Privacy Policy

Last Updated: April 1st, 2026, effective April 15th, 2026

‍

This Privacy Policy describes how we process the information we collect about you when you use the Services. We define “Services” below, but it generally means the products and services that we offer to you.

Please carefully review this Privacy Policy and let us know if you have any questions or concerns. We encourage you to contact us, at any time, using the contact information at the end of this Privacy Policy.

Depending on how you use the Services, we may ask you to sign an informed consent form that describes certain aspects of the Services and asks for your consent to process your information as part of those Services. To the extent that there is a conflict between this Privacy Policy and an informed consent form that you have signed, the informed consent form will control.

‍

1. Key definitions

“Aggregate Information” is information about multiple individuals that we have combined so that no specific individual may be identified. Aggregate Information is not Personal Information because it cannot be used to identify you. For example, Aggregate Information may include a statement that “30% of our female users share a particular genetic trait,” without providing any data or testing results specific to any individual user.

“GENOMELINK” means Genomelink, Inc., which operates both the Genomelink™ and YourRoots™ brands and services. We will refer to GENOMELINK and YourRoots collectively as “we,” “us,” and “our” throughout this Privacy Policy. References to the “Services” include the products and services offered under both the Genomelink™ and YourRoots brands, including our websites at https://genomelink.io/ and https://yourroots.com.

“Cookie” is a text file that is placed on your hard disk by a web server. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. To learn more about Cookies, visit www.allaboutcookies.org.

“Data Collection Technologies” refer to Cookies, pixel tags, web beacons, and other technologies that we or third parties use on our websites and other digital services to collect information about your use of these services.

“De-Identified Data” is data that cannot be used to infer information about, or be linked to, an individual.

“Designated European Countries” means countries the European Economic Area, the United Kingdom, and Switzerland.

“DNA” stands for deoxyribonucleic acid, which is the molecule that contains your genetic information. Your DNA is what makes you uniquely you.

“Genetic Information” is any data concerning genetic material obtained from the analysis of your biological sample by us or by Third Party DNA services. Genetic Information also includes the fact that you have provided a biological sample or undergone genetic testing with us or any Third Party DNA Service, and any information derived from such testing. Genetic Information includes, but is not limited to, DNA, Raw Data and Traits.

“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

“Raw Data” means information about your genotypes that is generated by Third Party DNA Services. Your Raw Data contains the “letters” (nucleotides A, C, G, T) that comprise DNA.

“Sensitive Information” is a subcategory of Personal Information under applicable data protection laws that may include, for example, your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information, and information concerning your health, sex life, or sexual orientation. Additional information on the types of Sensitive Information we may collect can be found in Section 2 below.

“Service” means the GenomelinkTM service, associated websites (http://genomelink.io and http://www.genomelink.io/) and mobile applications, and other ancillary or related services we offer from time to time.

“Third Party DNA Services” means companies and organizations not related to or operated by us that you may use to obtain DNA testing and results.

“Traits” means the characteristics or attributes that may be influenced by your DNA. Your Traits may include your preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. The traits we analyze as part of the Service are personal - not medical - in nature.

‍

2. Information we collect

Depending on how you interact with or use the Service, we may collect the following categories of Personal Information about you:

• Identifiers, such as your name, postal address, email address, phone number, image, and date of birth. We collect this information to identify you, provide you access to the Service, and communicate with you.
• Demographic information and other protected classifications, such as your gender and age.
• Customer records under the California Customer Records statute, including:

• Social media information, such as your social media handle and related profile information. We typically only collect your social media information if you connect your social media account to the Service or otherwise interact with the Service using your social media account.
• Information about your communications with us and other information you choose to provide to us or submit to the Service.

