Privacy Policy

  • Effective Date: January 2026
  • Last Updated: January 2026
  • Effective Date: January 2026
  • Last Updated: January 2026

1. Introduction

GentraceDx Inc. (“GenTraceDx”, “we”, “our”, “us”) is committed to protecting the privacy, security, and confidentiality of all personal information we handle.

This Privacy Policy explains:

  • What information we collect
  • How we collect it
  • Why we collect it
  • How we use, store, and protect it
  • Your rights regarding personal information

This policy applies to:

  • Our website
  • Clinician and researcher portals
  • Patient-related workflows within the GenTraceDx platform
  • Communications, forms, and documentation
  • National pilot and related clinical research programs
  • Marketing and media interactions

By using our Site or Services, you agree to the terms in this Privacy Policy.

2. Compliance Frameworks

GenTraceDx follows all applicable privacy, security, and data protection laws, including:

  • PIPEDA (Personal Information Protection and Electronic Documents Act – Canada)
  • PHIPA (Ontario Personal Health Information Protection Act)
  • FOIPPA (BC Freedom of Information and Protection of Privacy Act)
  • HIPAA-equivalent privacy protections (for U.S.-based interactions; CLIA/CAP)
  • MDEL, ISO 13485, and FDA Class I kit requirements
  • Genome Canada data governance expectations
  • Ethics/REB requirements for pilot studies

No data is stored or transferred outside of legally permitted jurisdictions.

3. Information We Collect

  1. Personal Information (PI)

Information that can identify an individual, such as:

  • Name
  • Email address
  • Phone number
  • Organization and professional role
  • Communication preferences
  1. Personal Health Information (PHI)

Used only for clinical or research purposes (if applicable and consented):

  • Medical history relevant to genomic analysis
  • Tumour type, stage, or pathology details
  • Clinical request forms
  • Treatment history submitted by clinicians
  1. Genetic Information

If you participate in the national pilot or clinical workflow:

  • Tumour–normal whole exome sequencing (WES) data
  • Transcriptome RNA data
  • Derived multiomic results
  • Variant interpretation data
  • AI-based clinical insights

We only collect genetic and clinical data with explicit consent and through authorized clinical workflows.

  1. Technical Information

Automatically collected through the website or portals:

  • IP address
  • Browser type
  • Device information
  • Usage analytics
  • Cookies (see Section 14)

Log files

4. How We Collect Information

We collect information through:

  • Website forms
  • Clinician portals
  • Research consent processes
  • Pilot enrollment
  • Email or phone interactions
  • Analytics tools
  • Secure data transmissions from institutions

We never collect PHI or genetic data from patients directly through public website forms.

5. How We Use Information

We use personal and clinical information to:

  • Provide GenTraceDx services
  • Generate clinical or research genomic reports
  • Deliver reanalysis notifications and updates
  • Improve platform accuracy and functionality
  • Engage with clinicians and cancer centres
  • Support national pilot studies
  • Notify users about new features or clinical capabilities
  • Respond to requests from clinicians, regulators, or media
  • Maintain internal records for compliance and quality assurance

We never use PHI, PI, or genetic data for:

  • Marketing without explicit consent
  • Sale to third parties
  • Training external AI models
  • Non-clinical purposes

6. How We Protect Information

We maintain a strict, multi-layered security infrastructure:

  • Encrypted data in transit and at rest
  • Canadian cloud hosting (PHI stored entirely in Canada)
  • Role-based access controls
  • Multi-factor authentication (clinician portal)
  • Audit logs and access monitoring
  • Secure data-processing pipelines
  • CAP/CLIA/DAP-compliant sequencing workflows
  • ISO 13485 / GMP manufacturing standards for kits
  • Continuous vulnerability monitoring

Access is limited to authorized personnel with clinical, scientific, or operational need.

7. Data Storage & Retention

Storage Location

PHI and genomic data are stored exclusively in Canada unless otherwise required by a participating U.S. clinical site (for CLIA workflows).

Retention Periods

  • Clinical genomics data: as required by CAP/CLIA/DAP
  • Pilot study data: as required by ethics boards (REB)
  • Contact information: as needed for communication

Data is securely destroyed when no longer required.

8. Sharing of Information

We may share information with:

Clinicians involved in a patient’s care

(Only with appropriate authorization.)

Authorized researchers

If consent has been obtained and data is de-identified.

Genetrack Biolabs & GSC

For sequencing, analysis, and clinical operations.

Regulatory bodies

If required for compliance or inspections.

Technology vendors

(e.g., cloud hosting providers) who adhere to strict confidentiality and security standards.

We do not share or sell personal or clinical data with:

  • Marketing companies
  • Advertising networks
  • Data brokers
  • Unauthorized third parties

9. De-Identification & Research Use

Any genetic or clinical data used for research or platform improvement is:

  • Fully de-identified
  • Stripped of direct identifiers (per REB/PIPEDA standards)
  • Aggregated where possible
  • Handled according to Genome Canada’s data governance requirements

Patient identity is never disclosed.

10. Your Rights

Depending on your location, you may have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion (where allowed)
  • Withdraw consent
  • Request limits on data use
  • Obtain information on disclosures

To exercise any rights, contact:
privacy@gentracedx.com

11. Children’s Privacy

The Site is not intended for children under 16.
We do not knowingly collect information from minors except through authorized clinical workflows with proper consent.

12. Cross-Border Data Transfers

Unless required by U.S. CLIA workflows or international collaborations, all PHI is stored in Canada.
Cross-border transfer, if needed, will follow applicable laws and ethical approvals.

13. Consent

We obtain consent when required by law, including:

  • Research participation
  • National pilot enrollment
  • Collection of clinical specimen data
  • Use of genomics data for research
  • Communications and outreach

Consent may be withdrawn at any time.

14. Cookies & Tracking Technologies

We use cookies for:

  • Security
  • Site functionality
  • Analytics (anonymous)
  • Performance monitoring

You can disable cookies in your browser settings.

We do not use cookies for targeted advertising.

15. Changes to This Policy

We may update this Privacy Policy periodically.
Changes will be posted to this page with a new “Last Updated” date.

Continued use of the Site after changes indicates acceptance.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy:

GenTraceDx — Privacy Office
Email: privacy@gentrace.com
Phone: XXX-XXX-XXXX

For compliance matters:
legal@gentrace.com

Scroll to Top