Skip to main content

Privacy Policy

Last updated: March 2026

This privacy policy applies to DNA Explore (dnaexplore.ai), operated by Hollens Holdings LLC, an Oregon limited liability company. References to “DNA Explore,” “we,” “us,” or “our” in this policy refer to Hollens Holdings LLC.

1. Overview & Our Philosophy

DNA Explore is built on a simple principle: your genetic data is the most personal information that exists, and we should never have access to it. Privacy is not a feature we added — it is the fundamental architecture of the application. Your raw genome file is processed entirely in your web browser using client-side JavaScript. It is never uploaded to our servers, stored in any database, logged, cached, or transmitted to any third party.

We recognize that genetic information falls within the most sensitive category of personal data under both U.S. and international law. We have designed DNA Explore specifically to minimize our role as a data processor and to ensure that you — and only you — retain control of your genetic information at all times.

2. Local Processing Architecture

When you upload a genome file, all parsing and analysis happen locally in your browser:

  • Your raw genome file is read by JavaScript running in your browser tab
  • SNP matching, risk score calculation, pharmacogenomics inference, and nutrigenomics analysis all execute client-side
  • Your genotype data is held in browser memory and optionally persisted to IndexedDB (a browser-local database) for session continuity
  • No raw genetic data crosses the network during analysis

This architecture means that even in the event of a server compromise, your raw genetic data cannot be exposed — because our servers never have it.

3. AI-Powered Features & Data Transmission

When you actively choose to use AI features (the “Ask My DNA” chat, the AI Health Report, the “Explain This” variant feature, or the “Ask AI About This” export), variant summaries — not your raw genome file — are sent to our server, which forwards them to Anthropic's Claude API for processing.

What IS sent to Anthropic's API when you use AI features:

  • SNP identifiers (rsIDs) and your genotype at those specific positions
  • Computed polygenic risk scores and percentiles
  • Metabolizer phenotypes (e.g., “CYP2C19 intermediate metabolizer”)
  • Gene-gene interaction results
  • Nutrigenomics recommendations
  • Your chat messages when using the AI assistant

What is NEVER sent:

  • Your raw genome file
  • Your full genotype data (only curated, pre-selected variants are included)
  • Your name, email address, or any personal identifiers
  • Your IP address (requests are proxied through our server — Anthropic does not see your IP)
  • Any browser fingerprinting data
  • Any data from IndexedDB or localStorage beyond the specific variants relevant to your query

Per Anthropic's API usage policy, data sent via the API is not used to train their models. We do not store, log, or retain any data from these API requests on our servers. Requests are proxied in real-time and not persisted. No server-side logs of genetic data are maintained.

4. No Sale of Genetic Data

DNA Explore does not sell, license, share, rent, or otherwise disclose your genetic information to any third party for any purpose, including but not limited to:

  • Pharmaceutical companies or drug developers
  • Insurance companies (health, life, disability, or long-term care)
  • Employers or employment screening services
  • Data brokers or data aggregators
  • Advertising or marketing companies
  • Research institutions (unless you separately and explicitly consent)
  • Law enforcement (we have no data to provide)

This is not merely a policy choice — it is an architectural impossibility. Because your genetic data is processed locally and never stored on our servers, we literally cannot sell or share what we do not have.

5. Advertising & Tracking — What We Use (and What We Don't)

We believe in being upfront: DNA Explore uses exactly one tracking tool — the Meta Pixel — and it never goes anywhere near your genetic data.

What the Meta Pixel does: It runs on our marketing pages (the landing page, blog posts, and comparison pages) to measure which of our ads brought you here. That's it — basic ad attribution so we know what's working. It records page views on those marketing pages and helps us understand traffic from our Facebook and Instagram campaigns.

What the Meta Pixel never touches: The pixel is never loaded on the dashboard, results page, or any page where your genetic data is displayed. We architecturally exclude it from those pages. Meta's JavaScript never executes in the same context as your genome data. This is a deliberate privacy boundary.

Server-side conversion tracking (Meta Conversions API): When you complete a purchase, we send a single “Purchase” event to Meta via their Conversions API (CAPI) so we can measure ad performance. The only personal data included in this event is a SHA-256 hash of your email address — your actual email is never sent to Meta in plain text. No genetic data, genotype information, or analysis results are included. This server-side event is sent once at the time of purchase and is not repeated.

Beyond those tools, DNA Explore does not use:

  • Analytics services: No Google Analytics, Mixpanel, Amplitude, PostHog, Plausible, or any other analytics platform
  • Other tracking pixels: No LinkedIn Insight Tag, Twitter/X pixel, or any other advertising tracker
  • First-party cookies: No tracking cookies or session cookies. Meta may set its own third-party cookies via the pixel on marketing pages
  • Browser fingerprinting: No canvas fingerprinting, WebGL fingerprinting, or any device identification technique

All fonts are self-hosted at build time (no external requests to Google or other CDNs). We do not collect IP addresses, usage data, click data, scroll data, or browser metadata.

6. IndexedDB & localStorage

To preserve your data across page refreshes, we store your parsed genome data in your browser's IndexedDB and chat messages in localStorage. This data:

  • Never leaves your device
  • Is not accessible to our servers or any third party
  • Can be cleared at any time using the “Clear data” button on the dashboard
  • Can also be removed by clearing your browser's site data

7. Data Deletion & Your Control

Since your genome data is stored only in your browser, you have complete and immediate control over its deletion:

  • Dashboard “Clear data” button: Removes all data from IndexedDB and localStorage instantly
  • Browser site data: Clearing site data for this domain removes all stored information
  • Closing browser: Data in memory is immediately freed (IndexedDB persists until cleared)

There is no server-side data to request deletion of. We retain no backups, archives, or residual copies of your genetic information because we never receive it in the first place.

