PedigreeTool

Effective Date: May 8, 2026

1. Introduction

Welcome to PedigreeTool (the “Service”), a web-based pedigree drawing and visualization tool. This Privacy Policy explains how the PedigreeTool development team (“we,” “us,” or “our”) collect, use, and protect your personal data.

We are committed to protecting your privacy and handling your data in an open and transparent manner. We strive to follow General Data Protection Regulation (GDPR) requirements in all our processes, although we are still in beta and not yet GDPR-certified.

2. The “Synthetic Data Only” Rule (Strict Beta Requirement)

We are currently in a Beta Phase. You must not upload any real patient data, identifiable genetic data, or Protected Health Information (PHI) to the Service. The Service is currently designed and secured only for processing synthetic, dummy, or fully anonymized data for evaluation purposes.

3. Our Role: Data Controller vs. Data Processor

To clarify our legal responsibilities under GDPR and international privacy laws, we maintain a strict separation of data ownership and processing roles:

Data Controller (Account Information): We act as the Data Controller for your basic account and registration information (e.g., your name and email address). We decide how and why this specific information is processed to manage your access to the Service.

Data Processor (Workspace Data): You (or your institution) act as the Data Controller for all pedigree structures, phenotypes, and data inputted into the application canvas. We act strictly as a Data Processor for this information. We only process this workspace data to provide the Service’s functionality and never access, mine, or use it for our own purposes.

If you have any questions about this policy or your data protection rights, please contact us at:

info@pedigreetool.com .

4. What Information We Collect

We collect the following types of information:

a) Account Information:

When you register for an account, we collect your first name, last name, and email address.

b) Usage Analytics:

We may collect aggregated and anonymized data about your interactions with the Service, such as features used, actions taken, and error logs. This data helps us improve the Service and is not used to personally identify you.

c) What We Explicitly Do Not Collect:

We do not collect and you agree not to upload any sensitive personal data, including personal health information (PHI) or any data that could directly identify a patient.

5. How and Why We Use Your Data (Legal Basis)

We only use your personal data when the law allows us to. Our legal bases for processing your data is:

To Provide and Manage the Service:

We use your Account Information to create and manage your account, authenticate you, and provide access to your saved work. Legal Basis: Performance of a contract with you.

To Improve Our Service:

We use anonymized Usage Analytics to understand how our Service is being used, identify bugs, and improve its functionality and user experience. Legal Basis: Our legitimate interests to develop and grow our business.

To Communicate With You:

We use your email address to send important service-related notices, such as updates to our terms, security alerts, or information about the expiration of your beta access. Legal Basis: Performance of a contract and our legitimate interests.

6. Data Sharing and Third Parties

We do not sell your personal data. We only share it with trusted third-party service providers who act as sub-processors on our behalf:

Infrastructure: We use Supabase as our backend service provider for database management and user authentication. The data you save in the application, including pedigree information and your account details, is stored with Supabase and secured with Row Level Security (RLS). You can view their privacy policy for more details.

Hosting: We use Vercel for hosting our web application. Vercel may collect technical data (like IP addresses) to provide their services and ensure security. You can view their privacy policy for more details.

Analytics: We may use privacy-focused, GDPR-compliant analytics providers to process usage data on our behalf. These third parties are contractually obligated to safeguard your data and are prohibited from using it for any other purpose.

7. Data Security and Technical Limitations

We implement modern technical and organizational measures to protect your data, including the use of encryption for data in transit (TLS 1.2+) and at rest (AES-256).

However, because we are in Beta, please be aware that Multi-Factor Authentication (MFA) is not yet active and Automated Point-in-Time Recovery (PiTR) backups are not yet implemented. While we take data security seriously, no system is 100% secure, and we cannot guarantee the absolute security of your information. This is why you must maintain local copies of your exported work and strictly adhere to the synthetic data rule outlined in Section 2.

8. Your Data Protection Rights

Under GDPR, or as a user in the EU, you have the following rights regarding your personal Account Information:

The Right to Access: You can request a copy of the personal data we hold about you.

The Right to Rectification: You can request that we correct any inaccurate or incomplete data.

The Right to Erasure (The “Right to be Forgotten”): You can request that we delete your personal data.

The Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain situations.

The Right to Data Portability: You can request that we transfer your data to you or another service in a machine-readable format.

The Right to Object: You can object to our processing of your data where we are relying on a legitimate interest.

To exercise any of these rights, please contact us at info@pedigreetool.com . You also have the right to lodge a complaint with a data protection authority.

9. Cookies

We may use essential cookies for session management (to keep you logged in securely via Supabase Auth) and for basic analytics. We do not use third-party marketing, advertising, or cross-site tracking cookies inside the application canvas. You can control or disable cookies through your browser settings, but doing so may affect the functionality of the Service.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, by email.

11. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, please contact us at: info@pedigreetool.com

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by