• Internet or other electronic network activity information, such as your browsing history, search history, and the IP address, geolocation, and identification number of the device that you use to access the Service. We collect this information to enable and personalize your online experience.
• Commercial information, such as records of your purchases or subscriptions and your billing/shipping address.
• Inferences drawn from the information we collect about you, such as your Traits and the inference that your Genetic information is similar to the Genetic information of another user.
• Sensitive personal information, including:

• Genetic information, which refers to the information contained in your Raw Data and any Trait analysis we have performed on your Raw Data. We collect this information to provide you the Service. See more in Section 3 “Genetic Information”.
• Account username and password.
• Racial or ethnic origin. We collect this information to help you build your profile and tailor the service to you.
• Sexual orientation. We collect this information to help you build your profile and tailor the service to you.
• Physical and health-related information, such as your height, weight, and medical history. We collect this information to help you build your profile and tailor the services to you.
• Financial account information, such as your payment card information. We have engaged a third party payment processor to collect and process your payments on our behalf. We do not process or otherwise maintain your financial information on our systems or servers.

We may collect your Personal Information directly from you, such as when you register for a Genomelink account, provide us with certain electronic health record data, complete a family history questionnaire, survey or form, contribute to blogs and forums, or contact us with a question.

We may also collect your Personal Information from third party sources, such as Third Party DNA Services, social media platform providers, or your friends and family who refer our Service to you. The Personal Information we collect from these third parties sources typically depends on the privacy settings or permissions that you have communicated with these third parties or otherwise set on their platforms.

Finally, we may collect certain Personal Information automatically through the use of Data Collection Technologies. Please see Section 7 and our Cookie Policy for more details about our use of Cookies and other Data Collection Technologies.

Non-Personal Information. We may also collect information that cannot be used to identify you. This non-Personal Information may include Aggregate Information about our users’ browser types, device types, and pages clicked. We collect this non-Personal Information through server logs and Data Collection Technologies. We may associate this information with the Personal Information that we collect about you -- if we do, we will treat the combined information as Personal Information.

‍

3. Genetic Information

We collect your Genetic Information in the following ways:

• From you, when you upload your Genetic Information to the Services.
• From third party sources, such as Third Party DNA services. This includes, but is not limited to, AncestryDNA, 23andMe, or MyHeritage. We receive your Raw Data that you obtain from these Third Party DNA services by consenting each services’ Terms of Use, Privacy Policy, or Informed Consent.

We use your Genetic Information for the following purposes:

• To provide the Service. We process Genetic Information in order to provide our Service, which includes creating customer accounts, analyzing Genetic Information, and delivering results.
• To analyze and improve our Service. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues.
• For Genomelink Research, with your consent. If you choose to consent to participate in Genomelink Research, Genomelink researchers can include your de-identified Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.
• To market to you, with your consent. In certain circumstances, we may use your Genetic Information for marketing purposes if you choose to consent, such as offering you discounts or trials.
• For forensic genealogy purposes (DNAsolves), with your separate, explicit opt-in consent. If you choose to opt in to our DNAsolves program, your Genetic Information will be shared with Othram, Inc. and entered into a forensic genealogy database used by law enforcement agencies to assist in identifying victims of crimes and unidentified remains. Participation is entirely voluntary and requires a separate, explicit opt-in consent that is distinct from your general consent to use the Service. You may opt out of the DNAsolves program at any time, at which point we will request deletion of your data from the Othram database. This program is not available to residents of Maryland, where the Maryland Online Data Privacy Act (MODPA) restricts genetic data sharing beyond what is strictly necessary to provide the Service. We may exclude residents of additional states as required by applicable law.

You may revoke your consent for the use of your Genetic Information at any time by submitting a request at https://privacy.genomelink.io/privacy-request.

We disclose your Genetic Information as follows:

• To you
• With our service providers , as necessary for them to provide their services to us.
• With qualified research collaborators , only if you provide your explicit consent.

