Our Promise
Your Privacy Is Not Negotiable
Genetic data is among the most sensitive information you own. These aren't marketing promises — they're structural commitments built into how SoDNAscan works.
We will never sell your genetic data
Your DNA data is yours. It will never be sold, licensed, or shared with data brokers under any circumstances.
We will never share your data with insurers or employers
Your genetic information will never be disclosed to insurance companies, employers, or any third party that could use it against you.
We will never use your data for research without explicit consent
If we ever conduct research, your participation will require clear, separate, informed consent. Opt-in only, always.
We will never store data longer than you want
Request deletion at any time. We'll permanently remove your genetic data, health books, and all personal information — with a full export first.
We will never run third-party tracking scripts
No third-party analytics, no advertising pixels, no third-party cookies. Our self-hosted, cookie-free analytics collects no personal data and never shares data externally.
We will never make diagnostic medical claims
SoDNAscan provides wellness information with confidence scoring. We're transparent about evidence strength and always recommend working with healthcare providers.
How We Protect Your Data
Encryption
All genetic data is encrypted in transit (TLS 1.3) and at rest (AES-256). Authentication tokens are stored in httpOnly cookies — never in localStorage or sessionStorage where they could be accessed by scripts.
Zero Third-Party Tracking
SoDNAscan uses only self-hosted, cookie-free analytics that collects no personal data — no third-party analytics, no advertising pixels, no third-party cookies. We use only strictly necessary cookies for authentication. Your browsing behavior is never profiled or shared with advertisers.
Data Portability & Deletion
You can export all your data at any time (GDPR Article 20 — data portability). When you request account deletion, we permanently remove all personal data, genetic files, health books, and associated records. An audit trail confirms the erasure.
Data Processing
Your genetic data is processed under a Data Processing Agreement with Standard Contractual Clauses. Processing partners retain data for a maximum of 7 days for safety monitoring, do not use your data for model training, and delete it automatically.
Regulatory Compliance
SoDNAscan is designed for compliance with GDPR (EU), CCPA/CPRA (California), and MHMDA (Washington State). We maintain comprehensive legal documentation including a Data Protection Impact Assessment, Records of Processing Activities, and multi-jurisdictional privacy policies.