← Back to Plain Lab

Privacy Policy

Last updated: June 2026

Plain Lab is designed to be private by default. Most of the work happens inside your browser — we do not run user accounts, and we do not store your lab results on our servers.

The short version

No accounts. No tracking pixels. Your PDF and photo files are opened and read entirely inside your browser — they are never uploaded to our servers. The only thing that leaves your device is the extracted text of your lab values (and the optional health context you choose to add), which is sent over HTTPS to our AI provider, Anthropic, solely to generate a plain-English explanation. It is not stored, logged, or used for training.

How your files are processed

When you upload a PDF or a photo, the file is parsed in your browser using on-device libraries (PDF text extraction and on-device OCR with Tesseract.js). The original file — the PDF binary, the image pixels, any embedded metadata — never leaves your device and is never uploaded to Plain Lab. Only the plain text that is extracted from the file is used for the next step.

OCR processing

Images are processed locally in your browser using Tesseract.js. Your photos never leave your device.

AI provider (Anthropic)

Lab text is sent to our AI provider (Anthropic) solely to generate your explanation. It is not stored, logged, or used for training. The transmission happens securely over HTTPS. Plain Lab does not log or persist the request or the response on its own servers. Per Anthropic's API policies, API inputs and outputs are not used to train Anthropic's models by default. You can review Anthropic's privacy practices at https://www.anthropic.com/privacy.

AI automated processing disclosure

Explanations are generated entirely by artificial intelligence with no human review. They are provided for educational and informational purposes only and are not medical diagnoses. Always consult a qualified healthcare professional for diagnosis, treatment, or any medical concerns.

Payments

Payments are processed by Stripe. We store only what Stripe requires to manage billing — such as your email and subscription status. No lab values, health information, or extracted text ever touches Stripe.

What is stored on your device

Your preferences (such as language) and any health context you fill in are saved in your browser's local storage so you do not have to re-enter them. They never leave your device unless you actively run an explanation. You can clear them at any time using the controls inside the app or by clearing your browser's site data.

Analytics

Plain Lab does not use advertising cookies or cross-site trackers. We may use minimal, privacy-respecting analytics to understand aggregate usage (such as how many explanations are generated per day). These analytics do not identify you and do not include your lab values.

Cookies

We use essential cookies only for basic site functionality. Optional analytics cookies require your consent before they are set. You can manage or withdraw your consent at any time.

GDPR / UK GDPR

If you are in the European Union or the United Kingdom, you have rights under the GDPR / UK GDPR, including the right to access, delete, or receive a portable copy of your personal data. Because we do not store accounts or lab results on our servers, there is typically no data held by us to exercise these rights against. To make a request or ask questions about how we handle data, contact us at privacy@plainlab.ai.

LGPD

If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados Pessoais (Lei 13.709/2018), including the right to access, delete, and portability of your personal data. Because we do not store accounts or lab results on our servers, there is typically no data held by us to exercise these rights against. To make a request or contact our Data Protection Officer (DPO), write to privacy@plainlab.ai.

COPPA

Our service is intended for users 18 and older. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@plainlab.ai so we can delete it promptly.

Children

Plain Lab is intended for adults. It is not directed at children under 13, and we do not knowingly process data from children.

Your rights

Because we do not store accounts or your results on our servers, there is generally no personal data on our side to access, export, or delete. To remove anything we may have cached locally, clear your browser's site data for this domain.

Changes to this policy

If we make material changes, we will update the date at the top of this page. Continued use of Plain Lab after a change means you accept the updated policy.

Contact

Questions about this policy? Email privacy@plainlab.ai.