Genomelink will not sell, lease, or rent your individual-level information to a third party for research purposes without your explicit consent. In addition, without your consent:

• We will not share your data with any public databases, except as described below in connection with specific opt-in programs such as our forensic genealogy partnership (DNAsolves). If you separately and explicitly opt in to such a program, we may share your Genetic Information with that specific third-party partner solely for the purposes disclosed to you at the time of opt-in. You may withdraw your consent and opt out of any such program at any time.
• We will not provide any person’s data (genetic or non-genetic) to an insurance company, employer, or any entity that uses data for insurance underwriting, employment decisions, or risk assessment purposes. This prohibition is absolute and applies regardless of whether the user provides consent.
• We will not provide Genetic Information to law enforcement or regulatory authorities unless compelled by a valid search warrant that specifically authorizes the collection of genetic data. For non-genetic Personal Information (such as name, email, or IP address), we may comply with a valid court order or subpoena. We will notify you of any law enforcement request for your data to the extent permitted by law, and we will publish an annual transparency report detailing the number, type, and outcome of all law enforcement requests received.

‍

4. How we use your Personal Information

In addition to the purposes for which we collect your Personal Information listed in Section 2 above, we may use your Personal Information for the following purposes:

• To provide the Service. We use your Personal Information to create and maintain your Genomelink account, enable purchases, process transactions, and provide other features and functionality to you. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information is to provide our Service in accordance with our Terms of Use.
• To personalize the Service. We use your Personal Information to personalize and enhance your use of the Service, including to remember your preferences, provide personalized content, communications, and information, and track your use of the Service. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information is our legitimate interest in delivering relevant and personalized content.
• To process, analyze, and deliver an analysis of your traits. Once we receive your Raw Data, we will analyze it to provide individualized trait information and reports. We will also process and analyze your Personal Information pursuant to any informed consent you have signed. For individuals in Designated European Countries, our legal basis for processing your Personal Information is to provide our Service in accordance with our Terms of Use or pursuant to your consent.
  • We use your Genetic Information to provide ancestry-related reports, including global and regional ancestry breakdowns and ancient ancestry analyses. These reports are estimates based on current scientific knowledge and reference data. As methods and reference datasets evolve, your results may be updated or revised. Such reports are intended for informational and educational purposes only.
• To market to you. We use your Personal Information to send you promotional or marketing messages, such as discounts, newsletters, and invitations to participate in surveys. You can unsubscribe from receiving these marketing communications by clicking the “unsubscribe” link in any marketing email we send you. You can also change your communication preferences in your Genomelink account. Unsubscribing from marketing emails will not unsubscribe you from receiving non-marketing messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails. If you are located in a Designated European Country, our legal basis for processing is our legitimate interest in providing information that may interest you, or otherwise your consent.
• To improve and develop the Service. We analyze your Personal Information to perform quality control activities, help us build new products, and improve the existing Service. We may also send you surveys, polls, or requests for testimonials to improve and optimize the Service. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.
• To recruit you for research opportunities. We may use your Personal Information to ask you if you would like to participate in research opportunities with us or our partners. If you decide to participate in a research opportunity, you may be asked to sign an informed consent to participate in this research. For individuals located in the Designated European Countries, our legal basis for processing your Sensitive Information is based on your consent.
• To provide customer support. If you contact us with a request, question or concern, we use your Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information can be to satisfy our contractual or legal obligations and/or our legitimate interest to improve our Services, depending on the nature of your request.
• To troubleshoot and protect the Service. We use your Personal Information to help troubleshoot problems, authenticate your visits, and detect and prevent against error, fraud, or other criminal or malicious activity. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information is to provide our Service in accordance with our Terms of Use and our legitimate interest of maintaining security.
• To enforce our rights and for other legal purposes. We use your Personal Information to provide you with legally required notices, to enforce our Terms of Use, or to alert you to changes in our policies or agreements that may affect your use of the Service. For individuals located in the Designated European Countries, our legal basis for processing your Personal Information is to satisfy our contractual or legal obligations.

