Privacy & Security Policy for GenesUnveiled
Last updated: April 19, 2026

1) Introduction

At GenesUnveiled (“we,” “us,” or “our”), privacy and security are central to how we design and operate our service.

This policy explains how we collect, use, disclose, and protect personal information when you visit GenesUnveiled.com, create an account, purchase a subscription, contact support, or otherwise use our website and services.

We have designed GenesUnveiled so that DNA analysis runs locally on your device by default. That means we do not collect, receive, or store your raw DNA file or your per-variant results on our servers as part of normal use of the service.

Controller:
We act as the data controller for personal information related to account access, billing, support, marketing preferences, cookie preferences, and website security.

No controller processing of genetic data:
Because your raw DNA file and per-variant results are processed locally on your device and are not sent to us during normal use, we are not acting as a controller of that genetic data.

If you voluntarily send us genetic information in a support email, screenshot, or attachment, we may process that information only to handle your request.

2) What we collect

We may collect the following categories of personal information.

Account and contact information:

Name, email address, and account credentials such as a hashed password.
Billing and transaction information:
Subscription status, payment-related records, and limited transaction metadata needed for billing, accounting, fraud prevention, and support. We do not store full payment card details on our own servers.
Device, usage, and security information:
IP address, browser type, operating system, pages viewed, approximate region derived from IP, and diagnostic, performance, and security logs.

Communications:

Support emails, contact form submissions, responses to customer-service inquiries, and marketing preferences.
Cookie and consent records:
Cookie consent choices and records needed to document privacy preferences where required by law.

Genetic data:
By default, we do not collect your raw DNA file or per-variant results. Those remain on your device unless you deliberately share them with us.

3) How we use personal information & legal bases (GDPR)

Provide the service:
We use personal information to create and manage accounts, authenticate sessions, administer subscriptions, process payments through our payment providers, provide access to purchased features, and respond to support requests related to the service.
Legal basis: performance of a contract, or steps taken at your request before entering into a contract.
Site security & reliability:
We use personal information to detect abuse, prevent fraud, maintain service stability, troubleshoot issues, investigate suspicious activity, and protect the website and its users.
Legal basis: legitimate interests.
Improve our product:
We may use non-genetic usage, performance, and diagnostic information to improve usability, fix issues, and understand how the service is working at a general level.
Communications:
We use personal information to send service-related messages, security notices, billing messages, support replies, and marketing emails where you have given consent where required.
Legal basis: contract, legitimate interests, or consent, depending on the message.
Legal compliance:
We may use personal information where needed to comply with applicable law, enforce our terms, respond to lawful requests, or protect our rights, users, or the public.
Legal basis: legal obligation or legitimate interests, as applicable.

We do not use your raw DNA file or per-variant results for product analytics, advertising, or profiling because we do not collect that data as part of normal operation.

Where we collect personal information in order to create or maintain your account, process payments, or provide purchased features, that information is necessary to provide the service. If you do not provide it, we may not be able to create your account, process your purchase, or give you access to the relevant features. We do not make decisions producing legal or similarly significant effects based solely on automated processing of the personal information described in this policy.

4) Cookies & tracking

Essential cookies:
We use essential cookies and similar technologies to operate the site, maintain login sessions, support security, and ensure core functionality.

Non-essential cookies:
Where required by law, non-essential cookies such as analytics are used only with your consent.

Managing your choices:
You can manage your cookie preferences through our consent tools where available. You can also block or delete cookies in your browser, although some site features may no longer work properly.

Global Privacy Control (GPC):
Where applicable, we recognize legally relevant browser-based privacy signals such as Global Privacy Control for activities covered by applicable law.

5) Sharing & disclosures

We do not sell or rent personal information.

We may share limited personal information with service providers that help us operate GenesUnveiled, such as providers involved in website infrastructure (WIX), payments (Stripe, PayPal), communications, security, or professional support. These providers are used only to support our business operations and are expected to handle data under appropriate safeguards.

Website hosting & platform:

Wix.com and related Wix infrastructure for website hosting, platform services, performance, logging, and core site functionality.

Payments:
Stripe and PayPal for payment processing and related billing operations. We do not store full card details ourselves.

Email and service communications:
Our website platform/provider and any associated communications tools used to send account, billing, or support-related messages.

Legal & safety disclosures:
We may disclose personal information where required by law, in response to lawful requests, to protect our rights, users, website, or the public, or in connection with a merger, restructuring, acquisition, financing, or sale of assets.

6) International transfers

We and our providers may process personal data in several countries, including the United States, Ireland, Israel, South Korea, and Taiwan in connection with Wix infrastructure, and the United States and other countries in connection with payment providers such as Stripe and PayPal.

For EEA/UK personal data:

Transfers involving Israel may rely on the EU’s adequacy framework for Israel.

Transfers to U.S.-based providers may rely on the EU-U.S. Data Privacy Framework where the provider participates. Stripe states that it participates in the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Where an adequacy decision or applicable DPF participation does not apply, transfers are made using Standard Contractual Clauses and any supplementary measures required under applicable law. Wix states that transfers to third countries without an adequate level of protection are undertaken under the current Standard Contractual Clauses in Wix’s DPA. PayPal also states that it operates in many countries and takes steps in accordance with EU and UK data protection laws to protect personal data transferred internationally.

