Skip to main content

Privacy & Data Protection

Last updated: December 2025

1. Our Privacy Posture

GeneGenius is built on a simple principle: We do not need personal data to demonstrate scientific capability. And we do not touch sensitive data without explicit institutional authorization.

2. Data We Do Not Collect

On the public website and demo environments, GeneGenius does not collect, process, store, or infer: patient identifiers of any kind, Protected Health Information (PHI), genetic test results linked to individuals, demographic data related to health status, uploaded variants from users, free-text clinical notes, or any data that could reasonably be re-identified. No patient data is accepted. No patient data is simulated. No patient data is stored.

3. Public Website Data Practices

What we collect: Standard web analytics (page views, referrers, device type), voluntary contact form submissions, and scheduling metadata if initiated by you. What we do not do: No behavioral profiling, no health inference, no third-party ad tracking, no sale of data, no enrichment from external data brokers.

4. Demo Environment

The GeneGenius demo uses curated examples derived exclusively from publicly available variant databases (e.g., ClinVar). No patient context, no case histories, no submission capability, no report generation. The demo is educational, not operational.

5. Future Clinical Environments

Any future clinician workspace will operate under separate, explicit agreements including institutional contracts, Data Processing Agreements (DPAs), and jurisdiction-specific compliance requirements (HIPAA, GDPR, local regulations). No clinical data will ever be accepted without authentication, authorization, institutional consent, defined scope of use, and auditability.

6. Data Minimization

If data is not required, it is not collected. If a feature requires sensitive data, it is not exposed publicly. If a capability introduces ambiguity about privacy or compliance, it is deferred. We optimize for defensibility, not maximal data ingestion.

7. Evidence Transparency

GeneGenius demonstrates transparency by showing sources (ClinVar, PubMed, guidelines), reasoning steps, and methodology. We do not demonstrate transparency by displaying patient-linked data, simulating patient cases, or exposing institutional workflows. Transparency is about reasoning, not records.

8. Security Foundations

Where data is collected (e.g., contact forms): encrypted in transit, access-restricted, retained only as long as necessary, never shared with unauthorized third parties. Security controls evolve with system scope and deployment context.

9. Third-Party Services

GeneGenius uses a limited number of infrastructure and analytics providers for hosting, email communication, and scheduling. These providers are selected based on industry-standard security practices, contractual privacy protections, and minimal data exposure. No third party is authorized to use GeneGenius data for their own purposes.

10. International Considerations

GeneGenius operates with a global perspective. Data practices are aligned with GDPR principles, cross-border data transfer is minimized, and local regulatory requirements are respected. Compliance is contextual and jurisdiction-specific.

11. What We Do Not Claim

GeneGenius does not claim to be HIPAA-compliant on the public site, to process PHI today, to be a clinical system available for deployment, or to replace institutional privacy obligations. Any future claims will be made only when true and verifiable.

12. Accountability

Privacy decisions at GeneGenius are governed internally. Any change that would introduce patient data, expand data collection scope, or alter data usage purpose requires explicit founder approval and institutional review.

13. Contact

Questions about privacy, data handling, or governance can be directed to support@genegenius.tech.