1. Introduction

ai Gene X™, operated by ai Swing X™ ("Company", "we", "us"), is committed to protecting your privacy, especially regarding highly sensitive genetic information. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your personal information.

2. Information We Collect

2.1 Account Information: When you register, we collect your username, email address, and encrypted password. If you sign in via Google or GitHub OAuth, we receive your name and email from those services.

2.2 Genetic Data (VCF Files): When you upload a VCF file, we temporarily process it to extract SNP variant information. The raw VCF file is permanently deleted immediately after analysis.

2.3 Extracted Genotype Data: Essential variant data (rsID, genotype) is encrypted using Fernet symmetric encryption and stored for your Gene Type analysis. This data is accessible only through your authenticated account.

2.4 Usage Data: We automatically collect page views, referrer URLs, IP addresses, device type, and browser information to improve our service and analyze traffic patterns.

2.5 Payment Data: Payment transactions are processed entirely by Stripe. We do not store, process, or have access to your credit card numbers or banking information.

3. How We Use Your Information

• To analyze your genetic data and generate Gene Type results
• To authenticate your identity and secure your account
• To process subscriptions and payments via Stripe
• To send service-related notifications (password resets, account alerts)
• To analyze site traffic and improve user experience
• To comply with legal obligations

4. Genetic Data Protection

We treat genetic data as the most sensitive category of personal information and apply the following safeguards:

• Immediate Deletion: Raw VCF files are deleted immediately after processing. They are never archived, backed up, or retained.
• Encryption at Rest: All extracted genotype data is encrypted with Fernet (AES-128-CBC) before storage.
• No Third-Party Access: Genetic data is never sold, shared, licensed, or disclosed to any third party, including researchers, advertisers, insurance companies, employers, or government agencies.
• No Profiling: We do not use your genetic data for targeted advertising, insurance risk assessment, employment screening, or any form of discrimination.
• User Control: You may request complete deletion of all your genetic data and account at any time.

5. Cookies and Tracking Technologies

We use cookies for:

• Essential cookies: Session management, authentication, CSRF protection
• Analytics cookies: Internal page view tracking (we do not use Google Analytics or third-party trackers)

You can disable cookies in your browser settings, but some features may not function properly.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share limited information only in the following circumstances:

• Stripe: For payment processing (Stripe's own Privacy Policy applies)
• Legal Compliance: When required by law, subpoena, court order, or to protect our legal rights
• Service Providers: Infrastructure providers (server hosting) under strict confidentiality agreements, with no access to genetic data

7. Data Retention

• VCF files: Deleted immediately after analysis (zero retention)
• Encrypted genotype data: Retained until you delete your account
• Account information: Retained until you delete your account
• Usage/analytics data: Retained for up to 12 months, then aggregated or deleted
• Payment records: Retained as required by tax and financial regulations

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request complete deletion of your account and all associated data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing activities
• Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at aiswingx.com@gmail.com.

9. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your data may be transferred to and processed in the U.S. By using the Service, you consent to this transfer. We apply appropriate safeguards to protect your data regardless of location.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information or genetic data from anyone under 13. If we become aware that we have collected data from a child under 13, we will promptly delete it.

11. Security Measures

• HTTPS/TLS encryption for all data in transit
• Fernet (AES) encryption for genetic data at rest
• CSRF protection on all forms and state-changing requests
• Secure password hashing (PBKDF2-HMAC-SHA512 with salt)
• Server-level firewall and access controls
• Regular security reviews and updates

While we implement industry-standard safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact us at the email below.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction, and portability. Our lawful basis for processing is consent (for genetic data) and legitimate interest (for analytics). To exercise your rights, contact us at the email below.

14. Genetic Information Nondiscrimination (GINA)

We are committed to the principles of the Genetic Information Nondiscrimination Act (GINA). We do not use genetic information for employment or insurance-related decisions, and we do not provide genetic data to entities that might use it for such purposes.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may notify you through the Service. Your continued use after changes are posted constitutes acceptance.

16. Contact Us

For privacy-related questions, data requests, or concerns:

aiswingx.com@gmail.com