Because provider arrangements and regulatory mechanisms can change over time, we may update this section when needed.

7) Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this policy, including security, support, legal, accounting, tax, and dispute-resolution purposes.

Our current retention framework:

Account identifiers (such as name and email)
Purpose: provide and secure your account
Retention: life of account + 24 months
Authentication & security logs
Purpose: fraud prevention and debugging
Retention: 12 months
Billing & transaction records
Purpose: accounting, tax, fraud prevention, and chargebacks
Retention: 7 years
Support tickets and support history
Purpose: troubleshooting history and support continuity
Retention: 24 months after last interaction
Cookie consent records
Purpose: legal compliance proof
Retention: 5 years

If you delete your account, we will begin deletion or deactivation processes for the personal information we control, except where retention is required or permitted by law.

8) Your rights

Depending on where you live, you may have privacy rights regarding the personal information we control.

For EEA/UK users, these may include the right to access, rectify, erase, restrict, object, and receive portability of personal information, the right to withdraw consent where processing is based on consent, and the right to lodge a complaint with your supervisory authority.

For California and similar U.S. state privacy laws, rights may include the right to know/access, correct, delete, and opt out of sale, sharing, or targeted advertising if those concepts ever become applicable to our practices.

These rights may include:

The right to access personal information
The right to correct inaccurate personal information
The right to delete personal information
The right to restrict or object to certain processing
The right to data portability in certain cases
The right to withdraw consent where processing is based on consent
The right to lodge a complaint with a supervisory authority or regulator

How to exercise:
Email: support@genesunveiled.com and explain your request.

Contact

We may need to verify your identity before we act on a request. In some cases, the law allows us to limit or deny a request.

Marketing:
If you receive marketing emails from us, you can unsubscribe at any time.

9) California Notice at Collection

If California or similar U.S. state privacy laws apply to you, this section provides additional notice.

Categories of personal information we may collect may include:

Identifiers, such as name, email address, account identifiers, or IP address
Purpose: account administration, support, billing, fraud prevention, and security
Retention: generally life of account + 24 months for account identifiers, unless a longer period is required by law

Commercial information, such as subscription status and transaction-related records
Purpose: billing, accounting, tax, fraud prevention, chargebacks, and customer support
Retention: generally 7 years where required for accounting, tax, or legal compliance

Internet or network activity, such as page views, browser data, device data, and diagnostic logs
Purpose: website functionality, security, troubleshooting, and service improvement
Retention: generally 12 months for authentication and security logs, unless longer retention is reasonably necessary for security or legal reasons

Coarse geolocation inferred from IP
Purpose: fraud prevention, security, and service delivery
Retention: generally aligned with related security and diagnostic logging periods

Account credentials and related security information
Purpose: authentication, account protection, and fraud prevention
Retention: generally for the life of the account and for a limited period afterward where necessary for security or dispute handling

Cookie and consent records
Purpose: privacy preference management and legal compliance
Retention: generally 5 years

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising in the ordinary operation of the service.

We do not use sensitive personal information beyond what is reasonably necessary to provide and secure the service, unless we later state otherwise.

If our practices materially change, we will update this policy and provide any notices or controls required by law.

10) Security

We use administrative, technical, and organizational safeguards designed to protect the personal information we control. We also intentionally minimize central exposure of the most sensitive category of data in our service by not storing raw DNA files or per-variant results as part of normal use.

Our safeguards may include, as appropriate to the size and risk profile of the service:

restricted access to account and billing-related information;
strong authentication and access controls for administrative access;
monitoring, logging, and troubleshooting controls;
incident-response procedures; and
secure provider infrastructure for hosting and payments.

Provider notes

Wix platform security:

GenesUnveiled is built on Wix for website infrastructure and hosting. Wix currently states that all Wix sites use HTTPS and SSL, that data in transit is protected using HTTPS over TLS 1.2 and above, and that user data at rest is encrypted with AES-256.

Stripe payment security:
Payments are handled through Stripe. Stripe currently states that it is certified to PCI Service Provider Level 1, the highest standard of certification in the payments industry, and Stripe also states that it participates in the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF.

PayPal payment security:
Where PayPal is offered as a payment option, payment processing and account security are handled through PayPal’s own infrastructure. PayPal states that it uses encryption, TLS-secured connections, and 24/7 fraud monitoring to help protect transactions and financial information. PayPal also states that its payment systems support PCI-compliant processing.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. However, we work to apply safeguards appropriate to the nature of the data we handle and to reduce unnecessary centralized processing of highly sensitive data. Doing DNA analysis client-side is our strongest safety practice, and materially reduces server-side exposure of genetic data.

11) Children’s privacy

Our service is not directed to children under 16.

If you believe that a child under 16 has provided personal information to us, contact us and we will review the situation and take appropriate action.

12) Changes

We may update this policy from time to time to reflect changes in the law, our services, or our operational practices.

When we do, we will update the “Last updated” date at the top of this page. Where required, we will provide additional notice.

13) Contact

For privacy questions or rights requests, contact: