Summary

• 23andMe respects your privacy.
• This notice provides highlights of our full Privacy Statement and applies to 23andMe’s collection and handling of your personal information.
• We are committed to providing a secure, user controlled environment to access, share, and explore your genetic information.

Personal Information

• When you sign up for our service, 23andMe collects and stores personal information about you, including Account Information (contact and payment information) and Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome).
• On a voluntary basis, we may collect Phenotypic Information (disease conditions and personal traits) if you choose to participate in 23andMe-authorized research by answering an online survey and/or questionnaire.
• We also collect non-personal information (browser types, domains, page views) on how you use our web site through log files and cookies.

Uses of Information

• 23andMe collects personal information from you to provide you with our service and for conducting 23andMe-authorized research.
• We use Account Information to enable your purchase, inform you when your Genetic Information is available to you, and authenticate your website visits and usage.
• We may use Genetic and Phenotypic Information to conduct 23andMe-authorized scientific research and development. Any Phenotypic Information you provide is done on a voluntary basis. We may provide third party organizations access to this information for scientific research, but without your name or any other Account Information.
• We give you the ability to connect with other 23andMe customers through sharing features, but it is entirely your choice to do so.
• We will not release your personal information to any outside company without your explicit consent.
• We use non-personal information to track and monitor aggregate usage of our website and for internal analysis, quality control, and improvements to our services.

Your Choices

• Participation in activities and services that involve personal information beyond initial account and Genetic Information is voluntary and permission-based.
• It is entirely within your discretion to provide information or answer survey questions.
• At your request we will delete your account and personal information linked to your account from our systems.

Additional Information

• We encourage you to read 23andMe’s full Privacy Statement.
• For additional information about our views on privacy, please see our Core Values and Policy Forum.

How to Contact Us
Questions about this statement, our full Privacy Statement, or about 23andMe’s handling of your personal information may be emailed to privacy@23andme.com, or

Privacy Administrator
23andMe, Inc.
2606 Bayshore Parkway
Mountain View, CA 94043

23andMe recognizes the importance of privacy and respects your choices to store and access your information in a private and secure manner.

This Privacy Statement is intended to answer questions that you may have related to how we handle your personal information. We want to explain what information we collect from you and what we do with it. We have many controls, systems, and procedures that govern how we use, handle, and store this information in a secure and private manner and we want you to know about them. We also want to clarify how this information may be shared with other parties and what controls you have regarding the handling of your information.

Our services connect you with your genetic information. 23andMe collects and stores your genetic information for you in our databases and offers you access to a web-based interface with unique tools to help you interpret and review the information. We are committed to providing you a secure, user-controlled environment to access, share, and explore your genetic information. At the same time, you share some responsibility for maintaining privacy and security, like keeping your password secure.

We encourage you to familiarize yourself with our Privacy Statement. Our Consent Form and Terms of Service explain that, by using our website and signing up for our service, you are allowing us to process your personal information according to the provisions set forth in those documents and this Privacy Statement.

Personal Information

23andMe collects several types of personal and non-personal information either directly from you and/or through our service providers and partners. These can be described as follows:

Personal Information

Personal information is information that can be used to uniquely identify you or that you may consider sensitive. We collect such information from you when you purchase our services, create a personal account, complete surveys and questionnaires, and/or when you communicate with us or request information from us directly. We collect three primary types of personal information through our service and website.

• Account Information – Account Information is personal information that we collect from you when you purchase our service. Examples of such information include your name, credit card information, billing and shipping addresses, and contact information such as an email address or telephone number. We also use log files and cookies to maintain our website and monitor the quality of the service we provide to you. Cookies used by the website are linked to a customer’s Account Information. (See Log Files and Cookies below for more information.)
• Genetic Information – Genetic Information consists of your genotype, that is, the As, Ts, Cs, and Gs at particular locations in your genome. When you purchase 23andMe’s service, you send your saliva sample to us by postal mail for analysis, along with a barcode that identifies you to us but not to the processing laboratory. Our contracted laboratories extract and analyze DNA from saliva samples and securely communicate the resulting Genetic Information to us along with the barcode for each individual analyzed. DNA and saliva samples are destroyed after the laboratory completes its work, which includes processing, analysis and reporting of data.
  Genetic Information is then stored securely in our databases and can be accessed by you via our website by using the claim code and creating your personal account. It is important to note that the laboratories conducting DNA extraction and analysis do not have access to your name or any of your Account Information, as described above. Our instructions for sample collection and shipment clearly indicate that you must send only your saliva sample, which is labeled with a unique barcode, with no other identifier. To protect your privacy, samples sent with any identifier other than the barcode will not be processed.
• Phenotypic Information – Phenotypic Information is personal information that includes disease conditions (e.g., Type 2 Diabetes), other health information (e.g., pulse rate, cholesterol levels, visual acuity) personal traits (e.g., eye color, height), ethnicity, and family history (e.g., similar information about family members). We obtain this information from you on a voluntary basis when you choose to participate in 23andMe-authorized research by answering our surveys and/or questionnaires.

Non-Personal Information

Non-Personal Information includes information that we gather as you navigate our website. We log this information when you visit and browse our website. We record details such as browser types, domains, statistics of your visit including page views, and time spent on the website. We use this information to improve our services for you and other customers. Although it is non-personal, this information is linked to your Account Information if you are logged into our website.

Uses of Information

We use personal information to provide you with the service that you have purchased and for 23andMe-authorized research. Our service gives you access to your Genetic Information, as well as the opportunity to share and compare your Genetic and Phenotypic Information with that of other people who have also agreed to share such information.

We use personal information that we collect about you to:

• Authenticate your website visits and usage (e.g., user names and passwords)
• Enable your purchase (e.g., credit card number, billing address)
• Provide you the information, services, and products that you have requested (e.g., contact, Genetic Information)
• Inform you when your Genetic Information is available to you (e.g., e-mail address)
• Inform you of services and products that may be of interest to you (e.g., contact)
• Manage and improve our website, software, and services (e.g., website usage information)
• Conduct 23andMe-authorized scientific research and development (e.g., Genetic and Phenotypic Information)

We use Non-Personal Information to track and monitor aggregate usage of our website and for internal analysis, quality control, and improvements to our service. We collect such information by using cookies and other standard web technologies. (See Log Files and Cookies below for more information.)

Information Sharing and Disclosure

23andMe gives you the ability to connect with other individuals who have 23andMe accounts through our sharing features. Whether you use these features is entirely your choice. In addition, you may choose to disclose, through other means not associated with 23andeMe, your personal information to friends and/or family members, groups of individuals, third-party service providers, doctors or other professionals, and/or other individuals. We recommend that you make such choices carefully.

Personal information, once released or shared, can be difficult to contain. 23andMe will have no responsibility or liability for any consequences that may result because you have released or shared personal information with a third party. Likewise, if you are reading this because you have access to the personal information of a 23andMe customer, we urge you to recognize your responsibility to protect the privacy of that person.

23andMe will not release your personal information to any outside company without your explicit consent. Please see the consent form to be completed prior to purchase.

23andMe may disclose personal information for other purposes as stated below:

Disclosure to Research Partners:

One of 23andMe’s goals is to contribute to scientific research and the advancement of genetic knowledge. To achieve our research goals, 23andMe may enter into partnerships with commercial and/or non-profit organizations that conduct scientific and/or medical research. Such partnerships may allow an organization access to our databases of Genetic Information and other contributed Phenotypic Information, so that, for example, the organization can search, without knowing the identities of the individuals involved, for the correlation between presence of a particular genetic variation and a particular health condition or trait. We may receive compensation from these research partners. Before we embark on any research collaborations we will establish a research advisory committee to guide such collaborations and undertakings. In addition, we will require partner organizations by contract to agree to maintain confidentiality consistent with this Privacy Statement. Partner organizations will not have access to your Account Information (e.g., name, contact information, payment information).

On occasion, we may pass along a request to you from such a partner, asking for you to participate in a specific study or to volunteer further information. The partner does not know to whom we send these queries and you have no obligation to respond.

Disclosure to Commercial Partners

23andMe may enter into commercial arrangements to enable partners to provide our service to their customers and/or to provide you access to their products and services. We may collect fees for these referrals. We will require informed consent from you as a precondition to providing any personal information to these commercial partners.

Disclosure Required By Law

Please be aware that under certain circumstances personal information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders. In the event that we are legally compelled to disclose your personal information to a third party, we will notify you with the contact information you have provided to us in advance unless doing so would violate the law or a court order.

Non-Disclosure to Linked Websites

23andMe provides links to third-party websites operated by organizations not affiliated with 23andMe. These links may be found within our content or placed beside the names or logos of these third parties. 23andMe does not disclose your personal information to organizations operating third-party websites. We may receive compensation from organizations operating third-party websites, which will be noted on the page the link appears. 23andMe does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that collects personal information. This Privacy Statement applies solely to information collected by 23andMe.

