Skip to main content
Genolith

Privacy Policy

Last Updated: December 22, 2025

1. Introduction

Genolith ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our CRISPR guide RNA design platform ("Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and contact information (email address, organization)
  • Account credentials (username, hashed password)
  • Role and research affiliation
  • Billing information for paid accounts

2.2 Research Data

When you use the Service, we process:

  • Guide RNA sequences and target genomic regions
  • Reference genome selections and custom genome uploads
  • Analysis parameters and configuration settings
  • Computational results, including off-target predictions and scores
  • HD research data (CAG repeats, clinical parameters, longitudinal data)

2.3 Usage Information

We automatically collect:

  • Log data (IP addresses, browser type, access times)
  • Service usage patterns (features accessed, analysis frequency)
  • Performance metrics (response times, error rates)
  • API usage for programmatic access

2.4 Communications

We retain:

  • Support requests and correspondence
  • Feedback and survey responses
  • Access request forms and onboarding information

3. How We Use Information

We use collected information to:

  • Provide and operate the Service
  • Process computational analyses and generate results
  • Authenticate users and maintain account security
  • Respond to support requests and technical issues
  • Monitor Service performance and security
  • Improve algorithms, features, and user experience
  • Comply with legal obligations and regulatory requirements
  • Prevent fraud, abuse, and security threats

4. Data Retention

We retain data according to the following policies:

  • Account Data: Retained while account is active, plus 90 days after termination
  • Research Data: Retained according to user-selected retention period (default 2 years)
  • Audit Logs: Retained for 7 years to support regulatory compliance
  • Backup Data: Retained for 30 days in encrypted backups
  • Aggregated/De-identified Data: May be retained indefinitely for research and improvement

Users may request data deletion at any time, subject to legal retention requirements.

5. Data Sharing and Disclosure

We do not sell personal data. We may share data in the following circumstances:

5.1 Service Providers

We engage third-party vendors for infrastructure (cloud hosting, database management) and support services (payment processing, email delivery). These providers are contractually bound to protect data and use it only for specified purposes.

5.2 Legal Compliance

We may disclose data to comply with legal obligations, including:

  • Court orders, subpoenas, or regulatory requests
  • Investigation of fraud, security incidents, or policy violations
  • Protection of Genolith's rights, property, or safety

5.3 Business Transfers

If Genolith is acquired or merged, user data may be transferred to the successor entity. Users will be notified of such transfers with opportunity to delete data.

5.4 With User Consent

We may share data with third parties when users explicitly authorize such sharing (e.g., API integrations, collaborative research).

6. Data Security

We implement security measures appropriate for genomic research data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access control and multi-factor authentication
  • Regular security audits and penetration testing
  • Intrusion detection and incident response procedures
  • Employee training on data protection and confidentiality

However, no system is completely secure. Users are responsible for maintaining the confidentiality of their credentials and promptly reporting suspected security incidents.

7. Protected Health Information

The Service is designed to support HIPAA-compliant workflows when handling de-identified genomic data. Users uploading protected health information (PHI) must ensure:

  • Proper de-identification according to HIPAA Safe Harbor or Expert Determination
  • Institutional Data Use Agreements are in place
  • Compliance with applicable regulations (HIPAA, GDPR, etc.)

Professional and Enterprise plans include Business Associate Agreement (BAA) execution for covered entities.

8. International Data Transfers

The Service is hosted in [jurisdiction]. Data may be transferred to and processed in countries with different data protection laws. We implement safeguards such as Standard Contractual Clauses for international transfers.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention)
  • Portability: Export your data in machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Limit how we use your data
  • Withdrawal of Consent: Revoke previously granted permissions

To exercise these rights, contact us at privacy@genolith.io. We will respond within 30 days.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Session management and authentication
  • User preferences and settings
  • Analytics and performance monitoring

Users may disable cookies through browser settings, though this may limit Service functionality. We do not use third-party advertising or tracking cookies.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices or legal requirements. Material changes will be communicated via email or Service notification 30 days before taking effect. Continued use after changes constitutes acceptance.

13. Contact Information

For privacy-related questions or requests, contact:

Email: privacy@genolith.io
Address: [Company Address]
Data Protection Officer: [DPO Contact]

14. Regulatory Compliance

Genolith maintains compliance with applicable data protection regulations, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • 21 CFR Part 11 (for regulated research submissions)

Users conducting regulated research should review our compliance documentation and coordinate with our regulatory support team.