General policy — the final, binding terms for any deployment are set in your partner or service agreement and confirmed with counsel.
The Gene Box treats genetic and health information as among the most sensitive data there is. This summarises how we handle it.
White-label and your data
Where a partner deploys the platform under their own brand, that partner is the data controller and governs the patient relationship and consent. The Gene Box acts as a processor, handling data on the partner’s instructions under a data-processing agreement.
What we process
Depending on the services in use, this may include genetic, microbiome, blood and clinical inputs, the derived interpretation, and basic account information. We process only what is needed to produce and deliver a report.
How it is used
To generate interpretations, to deliver reports to the responsible professional or partner, and to maintain and improve the quality and safety of the platform. We do not sell personal data.
Your rights
Subject to applicable law (including the GDPR), individuals may have rights to access, correct, delete or restrict the processing of their data, and to data portability. In white-label deployments these requests are handled with, or through, the partner who holds the relationship.
Security and quality
The Gene Box operates under an ISO 9001:2015 quality management system (and is working toward ISO 13485:2016, the medical-device QMS standard) and applies technical and organisational measures appropriate to the sensitivity of the data. Access is restricted on a need-to-know basis.
Retention and transfers
Data is retained only as long as needed for the purposes above or as required by law or the relevant agreement, then deleted or anonymised. Where data is transferred across borders, appropriate safeguards are applied.
Questions or requests. For privacy, data or legal enquiries, reach us through the contact page.
Last reviewed: June 2026.