booking patterns
Search queries within the app
2.7 Payment Information
Transaction records (amount, date, service purchased)
Payment method type (cash on delivery, card, etc.)
Note: We do NOT store credit card numbers. Payment processors handle all card
data securely.
2.8 Communications and Notifications
Firebase Cloud Messaging (FCM) tokens to send you notifications
Notification preferences
Communication history with customer support
📱 Sign-In Methods: You can create an account using email, phone number, Google
Sign-In, or Apple Sign-In. When using social sign-in, we only receive basic profile information
(name, email) that you authorize.
3How We Use Your Information
We use the collected information for the following purposes:
3.1 Provide Medical Laboratory Services
Process and manage your lab test bookings
Dispatch our certified technicians (authorized by Hanasa Medical Lab) for blood sample
collection
Coordinate with your chosen laboratory for laboratory testing
Deliver test results to you securely
Maintain your medical history and appointment records
Schedule and manage home collection visits
3.2 Communication
Send appointment reminders and confirmations
Notify you when test results are ready
Provide customer support and respond to inquiries
Send important service updates and announcements
Emergency notifications when necessary
3.3 Service Delivery and Operations
Track technician location during appointments (so you know when they'll arrive)
Find and display nearby laboratories on maps
Navigate technicians to your home for sample collection
Process payments and manage billing
Verify technician identity and credentials
3.4 Improve Our Service
Analyze app usage to improve features and user experience
Fix bugs, crashes, and technical issues
Develop new features and services
Optimize app performance and loading times
Understand which features are most valuable to users
3.5 Security and Legal Compliance
Prevent fraud and unauthorized access
Protect user accounts and data
Comply with Iraqi and Kurdistan health regulations
Respond to legal requests from authorities
Enforce our Terms of Service
🎯 Marketing Communications: We do NOT send marketing messages by default. If we
introduce marketing features in the future, you will be able to opt-out at any time.
4Sharing Your Information
We share your information only with trusted partners who help us provide our Service. Here's who we
share with and why:
4.1 Laboratory Partners (For Testing Services)
🏥 Certified Medical Laboratories in Kurdistan Region
What We Share with Your Chosen Laboratory:
Patient name and contact information
Test orders and appointment details
Blood samples collected by our authorized technicians
Relevant medical history for testing
Doctor prescriptions when applicable
What the Laboratory Does:
Receive and process blood samples at their laboratory facility
Perform laboratory testing and analysis
Generate test results and reports
Take full responsibility for test result accuracy and quality
Laboratory Licensing: All partner laboratories are licensed by Kurdistan
Regional Government health authorities and bound by medical confidentiality laws.
4.2 Hanasa Medical Lab (For Technician Authorization)
🩺 Technician Authorization & Oversight
What We Share with Hanasa Medical Lab:
Technician employment and training records
Quality control and performance data
Sample collection procedures and protocols
What Hanasa Medical Lab Does:
Authorize and oversee our blood collection technicians
Provide training and certification for our technicians
Supervise quality standards for blood sample collection
Ensure compliance with medical collection standards
Important: ALL AloLabs+ blood collection technicians are authorized and
supervised by Hanasa Medical Lab, regardless of which laboratory you choose for testing.
4.3 What AloLabs+ Does
📱 Our Role:
Employ and manage certified blood collection technicians (authorized by Hanasa Medical Lab)
Send our technicians to collect blood samples at your home
Transport samples to the laboratory you choose
Deliver digital results through our app (we only transmit results, not interpret or validate
them)
⚠️ Important Disclaimer: AloLabs+ is NOT responsible for the accuracy, quality,
or interpretation of laboratory test results. The chosen laboratory is fully responsible for all
testing, analysis, and result accuracy. We only facilitate the blood collection and digital
delivery of results.
Google Maps: Displays maps, finds nearby labs, provides navigation for
technicians
Payment Processors: Handle credit card payments securely (we never see your
card numbers)
Cloud Storage: Stores encrypted medical documents and test results
4.5 Government and Legal Authorities (Only When Required by Law)
Kurdistan Regional Government health authorities
Iraqi Ministry of Health
Law enforcement agencies (only with valid court order)
Regulatory bodies conducting audits
4.6 Business Transfers
If AloLabs+ is involved in a merger, acquisition, or sale of assets, your information may be
transferred. We will notify you before your information becomes subject to a different privacy
policy.
