Privacy & Security
Your genetic data is yours. We designed Trait with privacy-first architecture.
๐Client-Side Processing by Default
Your DNA file never leaves your device by default. All parsing and analysis happens in your browser using JavaScript. We never see your raw genetic data.
When you upload a file, it's read locally, analyzed in-browser, and the report is generated entirely on your machine. No servers. No uploads. No storage.
๐งฌWhat We Don't Collect
- Your raw DNA file (it never leaves your device)
- Individual SNP genotypes (processed locally, never transmitted)
- Your name, email, or identity (unless you explicitly sign up for updates)
- Browser fingerprints or tracking pixels
๐What We Do Collect (Minimal)
- Anonymous usage analytics: page views, button clicks (via privacy-focused analytics)
- Email (optional): if you sign up for updates or purchase a premium report
- Payment info: processed by Stripe (PCI-compliant), we never see your card details
๐ก๏ธSecurity Measures
- HTTPS everywhere: all connections encrypted with TLS 1.3
- No third-party trackers: no Google Analytics, Facebook Pixel, or ad networks
- Open source parser: you can audit our DNA parsing code on GitHub
- Minimal dependencies: we don't use bloated libraries that could leak data
๐Server-Side Processing (Optional Premium)
For users who want advanced features (GWAS cross-reference across 1M+ associations, PDF generation, email delivery), we offer optional server-side processing. Here's how it works:
- Encrypted upload: your file is transmitted over HTTPS to our secure server
- Ephemeral processing: we analyze your DNA, generate the report, then immediately delete your file
- Zero retention: we do not store your raw DNA data or individual SNPs
- Report delivery: your PDF is emailed to you and stored temporarily (7 days) for re-download, then deleted
You choose: free client-side (100% private) or paid server-side (advanced features, still ephemeral).
โ๏ธLegal & Compliance
- GDPR compliant: we minimize data collection and respect your right to deletion
- HIPAA-aligned: we treat genetic data with medical-grade privacy standards
- No data sales: we will never sell, share, or license your genetic data to third parties
- Law enforcement: we have no genetic data to hand over (client-side processing)
๐งชResearch & Anonymization
We believe genetic research advances humanity. If we ever use anonymized, aggregated data for research:
- You will opt-in explicitly (never automatic)
- Data will be fully anonymized (no individual identification possible)
- We will publish our methodology and make findings public
As of now, we are not conducting any research using user data.
Questions or Concerns?
We take privacy seriously. If you have questions about how we handle your data, email us:
privacy@trait.bioLast updated: February 24, 2026