If we need to collect Personal Information by law or under the terms of a contract we have with you and you fail to provide us with the information when requested, we may not be able to perform the contract we have, or are trying to enter into, with you. We will inform you of any Personal Information we require from you and the consequences if you fail to provide it.

Special Categories: We only process Special Categories of Personal Information if you give us your explicit consent (such as through our informed consent), the processing is necessary to meet a legal or regulatory obligation, the processing is in connection with the establishment, exercise or defense of legal claims, or is otherwise expressly permitted by law. Special Categories of Personal Information includes information about your racial or ethnic origin, genetic data (such as Raw Data), and data concerning health, sex life, and sexual orientation.

Other Uses: Any other purposes for which we wish to use your Personal Information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you by amending this Privacy Policy in accordance with the Section 17.

Hints and AI-Generated Suggestions.

• Automated Hints. We may use your family tree, records, or other submitted data to generate hints or suggestions about potential relatives or historical records. These hints are generated using automated algorithms and artificial intelligence and are not guaranteed accurate. They are intended to guide your research, and you are responsible for independently verifying their accuracy.
• AI-Generated Content Disclaimer. AI-generated content, including but not limited to narrative stories, transcriptions, search results, and genealogy suggestions, is provided on an “AS-IS” basis and may contain inaccuracies, omissions, or creative interpretations not supported by underlying records. We do not guarantee the accuracy, completeness, or reliability of any AI-generated content. AI-generated content will be clearly labeled as such within the Services.
• Limitations on Use. You should not rely on AI-generated content for legal, medical, employment, or financial decisions.
• AI Data Usage and Opt-Out. We may use anonymized or aggregated data to improve AI features and other Services. If you prefer your data not be used for AI improvement purposes, you may opt out by submitting a request at https://privacy.genomelink.io/privacy-request.
• Bias Mitigation. We are committed to testing for and mitigating bias in AI features, particularly those related to ancestry and ethnicity analysis, and we acknowledge that AI systems may reflect biases present in training data.

DNA Match.

• Overview and Consent. If you opt in to our DNA Match feature, we will compare your Genetic Information to that of other consenting users in our database to identify possible genetic relatives. When a match is found, limited information (such as your chosen display name, shared DNA amount in centimorgans, number of shared segments, and predicted relationship range) may be visible to your matches, depending on your privacy settings. We will never expose raw genotype data to other users. Participation is entirely voluntary and requires your explicit, informed consent.
• Opting Out. You may opt out of DNA Match at any time from your account settings, which will remove you from all match lists going forward. Prior match notifications already sent to other users will not be retracted.
• Unexpected Discoveries and Assumption of Risk. DNA testing may reveal unexpected information about your family relationships, including but not limited to: non-paternity events, previously unknown siblings or parents, that you or a family member was donor-conceived or adopted, unexpected ethnicity results, or other sensitive discoveries. By enabling DNA Match, you acknowledge that you understand and accept these risks.
• Relationship Prediction Disclaimers. Relationship predictions displayed in DNA Match results are statistical estimates based on shared DNA quantities. Multiple relationship types (e.g., half-sibling vs. grandparent) may share similar DNA amounts. Close relationships (parent-child, full siblings) are predicted with high confidence, while distant relationships (second cousins and beyond) have wide confidence intervals. These predictions should not be interpreted as definitive proof of any specific relationship.
• Privacy Controls. We provide granular privacy controls for DNA Match, including the ability to: (a) choose whether to appear in match lists, (b) control what display name or identifier is shown to matches, (c) choose whether your ethnicity estimate is visible to matches, and (d) choose whether any linked family tree is visible to matches. You may also set your contact preference (open to contact, limited contact, or no contact), which will be visible to your matches.
• Minor Protections. DNA Match is available only to users who are 18 years of age or older. If a parent or legal guardian manages a minor’s account, any DNA matching for the minor requires the guardian’s explicit consent, and the minor’s identity will not be displayed to other matches. All match interactions for minors are managed through the guardian’s account.
• Prohibited Uses. You may not use DNA Match results to harass, stalk, threaten, discriminate against, or repeatedly contact any user who has indicated they do not wish to be contacted. You may not create fake accounts to access another user’s match data, use match data for any commercial purpose, or attempt to identify users who have chosen to remain anonymous through external means. Violations may result in immediate account suspension or termination.
• Sharing Restrictions. DNA Match data may not be shared with insurance companies, employers, or used for any discriminatory purpose.
• Deletion. When you delete your Genetic Information or your account, you will be removed from all match lists and your match data will be deleted within 30 days.
• Support Resources. We provide links to genetic counseling resources and emotional support services for users who make unexpected discoveries through DNA Match.