⚠️ We DO NOT:
Sell your personal or health information to third parties
Share your data with advertisers
Use your health information for marketing purposes
Share data with social media platforms (unless you use social sign-in)
5Data Security
We implement comprehensive security measures to protect your personal and health information:
5.1 Encryption
Data in Transit: All data transmitted over the internet is encrypted using
HTTPS/TLS protocols
Data at Rest: Health information stored in our databases is encrypted using
AES-256 encryption
End-to-End Protection: Your sensitive health data is protected from the moment
you enter it until it reaches authorized recipients
5.2 Access Control
Only authorized staff members can access user data
Role-based access controls limit who can see sensitive information
Multi-factor authentication for staff accounts
Regular access audits and monitoring
5.3 Firebase Security
Enterprise-level security provided by Google Cloud Platform
ISO 27001 certified infrastructure
Regular security audits and penetration testing
Automated threat detection and prevention
5.4 Password Protection
Passwords are hashed using industry-standard algorithms
We cannot read or access your password
Password reset only through verified email or phone number
5.5 Technician Verification
All AloLabs+ blood collection technicians undergo background checks
Technicians are certified professionals authorized by Hanasa Medical Lab
Regular training and quality oversight
Identity verification before home visits
5.6 Regular Security Audits
Periodic security assessments and vulnerability testing
Compliance reviews for health data protection
Incident response procedures and monitoring
⚠️ No System is 100% Secure: While we implement strong security measures, no
internet transmission or electronic storage is completely secure. We continuously work to
improve our security, but cannot guarantee absolute security. Please use strong passwords and
keep your account credentials confidential.
6Your Rights and Choices
You have significant control over your personal and health information. Here are your rights:
6.1 Access Your Data
View all your personal information in the app settings
Access your complete medical history and test results
Request a copy of all data we hold about you
Download your test results as PDF files
6.2 Correct Your Information
Update your profile information anytime
Correct errors in your personal details
Contact support to update health information
6.3 Delete Your Account
Request account deletion through app settings or customer support
Most data will be permanently deleted within 30 days
Important: Medical records must be retained for 10 years as required by Iraqi
health law
Financial records retained for 7 years per Iraqi tax law
6.4 Export Your Data
Download all your test results
Export your medical history
Request a complete data package
6.5 Control Location Tracking
Turn off GPS location in your device settings
Disable background location tracking
Note: Some features (like finding nearby labs) require location access
6.6 Manage Notifications
Control which notifications you receive
Turn off push notifications in app settings
Unsubscribe from promotional emails (if any)
6.7 Opt-Out of Marketing
We don't send marketing by default
You can opt-out of any future marketing communications
Essential service notifications (appointment reminders, results) cannot be disabled
6.8 Withdraw Consent
Withdraw consent for data processing at any time
Note: This may limit your ability to use certain features
We retain your information for different periods depending on the type of data and legal
requirements:
7.1 Medical Records
Retention Period: 10 years from last appointment
Legal Requirement: Iraqi health law mandates medical record retention
Includes: Test results, lab orders, prescriptions, medical history
Note: Even if you delete your account, medical records are retained as required
by law
7.2 Financial Records
Retention Period: 7 years from transaction date
Legal Requirement: Iraqi tax law requirements
Includes: Payment records, invoices, transaction history
7.3 Personal Information
Active Accounts: Retained while your account is active
Inactive Accounts: Deleted after 3 years of inactivity (except
medical/financial records)
Deleted Accounts: Most personal data deleted within 30 days
7.4 Usage and Analytics Data
Retention Period: 2 years for analysis and service improvement
Anonymized Data: May be retained longer for statistical purposes
7.5 Communication Records
Customer Support: 3 years for quality and training purposes
Legal Communications: As required by applicable law
📅 Why We Retain Data: Data retention is necessary for legal compliance, medical
continuity of care, financial auditing, and protecting both your rights and ours in case of
disputes.
8Children's Privacy
⚠️ Age Requirements:
Our Service is intended for users 18 years and older
We do not knowingly collect personal information from children under 18
If you are under 18, do not create an account or provide personal information
8.1 Parents and Legal Guardians
Parents or legal guardians may create accounts and book services on behalf of minors
The parent/guardian's account will manage all minor's health information
Parents are responsible for all information provided about minors
8.2 Family Accounts
You can add family members (including children) to your account
Family member health data is protected with the same security measures
Only the primary account holder can access family member information
8.3 If We Learn of Children's Data
If we become aware that we have collected personal information from a child under 18 without parental
consent, we will take steps to delete that information as soon as possible. Please contact us at privacy@alolabsplus.com if you believe we have
collected data from a minor.
