Legal
Privacy Policy
Last updated: May 2026 · We take your genetic privacy seriously.
Private by Default
Your DNA file is never linked to your identity. No account is required and no personal identifiers are collected.
No Persistent Storage
Your uploaded file is processed in memory and discarded after analysis. We do not retain your raw genetic data on our servers.
No Data Selling
We never sell, rent, or share your genetic data with third parties — advertisers, insurers, or anyone else.
Minimal Collection
We collect only what is needed to operate the service: anonymous session data and standard server logs. No cookies for tracking.
1. What We Collect
Genox is designed with a minimal data footprint. Here is exactly what we collect:
We do not collect your name, email, date of birth, or any other personally identifiable information unless you voluntarily provide it (e.g., by contacting us).
2. How We Use Your Data
Your data is used solely to:
- Parse and decode your 23andMe raw data file.
- Query public genomic databases (GWAS, SNPedia, ClinVar) to generate your report.
- Maintain session continuity while you view your results.
- Monitor and improve service reliability and security.
3. Data Sources for Results
Genox generates results by cross-referencing your genetic variants against the following publicly available databases:
GWAS Catalog
Genome-Wide Association Studies — population-level statistical associations between variants and traits.
SNPedia
A community wiki of SNP annotations and health associations curated from published research.
ClinVar
NCBI's database of genomic variants and their reported clinical significance.
Important: These databases reflect population-level research. The data is not 100% certain or complete, and scientific understanding evolves continuously. Results should not be used for clinical or medical decision-making.
4. Data Sharing
We do not sell, trade, rent, or share your genetic data or personal information with any third party, including advertisers, insurance companies, pharmaceutical companies, or government agencies, except when required by law.
Third-party services we use (such as hosting infrastructure) may process request metadata (IP, timestamps) under their own privacy policies, but they do not receive your genetic data.
5. Data Retention
Your uploaded DNA file is held in memory only during the processing pipeline and is not written to permanent storage. Once your session ends or expires, no copy of your raw genetic file remains on our systems.
Session tokens and server logs are retained for up to 30 days for security purposes, after which they are automatically deleted.
6. Your Rights
Since we do not store your genetic data after your session ends, there is no persistent record to access, correct, or delete. However, you have the right to:
- Not upload your data — the Service is entirely opt-in.
- Contact us if you have concerns about how data is handled.
- Request information about what logs (if any) are associated with a specific session.
7. Security
We use industry-standard security practices including encrypted connections (HTTPS/TLS) for all data in transit. Because raw genetic data is not persisted, the attack surface for data exfiltration is minimized.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated date. We encourage you to review this page periodically.
9. Contact
If you have questions or concerns about this Privacy Policy or our data practices, email us at support@g3nox.com. We are committed to addressing privacy concerns promptly.
Also see our Terms of Use
Covers acceptable use, data accuracy disclaimers, and liability.