Family Tree Data.

• Information We Collect. If you upload, create, or edit a family tree through the Services, we collect and process the information contained in your tree, including names, dates, places, relationships, photos, and stories you provide.
• Ownership and License. You retain ownership of all content you upload to your family tree. By uploading content, you grant us a non-exclusive, worldwide, royalty-free license to use, reproduce, modify, and display such content solely for the purpose of providing and improving the Services. This license terminates when you delete the content or your account, except for content that has already been shared with or copied by other users. You may export your family tree data at any time.
• Visibility Tiers. Your family tree is set to private by default. You may choose from three visibility tiers: (a) visible to other users on the platform only; (b) visible on public pages; or (c) visible on public pages and indexed by search engines and AI crawlers. Changing your tree from a higher visibility tier to a lower one will remove it from public access, but cached versions in search engines may persist for a period outside our control.
• Living Person Protections. We implement living person protections to prevent the disclosure of personal details of living individuals in shared or public trees. Living persons’ details (other than their relationship in the tree) will be masked and displayed as “Living Person” to anyone other than the tree owner and invited editors.
• Your Representations. You represent that you have the right to share all information you include in your family tree, and you agree not to include personal information of living individuals without their consent, except for basic family relationship information about your immediate family.
• Deletion. When you delete your family tree or your account, tree data will be removed from our systems within 30 days. Content that has been shared with or copied into other users’ trees will remain in those users’ trees.

‍

5. When we share your Personal Information

We may share your Personal Information in the following circumstances:

• With service providers. We may share your Personal Information with contractors and third-party service providers who help us to provide the Service and to understand how you use it (each, a “Subprocessor"). Other categories of service providers we use include marketing, operations, payment processing, and technology vendors. The list of examples of our Subprocessors can be found here.
• With research partners. We may share your Personal Information with research partners only when you opt in to share your data with those partners or you provide your consent to share your Personal Information by signing an informed consent form. Our research partners may include commercial or non-profit organizations that conduct or support scientific research, develop drugs or medical devices, or are generally interested in DNA analysis. In some circumstances, we or a research partner may have a financial interest in the research arrangement.

Note: When we share your Personal Information with research partners, we do not have control over how those research partners use or disclose your Personal Information. We recommend that you review the privacy policies of the research partners and any other third party with whom you share, or ask us to share, your Personal Information.

• With other users. If you use certain features, we may share your Personal Information with other GENOMELINK users if you choose to allow it. For example, if you register for our DNA match feature and opt-in to information sharing, we may share your name and other Identifiers with GENOMELINK users who have similar segments or patterns of DNA.

DNA Match Sharing.

What We Share with Matches. When you participate in DNA Match, limited information about you may be shared with other participating users who share DNA with you. The specific information shared depends on your privacy settings and may include: your chosen display name or anonymous identifier, the amount of shared DNA (in centimorgans), the number of shared DNA segments, a predicted relationship range, and, if you have opted in, your ethnicity estimate and/or a link to your family tree.

What We Do Not Share. We will never share your raw genotype data, your email address, or your physical address with other users through DNA Match. You may adjust what information is visible to your matches at any time through your privacy settings. If you opt out of DNA Match, your information will be removed from all match lists.

