Privacy & Data Protection

1. Our Privacy Posture

GeneGenius is built on a simple principle: We do not need personal data to demonstrate scientific capability. And we do not touch sensitive data without explicit institutional authorization.

Privacy is not a feature layered on top of the product. It is a constraint that shapes what we build, what we show, and what we deliberately exclude.

2. Data We Do Not Collect

On the public website and demo environments, GeneGenius does not collect, process, store, or infer:

No patient data is accepted. No patient data is simulated. No patient data is stored.

3. Public Website Data Practices

What we collect: Standard web analytics (page views, referrers, device type), voluntary contact form submissions, and scheduling metadata if initiated by you.

What we do not do: No behavioral profiling, no health inference, no third-party ad tracking, no sale of data, no enrichment from external data brokers.

4. Demo Environment

The GeneGenius demo uses curated examples derived exclusively from publicly available variant databases (e.g., ClinVar). No patient context, no case histories, no submission capability, no report generation. The demo is educational, not operational.

5. Future Clinical Environments

Any future clinician workspace will operate under separate, explicit agreements including institutional contracts, Data Processing Agreements (DPAs), and jurisdiction-specific compliance requirements (HIPAA, GDPR, local regulations). No clinical data will ever be accepted without authentication, authorization, institutional consent, defined scope of use, and auditability.

6. Data Minimization

If data is not required, it is not collected. If a feature requires sensitive data, it is not exposed publicly. If a capability introduces ambiguity about privacy or compliance, it is deferred. We optimize for defensibility, not maximal data ingestion.

7. Evidence Transparency

GeneGenius demonstrates transparency by showing sources (ClinVar, PubMed, guidelines), reasoning steps, and methodology. We do not demonstrate transparency by displaying patient-linked data, simulating patient cases, or exposing institutional workflows. Transparency is about reasoning, not records.

8. Security Foundations

Where data is collected (e.g., contact forms): encrypted in transit, access-restricted, retained only as long as necessary, never shared with unauthorized third parties. Security controls evolve with system scope and deployment context.

9. Third-Party Services

GeneGenius uses a limited number of infrastructure and analytics providers for hosting, email communication, and scheduling. These providers are selected based on industry-standard security practices, contractual privacy protections, and minimal data exposure. No third party is authorized to use GeneGenius data for their own purposes.

10. International Considerations

GeneGenius operates with a global perspective. Data practices are aligned with GDPR principles, cross-border data transfer is minimized, and local regulatory requirements are respected. Compliance is contextual and jurisdiction-specific.

11. What We Do Not Claim

GeneGenius does not claim to be HIPAA-compliant on the public site, to process PHI today, to be a clinical system available for deployment, or to replace institutional privacy obligations. Any future claims will be made only when true and verifiable.

12. Accountability

Privacy decisions at GeneGenius are governed internally. Any change that would introduce patient data, expand data collection scope, or alter data usage purpose requires explicit founder approval and institutional review.

13. Contact

Questions about privacy, data handling, or governance can be directed to:

GeneGenius is built for environments where mistakes are costly. Our privacy posture reflects that reality.

Restraint is not a limitation. It is a signal of seriousness.