Privacy Policy
Last updated: April 8, 2026 · Applies to varianttriage.com
VariantTriage is a research tool. We do not upload, store, or transmit any genomic or VCF file data. All variant analysis is performed entirely in your browser.
1. Data Controller
VariantTriage is operated by an individual (sole trader) based in Belgium. For all privacy-related inquiries, contact us at hello@varianttriage.com.
2. What Data We Collect
When you create an account or use our service, we may collect:
- Account data: email address, name (optional)
- Payment data: processed securely by Stripe — we do not store card details
- Usage data: pages visited, features used, timestamps
- Technical data: IP address, browser type, device type
- Consent records: timestamp and IP when you accept our research disclaimer
We do not collect, store, or process any genomic data, VCF files, or patient health information. All file analysis occurs locally in your browser.
3. Legal Basis for Processing (GDPR)
- Contract performance (Art. 6(1)(b)): to provide the service you signed up for
- Legitimate interests (Art. 6(1)(f)): to improve our service and prevent fraud
- Legal obligation (Art. 6(1)(c)): to comply with applicable laws
- Consent (Art. 6(1)(a)): for research disclaimer acknowledgment
4. How We Use Your Data
- To create and manage your account
- To process payments via Stripe
- To send transactional emails (account verification, receipts)
- To maintain audit logs of research consent
- To improve the service
We do not sell your data. We do not use your data for advertising.
5. Data Sharing
We share data only with essential service providers:
- Stripe (stripe.com) — payment processing
- Anthropic (anthropic.com) — AI analysis (only variant metadata you explicitly submit, no genomic files)
- Hosting provider — server infrastructure in the EU
6. Data Retention
- Account data: retained while your account is active + 1 year after deletion
- Payment records: 7 years (legal requirement)
- Consent logs: 3 years
- Usage analytics: 12 months
7. Your Rights (GDPR)
As a user in the EU/EEA, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — at any time, where processing is based on consent
To exercise any of these rights, email us at hello@varianttriage.com. We will respond within 30 days.
8. Cookies
We use only essential cookies and localStorage for authentication and user preferences. We do not use tracking or advertising cookies. No cookie consent banner is required.
9. Security
We implement appropriate technical and organisational measures to protect your data, including HTTPS encryption, hashed passwords, and access controls.
10. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email of significant changes. The "last updated" date at the top reflects the most recent revision.
11. Contact & Complaints
For any privacy questions: hello@varianttriage.com
You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données): dataprotectionauthority.be