Privacy Policy
Last updated: February 18, 2026
Who we are
GeneOps is operated by GeneOps Inc. For privacy inquiries, contact us at ops@geneops.ai.
What data we collect
Account data
Your email address and optional display name. No passwords — we use magic link authentication.
Genetic data Special category
If you upload a genome file, we process it to identify specific genetic variants relevant to health. Your raw genome file (containing hundreds of thousands of data points) is classified as special category data under GDPR Article 9 — the most sensitive classification. We match your data against approximately 454 health-relevant variants in our database.
Health profiles
Computed summaries and recommendations based on your matched genotypes, organized by health category.
Payment data
If you pay, we store a Stripe customer ID and payment timestamp. We never see or store your card number — that is handled entirely by Stripe.
Session cookie
A single encrypted cookie to keep you logged in. No third-party tracking cookies on pages showing your personal genetic data.
How we use your data
| Purpose | Data | Legal basis |
|---|---|---|
| Personalized genetic insights | Genetic data, health profiles | Explicit consent (Art. 9(2)(a)) |
| Account management | Email, display name | Contract (Art. 6(1)(b)) |
| Login links | Contract (Art. 6(1)(b)) | |
| Payment processing | Stripe customer ID | Contract (Art. 6(1)(b)) |
| Offspring analysis | Both connected users' genotypes | Explicit consent from both |
| Ad campaign measurement | Hashed email, page visits (public pages only) | Legitimate interest (Art. 6(1)(f)) |
Your genetic data
- We never sell, rent, or share your genetic data with any third party.
- Your genome data is processed and stored entirely on our own servers in the EU. It is never transmitted to external services.
- You can delete all your genetic data at any time from your account page. Deletion is immediate and permanent.
- We never store your raw genome file. It is processed to extract relevant variants and immediately deleted. Only your matched genotypes (~454 variants) are retained.
- You can export all your data in machine-readable format (JSON/CSV) at any time.
Marketing & analytics
We use the X (formerly Twitter) pixel on public pages only to measure the effectiveness of our advertising campaigns. This tracking is never active on pages that show your personal genetic results, including your dashboard, uploads, action tracker, health profile, and offspring reports.
- The X pixel loads on public pages (homepage, knowledge base, SNP articles, login) to track anonymous page views.
- Server-side conversion events (sign-up, payment) use only a one-way hash of your email — your actual email address is never sent to X.
- Your genetic data is never shared with any advertising platform. No genetic information is transmitted to X or any other third party.
- You can block this tracking entirely using any standard ad blocker (uBlock Origin, etc.).
Who we share data with
We use two external services. Neither has access to your genetic data.
| Service | Data shared | Purpose | Safeguard |
|---|---|---|---|
| Stripe | Email, payment info | Payment processing | EU-US Data Privacy Framework |
| SendGrid (Twilio) | Email address | Email delivery | EU-US Data Privacy Framework |
| X Corp (Twitter) | Page visits (public pages), hashed email (conversions) | Ad campaign measurement | Public pages only; never on genetic data pages |
International transfers
Your genetic data is processed and stored exclusively within the EU. Your email address is transmitted to SendGrid (US) for email delivery and to Stripe (US) for payment processing, both protected by the EU-US Data Privacy Framework. No genetic data leaves the EU.
How long we keep your data
| Data | Retention |
|---|---|
| Raw genome file | Never stored — processed and immediately deleted |
| Matched genotypes & health profiles | Until you delete your data or your account |
| Account data | Until you delete your account |
| Magic link tokens | Expire automatically after 15 minutes |
| Payment records | 7 years (legal accounting obligations) |
Your rights
Under GDPR, you have the following rights. We aim to respond within 30 days.
Access
View all your stored data on your account page.
Portability
Download all your data in JSON and CSV format from your account page.
Erasure
Delete your genetic data or your entire account at any time. Deletion is immediate and permanent.
Rectification
Upload a new genome file to replace your previous results.
Restriction
Request that we stop processing while a concern is resolved.
Complaint
File a complaint with your local data protection authority.
Security measures
- • All data transmitted over HTTPS (TLS encryption in transit)
- • No passwords to breach — magic link authentication only
- • Server access restricted to SSH key authentication
- • Ad measurement pixel on public pages only — never on pages showing personal genetic data
- • Servers located in the EU
Cookies
We use a single strictly necessary session cookie to keep you logged in. It is encrypted and transmitted only over HTTPS. On public pages (homepage, knowledge base, SNP articles), the X advertising pixel may set a cookie for campaign measurement purposes. This pixel is never loaded on pages that display your personal genetic data.
Children
We do not knowingly collect data from persons under 16 years of age.
Changes to this policy
We update the date at the top when this policy changes. Material changes to how we process genetic data will be communicated directly to affected users.
Contact
- Privacy contact
- ops@geneops.ai
- Supervisory authority
- Andmekaitse Inspektsioon — aki.ee