• With forensic genealogy partners (opt-in only). If you separately and explicitly opt in to our DNAsolves program, we will share your Genetic Information with Othram, Inc. for inclusion in a forensic genealogy database. This database is used by law enforcement agencies solely for the purposes of identifying victims of crimes, missing persons, and unidentified human remains. We will not share your Genetic Information with law enforcement through this program without your separate, explicit opt-in consent. This program is not available in all states. See Section 3 above for full details.
• As required by law. We may share your non-genetic Personal Information (such as name, email address, or IP address) where we, in good faith, believe that a valid court order, subpoena, or search warrant requires us to do so. For Genetic Information, we will only comply with a valid search warrant that specifically authorizes the collection of genetic data. We may also share Personal Information to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms of Use; or in other circumstances where we believe is necessary to protect the rights, safety or property of GENOMELINK, our users, and third parties.
• As part of a business transaction. In the event that GENOMELINK is involved in a business transaction such as a merger, acquisition, or sale of all or a portion of its assets, your Personal Information will likely be among the assets transferred. In such case, your Personal Information will remain subject to the provisions of this Privacy Policy.

Sharing Aggregate Information. We may share Aggregate Information with third parties or the general public for our marketing or research purposes. For example, we may provide Aggregate Information in commercial arrangements with our business partners so that they may develop new research or products. We may also provide Aggregate Information to advertisers so they may tailor marketing messages or advertisements to our general user demographics. Disclosures for these purposes will never contain your Personal Information.

‍

6. Viewing and correcting your Personal Information

You can log into your Genomelink account and view or amend the Personal Information associated with your account at any time. Please note that if you amend the Personal Information in your account, our servers may retain the old information as part of our logs and backups.

‍

7. Cookie Policy

We and our partners may collect, use, and disclose information about you and your device through Data Collection Technologies. For more information on our use of Data Collection Technologies, please see our Cookie Policy available here.

‍

8. Security

We maintain reasonable and appropriate safeguards designed to protect your Personally Information from unauthorized access, use, disclosure, alteration or destruction. For example, we limit our collection and use of your Personal Information to the extent necessary to provide you with the Service. However, we cannot guarantee the security of our systems or your Personal Information, and we encourage you to take reasonable precautions to safeguard your Personal Data.

‍

9. Data retention

We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, whether we can achieve those purposes through other means, and all applicable legal requirements.

‍

10. Users outside of the U.S.

We are committed to complying with this Privacy Policy and the data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Information. We are located in the U.S. and may use facilities in the United States and other countries. When you provide us with your Personal Information or use the Service, we will process and store your Personal Information in the United States and such other countries where we have facilities. We recognize that the laws in the United States and such other countries may be different and, in some cases, not as protective as the laws where you are located. By providing us with your Personal Information or using the Service, you acknowledge that your Personal Information will be transferred to and processed where we operate.

‍

11. California privacy rights

If you are a resident of California, we are providing the following information to you in accordance with the California Consumer Privacy Act (“CCPA”).

This Privacy Policy describes our practices over the last 12 months with respect to categories of information we collect, the sources of that information, and how we have disclosed it. Specifically, in the last 12 months, we have disclosed each category of your Personal Information as follows:

• We have disclosed the following categories of Personal Information to our service providers for a business purpose within the preceding 12 months: Identifiers; Demographic information and other protected classifications; Customer records; Internet or other electronic network activity information; Commercial information; Inferences; and Sensitive personal information.
• If you have provided your explicit consent, we have disclosed the following categories of Personal Information to our research partners within the preceding 12 months: Identifiers; Demographic information and other protected classifications; Customer records; Internet or other electronic network activity information; Commercial information; Inferences; and Sensitive personal information.

