DNAI
Data Protection

Privacy Policy

Your data powers life-saving predictions. We treat it with the gravity it deserves.

Last updated: December 2025

DNAI is built for oncology, where data isn't just "information"—it's the molecular signature of a human life. This policy explains what data we collect, how we protect it, and your rights as a user.

1. Data We Collect

User Account Information

  • Name, email, and organizational affiliation
  • Authentication credentials (hashed, never stored in plaintext)
  • Usage logs for platform improvement and security auditing

Patient & Biological Data

  • Multi-omics data: RNA-seq, DNA methylation, Copy Number Variation (CNV), protein expression
  • Clinical metadata: Tumor type, stage, treatment history, survival outcomes
  • Imaging data: Radiology scans (CT, MRI, PET) and pathology slides

Important: We recommend de-identifying data before upload. DNAI does not require patient names or direct identifiers to function.

2. How We Use Your Data

1

Digital Twin Generation

Your omics data is encoded into a latent representation (z_bio) by our H-BDVAE model. This is the core of personalized prediction.

2

Simulation Services

We use latent representations to run trajectory simulations (Neural ODE) predicting treatment response, resistance, and survival.

3

Model Improvement (Opt-In Only)

With explicit consent, aggregated, de-identified data may be used to retrain foundation models. You control this via your account settings.

4

Platform Analytics

Anonymous usage patterns help us improve UX, identify bugs, and prioritize features.

3. Data Security & Storage

Encryption

  • • TLS 1.3 for all data in transit
  • • AES-256 encryption at rest
  • • Customer-managed encryption keys (Enterprise)

Infrastructure

  • • SOC 2 Type II certified cloud infrastructure
  • • HIPAA-compliant data handling
  • • EU data residency available (GDPR)

Access Control

  • • Role-based access control (RBAC)
  • • Multi-factor authentication required
  • • Audit logs for all data access

Isolation

  • • Tenant data isolation by default
  • • No cross-customer data access
  • • Dedicated instances available (Enterprise)

4. Data Sharing

We do not sell your data. Period.

Patient and biological data is never sold to third parties, advertisers, or data brokers.

We may share data only under these circumstances:

  • Legal Requirement: When compelled by valid legal process (subpoena, court order)
  • Research Collaboration: With your explicit, documented consent for specific research projects
  • Service Providers: With vetted subprocessors (cloud hosting, security monitoring) under strict Data Processing Agreements (DPAs)

5. Your Rights

Access

Request a copy of all data we hold about you or your organization.

Deletion

Request permanent deletion of your data from our systems (subject to legal retention requirements).

Export

Download your data in standard formats (JSON, CSV) for portability.

To exercise these rights, contact privacy@dnai.bio. We respond to verified requests within 30 days.

Questions?

For privacy inquiries, data requests, or to report a concern:

Email: privacy@dnai.bio

Data Protection Officer: dpo@dnai.bio