Privacy Policy

Last updated: March 2026

This Privacy Policy explains how DecodeLabs Ltd ("we", "us", "our") handles information in connection with BioDecode and the biodecode.io website.

The key point: BioDecode processes your genetic data entirely on your local machine. We never receive, access, store, or transmit your genomic data.

1. Who We Are

DecodeLabs Ltd is the provider of BioDecode, a downloadable desktop application for genomic variant analysis.

Email: hello@biodecode.io

2. What Data the Software Processes

BioDecode processes genome files containing genomic variant data (including VCF and common raw genotype text exports). This processing happens entirely on your local machine. Specifically:

Your genome file is read and parsed locally.
Variants are matched against a ClinVar SQLite database stored locally on your machine.
Reports (HTML, JSON, and findings text) are generated and saved locally.
No genetic data is transmitted to our servers or any third party.
No internet connection is required for analysis.

We have no access to your genetic data, your genome files, or the reports generated by the Software. We are not a data controller or processor of your genetic data.

3. What Data We Collect

We collect limited data through our website and payment process:

Data Type	Source	Purpose	Lawful Basis (GDPR)
Name, email address	Purchase via Stripe	Order fulfillment, download delivery	Contract performance
Payment information	Stripe	Payment processing	Contract performance
Technical diagnostics (such as browser/device info, page path, and error details)	Website visit and error monitoring	Security, error monitoring, fraud prevention, and service reliability	Legitimate interest

We do not collect, store, or process any genetic data, genome files, health information, or analysis results.

4. Payment Processing

Payments are processed by Stripe, a PCI-compliant payment processor. Your payment information is handled directly by Stripe. We do not have access to your full credit card or payment details — only a transaction reference, your name, and email for order fulfillment.

Stripe's privacy policy applies to payment processing: stripe.com/privacy

We also use Sentry, a third-party error monitoring service, to detect, investigate, and fix website and checkout issues. Sentry may process limited technical diagnostic information such as browser type, device/operating system details, page path, error details, and in some cases a session replay of interactions on biodecode.io when an error occurs. This replay may include page text, clicks, and images displayed on our website.

We configure this monitoring to avoid sending payment payloads, license keys, cookies, or genetic data, and we do not use Sentry for advertising or behavioral profiling. Sentry's privacy policy is available here: sentry.io/privacy

5. Findings Export & Third-Party AI Services

BioDecode includes a findings export feature that generates a variant summary report. If you choose to share these findings with a third-party AI service (such as ChatGPT, Gemini, or another LLM), you do so voluntarily and at your own discretion. We are not responsible for how those services handle data you share with them.

6. Cookies

Our website uses only essential cookies required for the website to function. We do not use advertising or behavioral profiling cookies. We do use technical error monitoring to maintain website reliability, but not for advertising or cross-site behavioral tracking.

7. Your Rights

Depending on your location, you may have the following rights regarding the personal data we hold (purchase information):

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your data.
Portability: Request your data in a portable format.
Objection: Object to processing based on legitimate interest.

To exercise any of these rights, contact us at hello@biodecode.io.

For California Residents (CCPA/CPRA)

You have the right to know what personal information we collect and how we use it, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

For UK/EU Residents (GDPR/UK GDPR)

Our lawful bases for processing are contract performance (purchase fulfillment) and legitimate interest (website security, fraud prevention, error monitoring, and service reliability). You have the right to lodge a complaint with your local supervisory authority (in the UK: the Information Commissioner's Office at ico.org.uk).

8. Data Retention

Purchase records (name, email, transaction details) are retained for as long as required by applicable tax and accounting laws. Website server logs and technical error-monitoring records are retained only as long as reasonably necessary for security, debugging, and operational reliability, subject to our service providers' retention settings.

9. Data Security

We use industry-standard security measures to protect the limited personal data we hold. Since we do not store genetic data, there is no genetic data to breach.

10. Children

BioDecode is not intended for use by individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when changes were last made.

12. Contact

For privacy questions or to exercise your data rights:

DecodeLabs Ltd
71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Email: hello@biodecode.io