Your Choices and Privacy Preferences

At 23andMe, customer choice and control are critical to our goal of providing genetic information within a trusted environment. Participation in activities and services that involve personal information beyond the initial Account and Genetic Information is voluntary and permission-based. Examples of such activities include sharing your account information with other 23andMe customers, responding to surveys, joining a 23andMe-authorized research project, and subscribing to a newsletter.

If your personal information changes, or if you no longer wish to subscribe to our services, then you may correct, update, or delete your account by making the change via your account page, by sending a request to our Customer Support at help@23andme.com.

When deleting an account, we remove from our systems all Genetic and Phenotypic Information that can be associated with your Account Information. As stated in our Consent Form, however, Genetic Information and/or Phenotypic Information you have provided for research prior to your request for deletion will not be removed from ongoing or completed studies that are using the information. Neither Account Information nor a link to your account are used in 23andMe-authorized research. In addition, we retain limited Account Information related to your order history (e.g., name, contact, and transaction data) for accounting and compliance purposes.

Children’s Privacy

23andMe is committed to protecting the privacy of children, as well as adults. Neither 23andMe nor any of its services are designed or intended to attract children under the age of 13. A parent or guardian, however, may order and set up an account for our services on behalf of his or her child. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to 23andMe about his or her child is kept secure and that the information submitted is accurate.

Log Files and Cookies

Log Files

As do operators of most websites, 23andMe gathers certain information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider, referring/exit pages, operating system, date/time stamp, and clickstream data (i.e., a list of pages or URLs visited). We use this information, which is not designed to identify individual users, to analyze trends, administer the site, track users’ movements around the site, and gather demographic information about our user base as a whole. We may, in some circumstances, need to review this automatically collected data in combination with specific Account Information to identify and resolve issues for individual users.

Cookies

The 23andMe website also uses cookies. A cookie is a small text file that is stored on a user’s computer when you visit our website or any other website through your computer. We use both session cookies and persistent cookies to make it easier for you to navigate our site, improve the security of your personal information, enhance the functionality of certain features, and improve performance. The cookies we employ are used to enable secure access to your account when you are logged in and are only applicable within the confines of our website.

A session cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. However, if you set your browser to reject cookies, your ability to use our site will be significantly impaired. In particular, you will not be able to access any part of our site that requires a log in, such as your personal genome account.

Security

23andMe takes seriously the trust you place in us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, 23andMe uses a range of physical, technical and administrative procedures to safeguard the information we collect.

While there is always some risk of a security compromise, we tightly control access to personal information through the following technical, physical, and administrative security measures. By contract, we require third parties with whom we share personal information to implement appropriate security measures to maintain the confidentiality of such information.

Technical:

• We protect our network perimeters with firewalls.
• Our databases are designed to keep Genetic Information and Phenotypic Information separate from Account Information.
• We encrypt storage of certain personal information, including Account Information and Genetic Information.
• We encrypt all connections to and from our website.
• We conduct internal and external audits of perimeter and software code security.
• We monitor our employees’ use of our databases and maintain records of all access to personal information.

Physical:

• Physical access to internal servers is restricted to authorized personnel.
• We restrict data center access to approved personnel via photo and passcode authentication, biometrics, and other security protocols.

Administrative:

• We prohibit personal information from being extracted from our systems and loaded onto laptops or other mobile devices, or from being sent out electronically.
• We limit access to personal information to certain employees for limited, approved purposes based on their specific responsibilities.
• We require annual privacy and security training for employees with access to personal information.

Please recognize that protecting your personal information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our services. You should not disclose your authentication information to any third party and should immediately notify 23andMe of any unauthorized use of your password. 23andMe cannot secure personal information that you release on your own or that you request us to release.

Despite 23andMe’s efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.

Business Transitions

In the event that 23andMe goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal information and non-personal information will likely be among the assets transferred. You will be notified in advance via email and prominent notice on our website of any such change in ownership or control of your personal information. We will require an acquiring company or merger agreement to uphold the material terms of this privacy statement, including honoring requests for account deletion.

Changes to this Privacy Statement

This Privacy Statement was last updated November 11, 2007. A notice will be posted as part of this Privacy Statement and on our customer accounts’ login pages for 30 days whenever this Privacy Statement is changed in a material way, highlighting both the old and new content in a way that makes the changes easy to understand. In addition, all customers will receive an email with notification of the changes.

Contact Information

If you have questions about this statement, please send an e-mail to 23andMe’s privacy administrator at privacy@23andme.com. You can also contact us at this address if you have a question about 23andMe’s handling of your information:

Privacy Administrator
23andMe, Inc.
2606 Bayshore Parkway
Mountain View, CA 94043

Your Account | Gene Journal |