Privacy Policy
Last updated: 1970-01-01
RobLabs OÜ · Estonia · contact@ancestrus.com
Ancestrus, operated by RobLabs OÜ (Estonia), respects your privacy and complies with the GDPR (EU) and LGPD (Brazil). This policy explains how we collect, use, store and protect your data — especially your genetic data.
1. Who we are
Data controller: RobLabs OÜ, registered in Estonia. Contact: contact@ancestrus.com.
2. Data we collect
(a) Account data: name, email, language. (b) Raw genetic data files you upload (23andMe, MyHeritage, AncestryDNA, FamilyTreeDNA, etc.). (c) Derived data: ancestry composition, statistical fingerprints. (d) Payment data: handled by Stripe (we never store your card). (e) Technical data: IP (only to detect language), browser, access logs.
3. How we use your data
Generate your ancestry reports, calculate family matches (only with mutual consent), send transactional emails, improve our statistical models (always aggregated and pseudonymized), meet legal obligations.
4. Sharing
We do NOT sell your genetic data. We never share it with insurers, employers, social networks or marketing companies. We share only with: infrastructure providers (encrypted storage), payment provider (Stripe), AI providers used to generate narratives (only percentages, never raw SNPs), and authorities when legally required.
5. Your rights (GDPR / LGPD)
You can at any time: access your data, correct it, export it, permanently delete it ('Delete my DNA data permanently' button), revoke consent, object to processing. Requests: contact@ancestrus.com — we respond within 30 days.
6. Security
Raw Data files are stored in a private encrypted bucket with Row-Level Security: only you can access your files. Passwords are securely hashed. All transport uses HTTPS/TLS.
7. Retention
We keep your data while your account is active. After account deletion or a deletion request, Raw Data and fingerprints are permanently removed within 30 days. Anonymous logs may be retained up to 12 months for auditing.
8. Cookies
We use only essential cookies (session, language). No marketing or third-party tracking cookies.
9. Changes
We may update this policy. Material changes will be notified by email or banner. The date at the top indicates the active version.
10. Contact
Questions, requests or complaints: contact@ancestrus.com. You may also contact your national data protection authority (e.g. ANPD in Brazil, EU GDPR authorities).