GenoLensGenoLens

Privacy Policy

Last updated: January 2025

For Research Use Only. GenoLens is not a medical device and is not intended for use in diagnostic procedures. No patient data should be entered into or processed by this service.

1. What We Collect

GenoLens collects the minimum data necessary to provide our service:

  • Account information: Email address and authentication credentials when you create an account (optional).
  • Query history: Gene symbols, variant IDs, HPO terms, and disease names you look up — stored only if you are signed in and have history enabled.
  • Favorites: Items you explicitly save to your favorites list.
  • Preferences: Display settings and configuration choices.
  • Usage analytics: Anonymized, aggregated usage patterns (e.g., feature usage counts) to improve the product. No personally identifiable information is included.

What we do NOT collect: We do not monitor your browsing history, read page content beyond your explicit text selections, or store any patient or clinical data.

2. How We Use Your Data

  • To provide genomic annotation lookups in response to your queries.
  • To maintain your query history and favorites (if signed in).
  • To sync your preferences across devices.
  • To improve service performance and reliability.
  • To communicate important service updates (with your consent).

3. Data Storage & Infrastructure

Your data is stored using the following services:

  • Supabase (PostgreSQL): User accounts, query history, favorites, and preferences. Protected by Row Level Security (RLS) — only you can access your own data.
  • Upstash Redis: Anonymized API response caching to improve performance. Cache keys are hashed and cannot be traced back to individual users.
  • Local browser storage: For users without accounts, preferences are stored locally in chrome.storage.local and never leave your device.

4. Third-Party APIs

When you perform a lookup, GenoLens queries public genomic databases on your behalf (HGNC, ClinVar, gnomAD, PanelApp, UniProt, PharmGKB, ClinGen, Ensembl VEP, Open Targets, LitVar2, Europe PMC, HPO, DDG2P, Orphanet). These queries contain only the gene/variant/term you selected — no personal information is transmitted to these services.

5. Data Retention

  • Query history: Retained until you delete it or close your account.
  • API cache: Automatically expires after 24 hours.
  • Account data: Retained while your account is active. Deleted within 30 days of account closure.

6. Your Rights

In accordance with GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your account and all associated data.
  • Portability: Export your query history and favorites.
  • Restriction: Limit how we process your data.
  • Objection: Object to data processing for specific purposes.

To exercise any of these rights, contact us at privacy@genolens.app.

7. Security

All data is transmitted over HTTPS. Database access is protected by Row Level Security policies. API keys are never exposed in client-side code. We follow industry best practices for secure application development.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, contact us at privacy@genolens.app.