1 · What this policy covers
This policy applies to lucydna.ca, our mobile/web applications, pilot-study portals, and customer-support channels linking here. It does not cover external partner or laboratory websites.
2 · Information we collect
| Category | Examples | Why we need it |
|---|
| Basic account data | Name, email, secure password hash | Create and secure your profile |
| Shipping & billing | Address, last-four card digits | Deliver kits and process payments via PCI-DSS processor |
| Genetic files | VCF/BED variant call files | Calculate polygenic risk scores |
| Biometrics & lifestyle | Wearable metrics, questionnaires | Personalize preventive recommendations |
| Device & usage logs | IP, browser, crash logs | Security, fraud monitoring, analytics |
3 · How we use your information
- Service delivery – analyse genetics, generate dashboards, email reports.
- Customer support – respond to help desk and technical issues.
- Research & improvement – aggregate and de-identify data to refine algorithms and publish insights; no individual is identified.
- Marketing – opt-in newsletters; unsubscribe anytime.
- Legal compliance – meet audit, tax, or regulatory requirements.
4 · Legal bases
We rely on:
- Consent – genetic/biometric processing, marketing.
- Contract – service you signed up for.
- Legitimate interests – security, R&D with de-identified data.
- Legal obligation – authorities may require records.
5 · Sharing & transfers
We do not sell data. Shared only with:
- Partner labs, AWS/on-prem providers, payment processors under NDA;
- Clinicians you explicitly connect;
- Regulators or courts when legally compelled;
- Successors in a merger or acquisition (you'll be notified).
Servers in Canada & US; EEA transfers use Standard Contractual Clauses.
6 · Data retention
- Genetic & biometric data – while account exists + 3 years for audits; request earlier deletion.
- Back-ups & logs – up to 7 years for traceability.
- De-identified research sets – may be kept indefinitely.
7 · Your rights
Depending on jurisdiction, you can:
- Access, download, correct your data;
- Delete your account (“right to be forgotten”);
- Withdraw consent anytime;
- Object to or restrict certain uses;
- File a complaint with a privacy regulator.
Email privacy@lucydna.ca (identity verification required).
8 · Security measures
- TLS 1.2+ in transit; AES-256 at rest;
- Role-based access & MFA for staff;
- Pentest and SOC‑2 controls;
- Encrypted off-line backups; 24×7 monitored data centers.
9 · Children
Not directed to children under 16. We do not knowingly collect their data without parental consent.
10 · Cookies
Minimal first-party cookies for login persistence and anonymized analytics. Disabling may limit features.
11 · Changes to this policy
Material changes posted here; registered users emailed 30 days before changes take effect.
12 · Third-Party Links
Our site may contain links to external sites. We are not responsible for their privacy practices. Please review their policies separately.
13 · California Privacy Rights
California residents may request additional disclosures under CCPA, including: categories of data collected, sold or shared. Submit requests via privacy@lucydna.ca.
14 · Contact Information
Questions about this policy? Reach out to:
LucyDNA Inc.
825 8 AVE SW, Calgary, Canada
privacy@lucydna.ca
+1 587-582-7740
