We are building a company that will handle whole-genome sequencing data. That means we need to be especially direct with you about how we treat genetic information — more direct than the law requires. This page describes our commitments, the federal law that protects you today, and the risks you should understand before you ever send us a sample.
We do not currently collect genetic data. This page describes our policies and commitments for when we do. We will update this page before we process any genetic information, and we will ask for your explicit, informed consent at that time.
What is GINA?
The Genetic Information Nondiscrimination Act of 2008 (GINA) is a federal law with two main provisions:
- Title I — Health insurance. Health insurers (and employers that offer group health plans) may not use your genetic information to make eligibility, coverage, underwriting, or premium-setting decisions. They may not require you to take a genetic test as a condition of coverage.
- Title II — Employment. Employers with 15 or more employees may not use genetic information to make decisions about hiring, firing, pay, job assignments, promotions, or any other term of employment. Employers may not request, require, or purchase genetic information about employees or their family members.
What GINA does not cover: GINA does not apply to life insurance, disability insurance, or long-term care insurance. Those industries are regulated at the state level, and protections vary significantly. Before undergoing genetic testing through any provider, you should be aware that life, disability, and long-term care insurers in many states may legally consider your genetic information when setting premiums or making coverage decisions.
Several states provide stronger protections than GINA. California, Florida, New York, and others have laws that extend genetic non-discrimination protections to additional industries or contexts. See “State laws” below.
Our commitments to you
These are not aspirational. They are commitments we make in writing, before we collect a single base pair.
We will never sell your genetic information.
Not to pharmaceutical companies, not to data brokers, not to research consortia, not for any amount of money. Your genome will not be monetized without your explicit, opt-in consent.
We will never share your genetic information with insurers or employers.
We will not share your genetic information with health insurers, life insurers, disability insurers, long-term care insurers, or employers — for any reason, under any circumstances. Not even at their request. Not even if they claim a legal basis. If we receive such a request, we will refuse and notify you.
We have a strict policy on law enforcement requests.
We will not provide genetic information to law enforcement absent a valid, legally enforceable court order, search warrant, or subpoena. Where the law permits us to challenge overbroad or legally deficient requests, we will do so. We will notify you when we receive such a request, to the extent we are legally permitted to do so. We will publish a transparency report at least annually disclosing the number and types of legal process requests we receive.
Research participation is strictly opt-in.
We will not include your genetic data in any research program, internal or external, without your explicit, affirmative, written consent. You can withdraw research consent at any time — withdrawing does not affect your access to the product. Upon withdrawal, we will remove your data from future research use; we cannot reverse contributions to already- published research, but we will tell you that clearly before you opt in.
You can request deletion of your genetic data at any time.
Send a deletion request to privacy@laymen.com with the subject line “Genetic Data Deletion Request.” We will delete your genetic data from active systems within 30 days. We will delete it from backup systems in line with our backup rotation schedule, which we will publish separately. After deletion, the data is gone — we do not archive or “anonymize and keep” your specific sequence.
We will use industry-leading security.
Genetic data will be encrypted in transit (TLS 1.3+) and at rest (AES-256). Access to genetic data will be restricted to a small number of authorized personnel under a least-privilege access model with full audit logging. We will conduct routine penetration testing. SOC 2 Type II certification is on our roadmap and will be completed before we process genetic data at scale.
Risks you should understand
We want you to make an informed decision. Here are the risks that exist even with our strongest protections in place:
- Genetic data is shared by family. Your genome reveals information about your biological relatives — parents, siblings, children — who have not consented to be part of our service. By submitting your DNA, you are indirectly sharing partial genetic information about people who may not know or have agreed to that. There is no way to avoid this.
- De-identification is imperfect. Genetic data can theoretically be re-identified even after standard anonymization procedures, particularly if it is combined with other datasets. We will not attempt to re-identify data, but we cannot guarantee that a sufficiently resourced adversary could not.
- Data breaches happen. No security system is impenetrable. If we suffer a breach involving genetic data, we will notify affected users promptly, cooperate with regulators, and take every remediation step available to us.
- Insurance laws other than health may not protect you. As noted above, GINA does not cover life, disability, or long-term care insurance. Some states provide additional coverage; others do not. You should understand this risk before submitting genetic data to any company.
- Genetic information can have psychological impact. Learning about disease-associated variants, ancestry, or family relationships through DNA can be emotionally significant. We recommend consulting a licensed genetic counselor before or after reviewing results that are clinically significant to you.
State laws that may apply to you
Several US states have enacted genetic privacy laws that provide protections beyond GINA:
- California — CalGIPA.The California Genetic Information Privacy Act (Health & Safety Code § 56.17) requires direct-to-consumer genetic testing companies to obtain express consent before collecting, using, or disclosing genetic data; to provide a privacy policy specific to genetic data; and to implement security measures appropriate to the sensitivity of the data. We will comply with CalGIPA in full.
- Florida.Florida's Genetic Information Privacy Act (HB 833 / § 760.40 et seq.) prohibits disclosure of genetic information without written consent and restricts its use in insurance underwriting.
- Tennessee.Tennessee's genetic privacy law prohibits insurers from using genetic information in underwriting decisions and restricts disclosure without consent.
- Other states — including Texas, Maryland, and New Mexico — have additional protections that we will identify and comply with for residents of those states.
If you are a resident of any of these states, those state-level rights apply to you in addition to GINA.
Informed consent
Before we collect any genetic sample from you, we will present a separate, granular informed-consent document. That document will describe in plain language exactly what we will do with your DNA, what we will never do, the risks described above, your right to withdraw at any time, and any research programs available to you. We will not accept a single “I agree to the terms” as informed consent for genetic data collection. You will consent to each use case separately.
Contact us
Questions about genetic privacy? Email privacy@laymen.com. We will respond within 5 business days.
For more context on how your data is handled generally, read our Privacy Policy.
Laymen Inc.
A Delaware corporation
Mailing address: 1813 S Tyler Road, St. Charles, IL 60174
privacy@laymen.com