Privacy Policy

Last updated: March 24, 2026

Overview

AllerGenome (“we,” “us,” or “our”) takes the privacy of your genetic data seriously. This policy explains what data we collect, how we process it, and your rights regarding that data.

What We Collect

When you use AllerGenome, we collect:

  • Genetic data: The raw DNA file you upload (23andMe, AncestryDNA, or SelfDecode format). We extract approximately 50 allergy-relevant SNP variants from this file.
  • Account information: Your email address and payment details (processed by Stripe — we never store full card numbers).
  • Usage data: Basic analytics about how you interact with our site (page views, session duration). We do not use third-party tracking pixels.

How We Process Your Genetic Data

Your raw DNA file follows this pipeline:

  1. You upload your file via our encrypted (TLS 1.3) connection.
  2. Our system extracts only the ~50 allergy-relevant SNPs. We do not read, store, or analyze any other genetic information.
  3. The extracted variants are used to generate your personalized cascade analysis and supplement protocol.
  4. Your raw DNA file is permanently deleted from our servers after processing. We retain only the extracted SNP data tied to your report.

What We Do NOT Do

  • We do not store your full genome.
  • We do not sell, share, or license your genetic data to any third party — ever.
  • We do not use your data for research without explicit, separate consent.
  • We do not share data with insurance companies, employers, or law enforcement (except when compelled by valid legal process).

Data Storage & Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Your extracted SNP data is stored in a secured database with row-level access controls. Only you can access your report.

Data Retention & Deletion

Raw DNA files are deleted immediately after processing. Your report and extracted SNP data are retained for the lifetime of your account so you can re-access your report at any time.

You may request complete deletion of all your data at any time by emailing hello@allergenome.com. We will delete all records within 30 days of your request and send confirmation.

Third-Party Services

We use the following third-party services:

  • Stripe — Payment processing. Stripe's privacy policy governs payment data.
  • Supabase — Database and authentication infrastructure (SOC 2 Type II compliant).
  • Vercel — Hosting and deployment.
  • Anthropic (Claude API) — AI-powered protocol generation. We send only extracted SNP data (not raw files) to generate your protocol. Anthropic does not retain inputs for training.

Your Rights

You have the right to:

  • Access all data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of all your data.
  • Export your report data in a portable format.
  • Withdraw consent for data processing at any time.

For any privacy-related requests, email hello@allergenome.com.

GINA Compliance

The Genetic Information Nondiscrimination Act (GINA) prohibits discrimination based on genetic information in health insurance and employment. AllerGenome will never share your genetic data with insurers or employers.

Changes to This Policy

We may update this policy as our practices evolve. We will notify you of material changes via email. Continued use of AllerGenome after changes constitutes acceptance.