9International Data Transfers
Our Service primarily operates within the Kurdistan Region of Iraq. However, some data may be
transferred internationally:
9.1 Cloud Service Providers
Firebase/Google Cloud: Data may be stored on servers in multiple countries
Security: All data is encrypted during transfer and storage
Compliance: Service providers comply with international data protection
standards
9.2 Data Protection
We ensure adequate data protection measures for international transfers
Contractual agreements with service providers mandate data security
Compliance with applicable international data transfer regulations
9.3 Primary Data Location
Medical Records: Primarily stored and processed in Iraq/Kurdistan Region
Blood Sample Collection: Performed by AloLabs+ technicians (authorized by
Hanasa Medical Lab) in Kurdistan Region
Laboratory Testing: Conducted at certified medical laboratories in Kurdistan
Region chosen by users
10Cookies and Tracking Technologies
10.1 Mobile App
Our mobile app does not use traditional browser cookies but uses similar technologies:
Local Storage: Store app preferences and settings on your device
Session Management: Keep you logged in securely
Analytics SDKs: Collect anonymous usage data to improve the app
Crash Reporting: Automatically send crash reports to help us fix bugs
10.2 Website
Our website (alolabsplus.com) may use cookies for:
Remembering your language preference
Analytics (Google Analytics or similar)
Essential website functionality
10.3 Third-Party Tracking
Firebase Analytics: Tracks app usage patterns
Crash Analytics: Monitors app stability
No Advertising Tracking: We do not use tracking for advertising purposes
10.4 Your Control
You can disable analytics in app settings
Disable cookies in your browser for our website
Use device privacy settings to limit tracking
11Third-Party Services
Our app integrates with several third-party services. Each has its own privacy policy:
⚠️ Important: We are not responsible for the privacy practices of third-party
services. Please review their privacy policies before using these features.
12Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology,
legal requirements, or other factors.
12.1 How We Notify You
In-App Notification: Alert when you open the app after an update
Email Notification: For significant changes affecting your rights
Updated Date: The "Last Updated" date at the top of this policy
12.2 Material Changes
For significant changes, we will:
Provide prominent notice in the app
Require your consent before the changes take effect
Give you the option to delete your account if you disagree
12.3 Your Acceptance
Continued use of the Service after updates means you accept the changes
If you don't agree, please stop using the Service and contact us to delete your account
📢 Stay Informed: We recommend reviewing this Privacy Policy periodically. Check
the "Last Updated" date to see when changes were made.
13Iraqi & Kurdistan Regional Legal Compliance
AloLabs+ operates in full compliance with Iraqi and Kurdistan Regional Government laws and
regulations:
13.1 Health Regulations
Compliance with Iraqi Ministry of Health regulations
Kurdistan Regional Government (KRG) health authority requirements
Medical confidentiality laws protecting patient privacy
Laboratory licensing and certification standards
13.2 Data Protection
10-year retention of medical records as required by Iraqi health law
7-year retention of financial records per Iraqi tax regulations
Protection of sensitive health information under medical privacy laws
13.3 Laboratory Licensing and Technician Authorization
All partner laboratories are licensed by KRG health authorities for laboratory testing
AloLabs+ blood collection technicians are authorized and supervised by Hanasa Medical
Lab
All technicians are certified medical professionals with proper training
Laboratory operations comply with Kurdistan health standards
Hanasa Medical Lab provides authorization and oversight for all our blood collection technicians
13.4 Legal Jurisdiction
This Privacy Policy is governed by the laws of the Republic of Iraq
Kurdistan Regional Government regulations apply to our operations
Disputes are subject to courts in Kurdistan Region (Duhok/Erbil)
13.5 Government Requests
We may disclose information to government authorities when:
Required by Iraqi or KRG law
Presented with a valid court order
Necessary for public health or safety
Requested by health regulatory authorities for audits
14Apple App Store & Google Play Store Requirements
This section provides transparency required by Apple and Google for health-related apps:
14.1 Data Collection Summary
🔐
Encrypted
All data is encrypted in transit and at rest
🗑️
Deletable
You can request account deletion
🏥
Health Data
Protected by medical confidentiality
🤝
Shared
With chosen laboratory for testing
14.2 Data Types Collected (App Store Declaration)
Contact Information: Name, email, phone number
Health & Fitness: Lab test results, medical history
Location: Precise location for service delivery
User Content: Photos, uploaded documents
Identifiers: User ID, device ID
Usage Data: App interactions, analytics
Diagnostics: Crash data, performance data
14.3 Data Linked to You
The following data is linked to your identity:
Personal and health information
Location data
Payment information
Usage data
14.4 Data Used to Track You
We do NOT use data to track you across other companies' apps or websites
We do NOT share data with data brokers
Analytics are used only for app improvement
14.5 Required vs. Optional Data
Required: Name, phone, address (for service delivery)
Optional: Email, profile picture, family members
15Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal
information, please contact us: