Privacy & Security

Your genetic data is yours. We designed Trait with privacy-first architecture.

๐Ÿ”’Client-Side Processing by Default

Your DNA file never leaves your device by default. All parsing and analysis happens in your browser using JavaScript. We never see your raw genetic data.

When you upload a file, it's read locally, analyzed in-browser, and the report is generated entirely on your machine. No servers. No uploads. No storage.

๐ŸงฌWhat We Don't Collect

  • Your raw DNA file (it never leaves your device)
  • Individual SNP genotypes (processed locally, never transmitted)
  • Your name, email, or identity (unless you explicitly sign up for updates)
  • Browser fingerprints or tracking pixels

๐Ÿ“ŠWhat We Do Collect (Minimal)

  • Anonymous usage analytics: page views, button clicks (via privacy-focused analytics)
  • Email (optional): if you sign up for updates or purchase a premium report
  • Payment info: processed by Stripe (PCI-compliant), we never see your card details

๐Ÿ›ก๏ธSecurity Measures

  • HTTPS everywhere: all connections encrypted with TLS 1.3
  • No third-party trackers: no Google Analytics, Facebook Pixel, or ad networks
  • Open source parser: you can audit our DNA parsing code on GitHub
  • Minimal dependencies: we don't use bloated libraries that could leak data

๐Ÿ”Server-Side Processing (Optional Premium)

For users who want advanced features (GWAS cross-reference across 1M+ associations, PDF generation, email delivery), we offer optional server-side processing. Here's how it works:

  • Encrypted upload: your file is transmitted over HTTPS to our secure server
  • Ephemeral processing: we analyze your DNA, generate the report, then immediately delete your file
  • Zero retention: we do not store your raw DNA data or individual SNPs
  • Report delivery: your PDF is emailed to you and stored temporarily (7 days) for re-download, then deleted

You choose: free client-side (100% private) or paid server-side (advanced features, still ephemeral).

โš–๏ธLegal & Compliance

  • GDPR compliant: we minimize data collection and respect your right to deletion
  • HIPAA-aligned: we treat genetic data with medical-grade privacy standards
  • No data sales: we will never sell, share, or license your genetic data to third parties
  • Law enforcement: we have no genetic data to hand over (client-side processing)

๐ŸงชResearch & Anonymization

We believe genetic research advances humanity. If we ever use anonymized, aggregated data for research:

  • You will opt-in explicitly (never automatic)
  • Data will be fully anonymized (no individual identification possible)
  • We will publish our methodology and make findings public

As of now, we are not conducting any research using user data.

Questions or Concerns?

We take privacy seriously. If you have questions about how we handle your data, email us:

privacy@trait.bio

Last updated: February 24, 2026