Your privacy + how to delete everything
Data storage, encryption, deletion.
How your data is stored
- AES-256 encryption at rest.
- TLS 1.3 in transit.
- Genetic and medical data isolated per user in Firestore with row-level security.
What we never do
- Sell your data to anyone.
- Share genetic information with employers (we go further than GINA Title II requires — see /legal/gina).
- Provide your data to law enforcement without a court order — and we'd push back on overbroad orders.
Delete everything
Settings → Privacy → Delete account initiates a tombstone-first deletion cascade. We write a deletion-request record first, then walk every collection and Storage blob, then delete your auth account. The whole thing is idempotent and resumes if interrupted. Final completion is typically within 24 hours; you receive an email confirmation.
Export your data
Same place — Export my data downloads a JSON archive of everything we hold (your uploads, reports, findings, settings, audit log).