Privacy Policy
Last updated: January 25, 2025
The Key Point
Your genetic data never leaves your browser. GenomeGist processes your genome file entirely on your device using JavaScript. We never upload, store, transmit, or have access to your raw genetic data.
1. Information We Collect
1.1 Genetic Data (NOT Collected)
We do not collect your genetic data. When you upload a genome file to GenomeGist, the file is processed entirely within your web browser. The file contents are never sent to our servers. We have no ability to access, view, or store your genetic information.
1.2 Payment Information
When you purchase a Full Access token, payment is processed by our third-party payment processor, Paddle. We do not directly collect or store your payment card information. Paddle's privacy policy governs how they handle your payment data: Paddle Privacy Policy .
We receive from Paddle:
- Your email address (for token delivery and order confirmation)
- Transaction ID and order details
- Country (for tax purposes)
1.3 Access Tokens
When you purchase the Service, we generate an access token and store it in our database along with:
- The token itself (a random string)
- Number of sessions remaining
- Timestamp of last session activation
- Email address (for token recovery)
- Purchase date
1.4 Browser Storage
GenomeGist stores the following in your browser's localStorage:
- Your access token (if you've entered one)
- Your output format preference
- Your category selection preference
This data remains on your device and is not transmitted to us. You can clear this data at any time through your browser settings or by clicking the "Clear" button in the app.
1.5 Analytics (Limited)
We may use minimal, privacy-respecting analytics to understand how the Service is used (e.g., page views, feature usage). We do not use analytics that track individual users across sites or collect personal information. We do not use Google Analytics or similar invasive tracking tools.
2. How We Use Information
We use the information we collect to:
- Deliver your access token via email
- Validate tokens and manage session access
- Provide customer support and respond to inquiries
- Process refunds when requested
- Send important service updates (rarely)
- Improve the Service based on aggregate usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Data Retention
- Token records: Retained indefinitely to allow token recovery and session management. You may request deletion by contacting us.
- Email addresses: Retained as long as your token record exists.
- Payment records: Retained as required by law for tax and accounting purposes (typically 7 years).
4. Data Security
We implement appropriate technical and organizational measures to protect the information we store:
- Token data is stored in encrypted databases
- All connections use HTTPS encryption
- Access to systems is restricted and logged
- We do not store sensitive genetic data (the most sensitive data never reaches us)
5. Third-Party Services
We use the following third-party services:
- Paddle: Payment processing. Privacy Policy
- Cloudflare: Website hosting and CDN. Privacy Policy
- Resend: Transactional email delivery. Privacy Policy
6. Cookies
GenomeGist does not use cookies for tracking or advertising. We may use essential cookies required for the Service to function (e.g., security tokens). Third-party services we use may set their own cookies according to their privacy policies.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information
- Object to certain processing of your information
- Data portability (receive your data in a structured format)
To exercise these rights, contact us at privacy@genomegist.com. We will respond within 30 days.
8. Children's Privacy
GenomeGist is not intended for use by children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
9. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
For questions or concerns about this Privacy Policy or our data practices,
contact us at:
Email: privacy@genomegist.com
12. Data Processing Details (GDPR)
For users in the European Economic Area:
- Data Controller: GenomeGist (contact: privacy@genomegist.com)
- Legal Basis: Contract performance (to deliver the Service you purchased), legitimate interests (to improve the Service), and consent (for optional communications)
- Data Protection Officer: For small-scale processing, we have not appointed a DPO. Contact privacy@genomegist.com for data protection inquiries.