Circle Privacy Policy

Privacy Highlights

These "Privacy Highlights" provide an overview of some core components of our data handling practices. Please be sure to review the Full Privacy Statement.

Information We Collect

We generally collect the following information:

Information we receive when you use our Services. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services (our website, mobile apps, products, software and other services). See our Cookie Policy for more information.

Information you share directly with us. We collect and process your information when you place an order, create an account, register your Circle DNA Collection Kit, complete surveys, post on our platform or use other messaging features, and contact Customer Care. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content as defined in our full Privacy Statement.

Information from our DNA testing services. With your consent, we extract your DNA from your DNA sample and analyze it to produce your Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome) in order to provide you with Circle reports.

How We Use Information

We generally process Personal Information for the following reasons:

  • To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analyzing DNA samples and DNA, and delivering results and powering tools that benefit our customers.
  • To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.
  • For Circle Research, with your consent. If you choose to consent to participate in Circle Research, Circle researchers can include your anonymised Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.

Control: Your Choices

Circle gives you the ability to share information in a variety of ways. You choose:

  • To store or discard your DNA sample after it has been analyzed.
  • Which health report(s) you view and/or opt-in to view.
  • When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third party services that accept Circle data and social networks.
  • To give or decline consent for Circle Research. You can give consent for the use of your data for scientific and/or medical research and development.
  • To delete your Circle account and data, at any time.

Access To Your Information

Your Personal Information may be shared in the following ways:

  • With our service providers as necessary for them to provide their services to us.
  • With research collaborators, only if you have given your consent.
  • We will not sell, lease, or rent your individual-level protected health information to any third party or to a third party for research purposes without your consent.
  • We do not share customer data with any public databases.
  • We will not provide any Personal Information to an insurance company or employer.
  • We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.

How We Secure Information

Circle implements measures and systems to ensure confidentiality, integrity, and availability of Circle data.

  • Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Circle uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
  • Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Circle access controls include a strict least-privileged authorization policy.
  • Detecting threats and managing vulnerabilities. Circle uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.

Full Privacy Statement