Consent records: When you accept our Terms of Service or consent to material changes, we record a timestamp of your acceptance for legal compliance purposes. These consent records contain no genetic data — only the fact and time of your agreement.

8. Payment Processing & Stripe

When you purchase full access, your payment is processed by Stripe, Inc., a PCI-DSS Level 1 compliant payment processor. Stripe collects your email address and payment details (card number, expiration, CVC) directly on their hosted checkout page. DNA Explore never sees or stores your card details.

After a successful payment, we receive the following from Stripe:

  • Your email address (used to create a signed access token so you can restore access if you return later)
  • A payment intent ID (an internal transaction reference)
  • Payment status (paid / unpaid)

Your email is stored only inside a cryptographically signed token (HMAC-SHA256) in your browser. We do not maintain a database of customer emails, names, or payment records on our servers. If you use the “Restore Access” feature, your email is sent to Stripe's API to look up whether a matching payment exists — we do not store this lookup ourselves.

As the merchant of record, the operator of DNA Explore can view transaction details — including your email address — in the Stripe merchant dashboard. This is standard for any online purchase and is required for customer support, refunds, and legal compliance. Your email will never be used for marketing, sold, or shared with any party other than Stripe.

Stripe's handling of your payment data is governed by Stripe's Privacy Policy.

9. Third Parties — Summary

DNA Explore integrates with the following third-party services:

  • Anthropic (Claude API): Receives variant summaries when you use AI features. No personal identifiers are sent. See Section 3.
  • Stripe: Processes payments and collects your email and card details on their hosted checkout page. See Section 8.
  • Meta (Facebook): Receives page-view events via the Meta Pixel on marketing pages, and a single server-side purchase event (with your hashed email) via the Conversions API when you complete a purchase. See Section 5. No genetic data is ever shared with Meta.

No other third parties receive any data of any kind. We do not use third-party authentication, customer support tools, or embedded widgets that could collect data.

10. Data Breach Notification

Because DNA Explore does not store genetic data on our servers, the risk of a genetic data breach from our infrastructure is architecturally eliminated. However, in the unlikely event that our server infrastructure is compromised in a way that could affect the security of AI API requests in transit, we commit to:

  • Investigating promptly and transparently
  • Posting a notice on this website within 72 hours of confirmed discovery
  • Describing the nature and scope of any compromise
  • Providing guidance on any steps users should take

11. Children's Privacy

DNA Explore is intended for users 18 years of age or older. We do not knowingly process genetic data from individuals under 18. We do not collect any personal information that would be subject to the Children's Online Privacy Protection Act (COPPA). Parents and guardians should not upload a minor's genetic data to this tool.

12. Your Rights Under Privacy Frameworks

Because DNA Explore processes data locally in your browser, most traditional data rights are automatically and inherently satisfied — you always have direct access to and control over your data. For transparency, we outline applicable rights:

Under GDPR (European Economic Area):

  • Right of Access: Your data is stored locally in your browser — you have direct access at all times
  • Right to Erasure: Click “Clear data” to delete all stored data instantly
  • Right to Portability: Your genome data is in your original file format — it is inherently portable
  • Right to Object: You can stop using AI features at any time to prevent data from being sent to Anthropic's API
  • Legal basis for processing: Consent (you affirmatively choose to upload and analyze your data)

Under CCPA / CPRA (California):

  • Right to Know: This policy describes all data we collect and how it is used
  • Right to Delete: Click “Clear data” to remove all locally stored data. We retain no server-side data to delete.
  • Right to Opt-Out of Sale: We do not sell personal information to any third party. We have never sold personal information.
  • Right to Non-Discrimination: We do not discriminate against users who exercise their privacy rights
  • Sensitive Personal Information: Genetic data is classified as sensitive personal information under CPRA. Our local-processing architecture ensures this data remains under your exclusive control.

Under State Genetic Privacy Laws:

  • California (CalGIPA / SB-41): We do not collect, use, or disclose genetic data as defined under California law. Your genetic data is processed locally and never transmitted to or stored by DNA Explore.
  • Illinois (Genetic Information Privacy Act): We do not collect genetic information as defined under Illinois law. No genetic data is stored on our servers or shared with third parties.
  • Florida (Genetic Information Privacy Act): We acknowledge that genetic test results are the exclusive property of the person tested. Your data remains under your sole control.

13. Genetic Information as Biometric Data

Some jurisdictions classify genetic information as biometric data. Under the Illinois Biometric Information Privacy Act (BIPA) and similar state laws, biometric data is subject to heightened protection requirements. DNA Explore's local-processing architecture is designed to comply with these requirements by ensuring that genetic data is never collected, stored, or transmitted by our systems. The only biometric-adjacent data that crosses the network is pre-computed summary statistics (risk percentiles, metabolizer phenotypes) when you opt into AI features — not raw genetic or biometric identifiers.

14. International Users

DNA Explore is operated from the United States. If you are accessing this tool from outside the United States, please be aware that when you use AI features, variant summary data is transmitted to servers in the United States. By using AI features, you consent to this transfer. Your raw genetic data never leaves your browser regardless of your location.

15. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes — such as modifications to what data is collected, how it is used, or which third parties receive it — we will notify you by displaying a prominent in-app consent prompt. Material changes require your affirmative acceptance before you may continue using DNA Explore. Non-material changes (formatting, clarifications, contact updates) may be made by updating this page. We encourage you to review this policy periodically.

16. Contact

If you have questions about this privacy policy or our data practices, please reach out at legal@dnaexplore.ai.