โ Genomics HubGenomic Data Privacy
Last updated: 2026-04-01 ยท Version 2.1
Your DNA is yours. When you share genomic data with Medic Oath, it is anonymised, aggregated, and used solely to find cures. We will never sell it, identify you, or give it to anyone.
Anonymisation
- All identifying information (names, DOB, addresses) is removed at the point of contribution.
- Differential privacy applied to all aggregated queries (epsilon = 0.1 for genomic fields, 1.0 for demographics).
- Variant frequencies published only when sample size exceeds 100 individuals.
- We store only processed variant calls (VCF-derived), not raw sequence data (FASTQ/BAM).
Aggregation, Not Individual Data
- We publish population-level statistics, not individual genotypes.
- No user can query for an individual person's genetic data -- prevented by architecture, not just policy.
- Our knowledge graph contains gene-disease-drug relationships, never gene-person relationships.
No Commercial Use of Your Data
- Data is published free โ no restrictions for medical research. Terms of service prohibit use for insurance discrimination, targeted advertising, or commercial genetic testing.
- We will never sell data to pharmaceutical companies, insurance providers, or employers.
Right to Deletion
- Request deletion at any time via privacy@medicoath.com with your contributor ID. Processed within 30 days.
- Deletion removes your contribution from future aggregations. Previously published population statistics cannot be retroactively altered (mathematical limitation of aggregation).
GDPR Compliance
- Compliant with EU GDPR, UK DPA 2018, and equivalent regulations.
- Lawful basis: legitimate interest (Art 6(1)(f)) for anonymised research; explicit consent (Art 6(1)(a)) for contributions.
- DPO contact: dpo@medicoath.com. DPIAs conducted for all new genomic processing activities.
Government Access
- No genomic data provided to any government agency without a valid court order.
- We will challenge overly broad or unconstitutional requests. Transparency reports published.
- Zero government requests received to date.
Technical Security
- Encrypted at rest (AES-256) and in transit (TLS 1.3). Mutual TLS for database access.
- Raw contributor data restricted to 3 authorised personnel. All access logged and audited.
- Self-hosted infrastructure in GDPR-compliant data centres. No third-party analytics or tracking.
- Annual third-party penetration testing with published results.
Children and Minors
- No contributions from individuals under 18 without explicit parental/guardian consent.
- Institutional paediatric data must comply with research ethics board approval.
Policy Changes
- All contributors notified by email 30 days before material changes. Changes never retroactively reduce protections.
- Full version history tracked in our public Git repository.
Questions about genomic data privacy?
privacy@medicoath.com
Data Protection Officer: dpo@medicoath.com