It is not our practice to sell Personal Information for money. However, we understand that under the CCPA, the use of certain types of Data Collection Technologies may be considered a “sale” or “sharing” of Personal Information for targeted advertising. If you have not opted out from the use of certain Data Collection Technologies within the preceding 12 months, your Internet or other electronic network activity information may have been used to serve you targeted advertisements and “sold” or “shared” with providers of Cookies, advertisers, and advertising platforms and networks. We do not knowingly sell or share Personal Information about children under 16 years old.

As a California resident, you have the following privacy rights under the CCPA:

• The right to know. You have the right to request to know the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which that Personal Information was collected, and how we have sold, shared, or otherwise disclosed your Personal Information.
• The right to correct. You have the right to request that we correct inaccurate Personal Information that we have collected from you.
• The right to delete. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
• The right to opt out. You have the right to opt out of the sale of your Personal Information and the sharing of your Personal Information for targeted advertising. If you wish to opt out of the sale and sharing of your Personal Information, please submit your request by contacting at info@genomelink.io. To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses at the browser level, such as an HTTP header field or JavaScript object.
• The right to equal service. If you choose to exercise any of these rights, we will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of Service.

You may exercise your right to know, your right to correction, and your right to deletion twice a year free of charge. To exercise your right to know, your right to correction, or your right to deletion, please submit a request at https://privacy.genomelink.io/privacy-request.

We will take steps to verify your identity before processing your request to know, request to correct, or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity, such as your name and email address. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses unless you initially provided the information for another purpose.

You may use an authorized agent to submit rights requests. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

We only use and disclose Sensitive personal information to provide the Service and for other purposes specified under California law, including to improve the Service and for safety and security purposes.

Notice of financial incentive. We may offer programs or benefits in exchange for your Personal Information, such as a free trial for the Service or enhanced reporting about your traits or family members. The categories of Personal Information we collect will depend on the program or benefit but may include Identifiers, Demographic information and other protected classifications, Customer records, Internet and other electronic network activity information, Commercial information, Inferences, and Sensitive personal information. Our good faith estimate of the value of your Personal Information is the value of the benefit that we give you, which we have calculated by evaluating our expenses in offering the benefit. Your participation in these programs and benefits is optional and you will not be enrolled unless you choose to opt-in. You may withdraw from the program or benefit at any time by contacting us at info@genomelink.io.

Shine the Light – Third Party Marketing. California law permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information at the end of this Privacy Policy. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.

‍

12. California Genetic Information Privacy Act

If you are a resident of California, you may be entitled to the following rights regarding your Genetic Information:

• Access: You may access your Genetic Information.
• Deletion: You may delete your account and your Genetic Information, except for Genetic Information we are required to retain in order to comply with our legal obligations.
• Destruction: You may request that your biological sample be destroyed.
• Non-discrimination: If you exercise any of these rights, we will not discriminate against you.

To exercise these rights, you can submit a request at https://privacy.genomelink.io/privacy-request.

‍

13. Nevada Residents

Pursuant to Nevada law, you may direct a business that operates an internet website not to sell certain Personal Information a business has collected or will collect about you. We do not sell your Personal Information pursuant to Nevada law. For more information about how we handle and share your Personal Information or your rights under Nevada law, contact us at info@genomelink.io.

‍

13.5 Additional State Genetic Privacy Rights

In addition to California and Nevada, a number of U.S. states have enacted genetic privacy laws that may provide you with additional rights regarding your Genetic Information. These states currently include Alaska, Alabama, Arizona, Florida, Illinois, Indiana, Kentucky, Maryland, Montana, South Dakota, Tennessee, Texas, Utah, Virginia, and Wyoming. We are committed to complying with all applicable state genetic privacy statutes. Across these states, our commitments include: (a) we will not collect, retain, or disclose your Genetic Information without your express consent, which must be separate and specific for each purpose beyond providing the Service; (b) we will not share your Genetic Information with insurance companies, employers, or risk assessment businesses under any circumstances, regardless of consent; (c) we will not sell, lease, or rent your Genetic Information; (d) Maryland residents are not eligible to participate in the DNAsolves forensic genealogy program or any other optional third-party sharing program, as the Maryland Online Data Privacy Act restricts genetic data sharing to what is strictly necessary to provide the Service; (e) we will not store your Genetic Information in any country designated as a foreign adversary by the U.S. government; and (f) you have the right to access, correct, delete, and request destruction of your Genetic Information and to revoke your consent at any time. To exercise your rights under applicable state genetic privacy laws, please submit a request at https://privacy.genomelink.io/privacy-request.

