Privacy Policy

Last updated: April 14, 2026

GeneStory Joint Stock Company ("GeneStory," "we," "our," or "us") is committed to protecting the privacy and security of your personal and genetic information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services, website, or mobile applications.

1. Company Information

GeneStory Joint Stock Company
Address: 702 Nguyen Van Linh, District 7, Ho Chi Minh City, Vietnam
Email: support@genestory-ai.com
Phone: +84 28 3636 0200

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

  • Name, email address, phone number, and date of birth
  • Billing and shipping address
  • Payment information (processed securely through third-party payment processors)
  • Health history and lifestyle information you voluntarily provide
  • Communication records when you contact us

2.2 Genetic Information

The core of our service involves processing your genetic data. This includes:

  • Saliva or other biological samples collected using our collection kit
  • DNA extracted from your sample
  • Raw sequencing or genotyping data generated from your sample
  • Processed genetic variant data
  • Health, ancestry, and trait insights derived from your genetic data

Genetic information is classified as sensitive personal data under Vietnam's Decree 13/2023/ND-CP and receives heightened protection under our data governance framework.

2.3 Usage Information

We automatically collect certain information about how you use our website and services, including IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and referring URLs. This information is collected using cookies and similar technologies as described in our Cookie Policy.

3. How We Use Your Information

We use your personal and genetic information for the following purposes:

  • Service delivery — processing your DNA sample and generating your requested health, ancestry, or pharmacogenomics reports
  • Account management — creating and managing your GeneStory account and customer relationship
  • Communication — responding to inquiries, providing support, and sending service-related notifications
  • Quality improvement — monitoring and improving the accuracy and quality of our analytical methods and reports
  • Legal compliance — complying with applicable laws, regulations, and legal processes
  • Research — contributing to anonymized population genomics research, only with your explicit separate consent

4. Genetic Data: Specific Protections

We apply the following specific protections to genetic data:

  • Genetic data is pseudonymized — your identifying information is stored separately from your genetic data using a secure linking key
  • We do not sell, license, or transfer your genetic data to insurance companies, employers, or government entities except where required by Vietnamese law
  • Research use of genetic data requires a separate, specific consent that you may withdraw at any time without affecting your clinical services
  • We do not use your genetic data to create profiles for advertising or marketing targeting
  • We retain raw genetic data only as long as necessary for your requested services or as required by law, or until you request deletion

5. Legal Basis for Processing

We process your personal data on the following legal bases under Vietnamese law and applicable international privacy standards:

  • Contractual necessity — processing required to deliver the services you have purchased
  • Consent — particularly for sensitive genetic data and optional research participation, where we obtain explicit, specific, and informed consent
  • Legitimate interests — service improvement, security, and fraud prevention where these do not override your fundamental rights
  • Legal obligation — compliance with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your information with:

  • Laboratory partners — ISO-certified laboratory facilities involved in sample processing (bound by confidentiality agreements)
  • Healthcare providers — only with your explicit consent, when you direct us to share findings with your physician or genetic counselor
  • Service providers — cloud storage, payment processing, and IT service providers acting as data processors under our supervision (bound by data processing agreements)
  • Legal authorities — where required by Vietnamese law, court order, or regulatory authority

We do not sell your personal or genetic data to third parties.

7. Data Storage and Security

All genetic data is stored on servers located within Vietnam, in compliance with Vietnam's data localization requirements. We implement technical and organizational security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication and role-based access controls
  • ISO 27001-certified information security management
  • Regular security audits and penetration testing
  • Employee training on data privacy and security

8. Your Rights

Under Vietnam's personal data protection regulations and our commitment to customer rights, you have the right to:

  • Access — request a copy of the personal and genetic data we hold about you
  • Correction — request correction of inaccurate personal information
  • Deletion — request deletion of your personal and genetic data (subject to legal retention requirements)
  • Portability — receive your data in a machine-readable format
  • Withdraw consent — withdraw consent for research participation at any time
  • Object — object to processing of your personal data in certain circumstances

To exercise these rights, contact us at support@genestory-ai.com. We will respond within 30 days.

9. Data Retention

We retain your data for the following periods:

  • Account and contact information: for the duration of your account plus 5 years for legal compliance
  • Genetic data (raw and processed): for the duration of your account, or until you request deletion, or as required by law
  • Research data (if consented): as specified in the research consent, which you may withdraw at any time
  • Financial transaction records: as required by Vietnamese accounting and tax law (typically 10 years)

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. For minor children whose testing is requested by a parent or legal guardian, we require explicit parental consent and apply additional privacy protections. Genetic data from minors is subject to stricter retention and research use limitations.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the updated policy on our website with a revised "Last updated" date. Your continued use of our services after the change effective date constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or to exercise your data rights, please contact our Data Protection Officer:

GeneStory Joint Stock Company
Data Protection Officer
702 Nguyen Van Linh, District 7, Ho Chi Minh City, Vietnam
Email: support@genestory-ai.com

Related Legal Documents:

Terms of Service Cookie Policy