Data governance

How genomic data is held.

Genomic results are encrypted at the application layer, isolated per identity, and exportable or erasable on request. Each statement below maps to a provider configuration or a live endpoint.

Clerk auth · application-layer genomic encryption · full export & deletion

Ownership

Ownership and portability

Genomic data and the results derived from it belong to the user. The complete dataset exports as machine-readable JSON. Data and accounts delete permanently on request.

Encryption

Encryption & the stack

Genomic results are encrypted at the application layer before storage, on top of provider encryption at rest and in transit.

Authentication
Clerk
Single source of truth for identity
Genomic data
Application-layer encryption
Results encrypted before storage; decrypted only for the owner
Database
Neon Postgres (encrypted at rest)
Accessed via Prisma; no genomic data on disk
File storage
Cloudflare R2 (encrypted at rest)
Raw uploads in encrypted object storage
Transport
TLS
All traffic encrypted in transit
Rate limiting
Upstash Redis
Abuse and brute-force protection
Monitoring
Sentry
Error tracking, no genomic payloads logged
Isolation

Tenant isolation

Identity-scoped routes are forced dynamic and never cached across users. Responses set no-store and vary on the session cookie. Defense-in-depth checks reject any profile row whose owner does not match the authenticated user.

Your controls

Deletion, export & consent

These are live endpoints in the product.

Export
Full JSON download
Profile, genomic results, consent, memory, posts. The complete record
Data deletion
Erase derived data
Keeps the account, removes the analysis
Account deletion
Permanent, confirmation-gated
Requires typing a confirmation phrase
Consent
Granular, revocable
Controls what is discoverable and what is used
Audit
Activity log
A log of access to stored data
Scope

The clinical boundary

Haeckel is an intelligence and modeling platform. It is not a diagnostic device.

Non-clinical
Statistical modeling only. Non-clinical. Haeckel does not diagnose, treat, or prevent disease, and nothing in it is a substitute for advice from a qualified clinician or genetic counselor.
Policy

What we never do

  • Genomic data is never sold.
  • Genomic data is never used for research or model training without explicit, revocable consent.
  • One user’s data is never exposed to another. Isolation is enforced at the route level.
  • Genomic data is never stored on the filesystem. Encrypted database and object storage only.
See the methodsSee the platform