← Back to Help Center

Security & Privacy

Your genetic data deserves the highest level of protection

Our Privacy Promise

We never sell your data. Your genetic information is never sold to third parties, period.

We never share with employers or insurers. Your data is never shared with employers, insurance companies, or anyone without your explicit consent.

You own your data. Download, export, or delete your data at any time.

Healthcare-Grade Security

We use the same security standards trusted by hospitals and healthcare systems.

HIPAA Aligned

Our infrastructure and processes are aligned with HIPAA requirements for protecting health information.

SOC 2 Aligned

Security controls aligned with SOC 2 Trust Service Criteria for data protection, availability, and confidentiality.

Quest Diagnostics Labs

Your blood sample is processed by Quest Diagnostics, a CLIA/CAP certified clinical laboratory.

GDPR-Aligned

Full support for European data protection rights including access, correction, and deletion.

Data Encryption

Your genetic data is encrypted at every stage - from upload to storage to analysis.

In Transit

  • • TLS 1.3 encryption for all connections
  • • End-to-end encryption for file uploads
  • • Secure API connections

At Rest

  • • AES-256 encryption for all stored data
  • • Per-user encryption keys
  • • Cloudflare-managed encryption keys

Where Your Data Lives

Your data is stored on Cloudflare infrastructure with enterprise-grade security.

Cloudflare R2 & D1

Your VCF files and genomic blobs are stored in Cloudflare R2 object storage; your account and analysis records live in Cloudflare D1, with automatic redundancy across Cloudflare's network.

US Data Centers

All data is stored in US-based data centers that meet HIPAA requirements.

Isolated Storage

Each user's genetic data is stored in an isolated, encrypted container with unique access keys.

Who Can Access Your Data

You

Full access to view, download, and delete your data through your secure dashboard.

Our Analysis Systems

Automated systems process your VCF file for variant classification. Human access is limited and logged.

Healthcare Providers

Only if you explicitly share reports or grant access. We never share without your consent.

Audit Logging: All access to your data is logged. You can view access logs in your dashboard settings.

Your Data Rights

You have full control over your genetic data:

Right to Access

Download all your data at any time from your dashboard.

Right to Correction

Request corrections to any personal information.

Right to Deletion

Delete your account and all associated data permanently.

Right to Portability

Export your VCF file and reports in standard formats.

Research Participation

Contributing to genomic research is completely optional:

Opt-In Only

Research participation is strictly opt-in. Your data is never included in research without your explicit consent.

Always Anonymized

If you choose to participate, your data is fully de-identified before being included in any research.