‍

14. Rights for individuals in the EEA

If you are located in the European Economic Area and we maintain your Personal Information, you have the following additional rights (under the European Union’s General Data Protection Regulation (the “GDPR”) with regard to your Personal Information:

• Right to access and receive: You may request a copy of or access to the Personal Information we hold about you. You may also request that we transfer your Personal Information to a third party in a machine-readable format.
• Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Information we hold about you.
• Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit our use of it.
• Right to erase: You may have the right to request that we delete all or some of your Personal Information. This right may be limited if we have collected your Personal Information for research purposes.
• Right to withdraw consent: You have the right to withdraw any consent you have previously given to us at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
• Right to lodge a complaint: You have the right to lodge a complaint with your Supervisory Authority if you are unhappy with how we process your Personal Information. You can find contact information for your Supervisory Authority on the European Commission Data Protection Authorities webpage or through other publicly available sources.

Please note that if you decide to exercise some of your rights, we may be unable to provide you with certain services, or you may not be able to use or take full advantage of the services we offer. We may charge you a reasonable fee if you request additional copies of your Personal Information or make other requests that are manifestly unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why.

‍

15. Children’s privacy

Our services are not directed to or intended for use by children. If we learn that we have received Personal Information directly from a child without his or her parent or legal guardian’s verified consent (where required by law), we will use that Personal Information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such Personal Information.

DNA Match and Minors.

Age Requirement. Users must be at least 18 years of age to independently enable DNA Match features.

Guardian-Managed Accounts. If a parent or legal guardian manages a minor’s account and wishes to enable DNA Match on the minor’s behalf, the guardian must provide explicit consent. When DNA Match is enabled for a minor’s account, the minor’s identity (name, profile details) will not be displayed to other users’ match lists. All match interactions, including messaging, will be managed exclusively through the guardian’s account.

Children Under 13. We do not knowingly collect or process Genetic Information from children under 13 years of age.

‍

16. Third party websites and services

When interacting with us, you may come across links or references to third party websites and services that we do not operate or control. If you provide your Personal Information to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies and terms of use. This Privacy Policy does not apply to any Personal Information that you provide to a third party website or service. We recommend that you read the privacy policy that applies to that third party website or service. A link or reference to a third party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.

‍

17. Effective date; changes

The last updated and effective date of this Privacy Policy is posted at the top of this page. We may update this Privacy Policy from time to time to reflect changes in our practices, our industry, or applicable laws. When we make material changes to this Privacy Policy, we will give you advance notice by posting an alert through the Service or by sending you an email to the email address we have on file. The amended Privacy Policy will apply on a go-forward basis to the Personal Information we already collected about you, as well as any Personal Information we may collect in the future. If you disagree with any changes, please let us know by contacting us using the information at the end of this Privacy Policy.

‍

18. Transparency Reporting and Law Enforcement Disclosure Policy

We are committed to transparency about how we handle law enforcement and government requests for user data. We maintain a separate Law Enforcement and Government Agency Disclosure Policy, available at genomelink.io/legal/law-enforcement-policy, which details our procedures for responding to legal process. We will publish an annual Transparency Report disclosing the number, type, jurisdiction, and outcome of all law enforcement requests received during the prior calendar year. We require a valid search warrant for all requests for Genetic Information. We will challenge overbroad or otherwise improper requests. We will notify affected users to the extent permitted by applicable law.

‍