DNAi Privacy Policy
Last Updated: March 20261. Introduction
DNAi ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our app and the choices you have associated with that data.
By accessing or using our App, you agree to the terms of this Privacy Policy. If you disagree, discontinue use immediately.
2. Information We Collect
2.1 Directly Provided Information
・Account & Identity: Email address, username, digital signatures.
・Health Data: Health reports and HealthKit data (e.g., Heart Rate, Sleep Data).
2.2 Automatically Collected Information
・Technical Data: IP address, device identifiers, browser type, operating system, network logs.
・Usage Data: Service interactions (e.g., API calls, data transactions).
2.3 Sensitive Information
We may collect:
・Health Data: For personalized reports (with explicit consent, such as HealthKit data).
2.4 Third-Party Login Information
If you choose to sign in using a third-party account (such as Apple, Google, or Microsoft), we may receive certain information from the authentication provider, including:
・User identifier (e.g., Apple user ID, Google ID, Microsoft account ID)
・Email address
・Display name
・Profile information (if available)
The information we receive depends on the provider and your privacy settings with that provider.
We do not access your third-party account credentials (such as passwords).
If you register using an email address and later choose to log in via a third-party provider with the same email, we may link these accounts to provide a unified user experience.
If the email addresses do not match, a new account may be created unless you manually link accounts within the App.
For Apple Sign-In, you may choose to hide your email address. In such cases, Apple provides us with a unique relay email address.
We use this relay email only for account identification and communication purposes.
3. Purposes of Data Use
Your information is used to:
・Deliver Services: Provide and maintain the app, allow you to participate in interactive features of our app when you choose to do so, provide customer care and support.
・Research & Development: Analyze anonymized data via zero-knowledge machine learning (zkML).
・Fraud Prevention: Detect cheating, stolen accounts, or suspicious activity using location and behavioral data.
・Compliance: Meet legal obligations under GDPR, HIPAA, AML/CTF Act 2006 (Cth), and other regulations.
・Account Authentication: Verify your identity and allow login via third-party authentication providers.
4. AI Services & Automated Processing
DNAi provides AI-powered analysis and personalized insights through third-party artificial intelligence service providers.
4.1 Use of AI Services
When you voluntarily use AI-powered features, certain data you choose to submit may be securely transmitted to our AI service providers for processing.
This may include:
・Health and analysis reports
・Genetic data (including VCF files you upload)
・Wearable device data
・Brain-computer interface data (including sleep and meditation data)
・Chat messages, questionnaire responses, and other information you submit for analysis
Data is transmitted only when you actively use AI features.
4.2 Purpose of Processing
AI processing is used solely to:
・Generate personalized insights and reports
・Provide automated responses within the App
・Assist with interpretation of health and genetic information
We do not sell personal data.
We do not use genetic, health, or chat data for advertising purposes.
Genetic and health-related data are not used for AI model training.
4.3 AI Service Providers
AI-related data may be processed by one or more of the following service providers, depending on system routing and feature requirements:
・OpenAI (AI service provider)
・DeepSeek (AI service provider)
These providers process data solely on our behalf to generate analysis and responses within the App.
Each provider is contractually obligated to provide the same or higher level of data protection as required under applicable privacy laws.
We do not authorize these providers to use your data for their independent purposes.
4.4 User Consent
Before transmitting any personal data to the Al service provider, we will obtain the user's explicit consent through an in-app pop-up window.
You may withdraw consent at any time in the App settings. If consent is withdrawn, AI features will be unavailable.
5. Data Sharing & Disclosure
We share information only when necessary:
・Service Providers: Payment processors, cloud storage providers, AI service providers (including OpenAI and DeepSeek), auditors.
・Legal Requirements: Respond to court orders, government requests, or protect user safety.
・Authentication Providers: When you use third-party login (Google, Apple, Microsoft), certain authentication data is exchanged with these providers solely for identity verification.
5.1 Third-Party Authentication Services
Our App supports third-party login services provided by:
・Google LLC
・Apple Inc.
・Microsoft Corporation
When you choose to log in via these services:
・Authentication is performed by the respective provider
・We receive limited account information as described above
・Your use of these services is also subject to the provider's own privacy policies
We are not responsible for the data practices of these third-party providers.
We recommend reviewing their privacy policies:
・Google Privacy Policy
・Apple Privacy Policy
・Microsoft Privacy Statement
All third parties sign data protection agreements compliant with GDPR, HIPAA, and other standards.
6. Data Storage & Security
・Technical Safeguards: AES-256 encryption for health data; zero-knowledge proofs (zkML) for anonymous analysis.
・Organizational Measures: Restricted employee access, regular security audits, and bug bounty programs.
・Retention: Data is retained only as long as necessary and securely deleted afterward.
7. International Data Transfers
Data may be stored or processed globally. Transfers comply with GDPR Article 46 mechanisms (e.g., Standard Contractual Clauses).
AI service providers may process data in jurisdictions outside your country of residence. Such transfers comply with applicable legal safeguards, including Standard Contractual Clauses where required.
8. User Rights
You have the right to:
・Access/Correct Data: Review or update information via your account dashboard.
・Delete Data: Request removal of non-blockchain records.
・Withdraw Consent: Revoke data access via ERC-5484 protocol.
・Object to Processing: Opt-out of specific data uses.
To exercise rights, contact: support@dnai.network.
9. Children's Privacy
Our Services are not intended for users under 18. We delete inadvertently collected child data.
10. Compliance Statements
・GDPR: EU/UK users may contact our Data Protection Officer (DPO) at support@dnai.network.
・HIPAA: Health data is encrypted and access-controlled.
・CCPA: California residents may request data collection details.
11. Policy Updates
Changes will be notified via email or platform announcements. Significant updates include a 30-day review period.
12. Contact Us
For questions or complaints:
・General Inquiries: support@dnai.network
・Legal Team: support@dnai.network
・Data Protection Officer: support@dnai.network