Privacy Policy

Matsunaga Heritage (matsunagaheritage.org, “the Service”) treats user privacy as a first-class concern. The Service is designed around the principle that your DNA data never leaves your device. We comply with applicable U.S. privacy laws and the European Union General Data Protection Regulation (GDPR).

Data statement

By default, raw DNA, sequence data, and any directly-identifiable genetic information never leave your device — not to our server, not to any cloud API, and not to any third party. The only exception is when you explicitly enable the research-contribution opt-in described below.

Inference backend (transitional): chat inference currently runs on Ollama Cloud (HTTPS, Bearer-authenticated). Only your typed question and the public haplogroup reference dataset are transmitted — never DNA, sequence data, or any personally identifying information. Once we migrate to our in-progress CRAFTED-trained custom model running on rockypod, inference will return fully to the local homelab.

Research-contribution opt-in (chat history)

The chat panel exposes a "Save history" button. Clicking it opens a confirmation dialog explaining what will be stored and how it will be used. The conversation is only saved to the project's CRAFTED training set if you actively tick the opt-in checkbox in that dialog. The following safeguards apply:

  • Off by default. No conversation is saved server-side unless you tick the opt-in checkbox; the confirm button is disabled until you do.
  • Saved conversations are used solely to train this project's CRAFTED-derived custom model. They are not sold, shared, or syndicated externally.
  • You can withdraw consent and request deletion at any time (GDPR Art. 17, CCPA delete right).
  • Where it is stored today: until the production pod ships (SvelteKit + FastAPI + PostgreSQL co-located), saved conversations are written to an append-only JSONL file on the homelab (processed_data/chat_history.jsonl). When we migrate to PostgreSQL, only the storage layer changes — the use, scope, and disclosure remain exactly as in this policy.
  • The "Download JSON" and "Download Markdown" buttons run entirely on your device and send nothing to our server.
  • When sign-up and onboarding ship, we plan to add an additional opt-in for raw DNA file contribution. This policy will be updated again at that point.

Personal data we process

  • Session authentication (HMAC-signed session token) — issued at login, stored as an HttpOnly cookie. The session auto-expires after 5 minutes of inactivity (no mouse, keyboard, scroll, or touch events) under a sliding-session policy: every authenticated request resets the cookie's expiry to 5 minutes from now.
  • Cookie consent preference — records whether you have acknowledged the cookie banner. Expires after 12 months.
  • Ancestry research questions (optional) — your typed question is sent to Ollama Cloud for response generation only. Conversation logs are not persisted by the Service or by Ollama (per Ollama Cloud's standard policy). The one exception is when you actively use the "Save history" button in the chat panel and tick the opt-in checkbox — that specific conversation is then saved to the project server (see "Research-contribution opt-in" below). Do not include DNA or personal information in your question.
  • Documents passed through "Convert to Markdown" (optional) — files you upload or HTML / JSON you paste are converted to Markdown by Microsoft's markitdown library running in our server's Python venv. No external API is called. The converted Markdown is returned to your browser and then discarded server-side; the temporary file is deleted as soon as the response is sent. Conversion output is only stored on the server if you later use the (forthcoming) "Add documents" button to save it explicitly.

Analytics (Umami)

The Service runs a self-hosted, privacy-respecting analytics tool, Umami, at stats.rockypodno.de on the same network. Umami uses no cookies and does not store personal identifiers, IP addresses, or fingerprints. Only anonymous aggregate metrics (page views, referrer, browser family) are recorded; individual users are not tracked. Data is not shared with any third party.

What we do not do

  • We do not transmit DNA or genetic data to any third party. Even data submitted through the research-contribution opt-in is used only to train this project's CRAFTED model — never sold, shared, or syndicated externally.
  • We do not use third-party advertising networks, behavioral tracking, or fingerprinting.
  • We do not use Google Analytics or similar external analytics (only self-hosted Umami).
  • We do not store personal data on any external cloud service. Chat questions are forwarded to Ollama Cloud for inference; neither side retains a conversation history. Opted-in DNA data is stored only in our own PostgreSQL on the homelab — not on any external cloud.
  • The Service uses only two cookies: session authentication and consent preference.

EU users — your rights under GDPR (Articles 15–22)

If you are in the European Union, you have the right to:

  • Access (Art. 15) — confirm what personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate data.
  • Erasure (Art. 17, “right to be forgotten”) — request deletion.
  • Restriction of processing (Art. 18).
  • Data portability (Art. 20) — receive your data in a machine-readable format.
  • Object to processing (Art. 21).
  • Lodge a complaint with a supervisory authority (Art. 77).

Lawful basis for processing: Art. 6(1)(a) consent, and Art. 6(1)(f) legitimate interests.

U.S. users — your rights

The Service complies with the principal U.S. privacy frameworks:

  • California Consumer Privacy Act (CCPA / CPRA) — California residents may request to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information.
  • Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA) — equivalent rights are honored for residents of those states.
  • Genetic Information Nondiscrimination Act (GINA, federal) — prohibits the use of genetic information for employment or health-insurance discrimination. We do not disclose genetic information to employers or insurers.
  • We do not knowingly collect personal information from children under 13 (COPPA).

Data retention

  • Session data — deleted at logout or after 5 minutes of inactivity.
  • Consent cookie — expires after 12 months.
  • Server access logs — retained for up to 30 days; aggregated and anonymized thereafter.
  • Genetic information uploaded by users — never persisted server-side.

International transfers

We do not transfer your genetic information across borders. Cookies and authentication data are stored on the infrastructure hosting the Service (U.S. / Linode). Chat questions sent for inference may be processed by Ollama Cloud (U.S.). For EU users, transfers are protected under appropriate safeguards as required by GDPR Art. 46 (Standard Contractual Clauses). Once we migrate to the in-house CRAFTED-trained model, inference will return entirely to the local homelab.

Cookies

The Service uses only two functional cookies:

  • session — authentication; HttpOnly, Secure (in production), SameSite=Lax; expires after 5 minutes of inactivity (sliding session).
  • consent — records cookie banner acknowledgement; 12-month expiry.

We use no tracking cookies, no third-party cookies, no fingerprinting, no analytics.

Contact

To exercise your rights, request deletion, or ask any privacy-related question, file an issue at codeberg.org/rockypod/japanese-ancestry-review/issues or contact the operator.

Last updated: 10 May 2026