LEGAL
Privacy Policy
Last updated: April 2026
1. Overview
DNAChain ("we", "us") provides chain-of-custody and consent management software for genomics research. This policy explains what information we collect, how we use it, and the rights you have. It applies to dnachain.bio and the DNAChain application.
2. Information we collect
- Account data: name, email, organization, and authentication credentials.
- Usage data: log entries, IP addresses, device type, and feature interactions used to operate and secure the service.
- Customer data: sample metadata, custody events, consent records, and audit logs you create in the platform. We process this on your behalf as a data processor.
- Billing data: handled by our payment processor (Stripe). We do not store full card numbers.
3. How we use information
To operate, secure, and improve DNAChain; to provide customer support; to comply with legal obligations; and to communicate service updates. We do not sell personal data and we do not use customer data to train models.
4. Cryptographic audit chain
DNAChain hashes custody events with SHA-256 and links each event to the previous one to form a tamper-evident chain. No personally identifiable information, donor data, or specimen data is exposed in the chain itself — only one-way digests used to prove integrity. The full chain is exportable and independently verifiable.
5. Sub-processors
We rely on a small number of vetted sub-processors for cloud hosting, payment processing, email delivery, and error monitoring. A current list is available on request.
6. Data retention
Customer data is retained for the life of your account plus a defined recovery window. You can export or delete your workspace at any time from the settings page.
7. Your rights
Depending on your jurisdiction (GDPR, CCPA, etc.) you may have rights to access, correct, delete, or port your personal data. Email support@ordex-systems.com to exercise these rights.
8. Contact
Questions? Email support@ordex-systems.com.