Privacy Policy

Last Updated: June 13, 2024

1. Our Service

Hi there, we are DNAstack Corp. (“DNAstack’, “we”,“us”, or “our”), the creators of Publisher, Explorer, Workbench products and data networks such as Viral AI, software that helps (i) data custodians connect, organize, protect and share data; and (ii) data consumers search, access, curate and analyze shared data (the “Software”, the “Platform”, or the “Service”).

2. About Our Privacy Policy

This Privacy Policy applies to your access and use of the Platform. We take great care to protect your private and personal information under applicable legislation. Before you start using the Platform, please take a moment to carefully read and understand our Privacy Policy, which tells you what personal information we collect about you, how we use that personal information, how this information may be shared, and what choices and rights you have with respect to this information.

We are headquartered in Toronto, Canada and our Platform is provided to you by DNAstack. If you are a resident of the European Union (“EU”), DNAstack is the controller of your personal data for the purposes of the EU data protection legislation.

With respect to Input Data which includes data you upload to, share to and delete from the Platform, you are the data controller as you control the Input Data and determine what processing is to be done on such data. DNAstack is the data processor in this case, as DNAstack’s systems are processing the data on your behalf.

Data controllers and data processors do not have to be based out of the EU to be subject to the provisions of the GDPR. If you believe you, your organization, or your affiliates is/are a data controller processing EU citizen’s personal data, we require that you or an authorized representative from your organization contact us at to execute necessary agreements as an addendum to our Terms of Use and this Privacy Policy.

This policy was originally written in English. To the extent a translated version conflicts with the English version, the English version governs. Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through our Platform.

If you have questions or comments about this Privacy Policy, please contact us at: capitalized terms not specifically defined in this Privacy Policy are defined in the Terms of Use.

3. Our Use of Your Personal Information

We rely on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:

  • as necessary to provide the Service and fulfill what we promised in our Terms of Use;
  • where you have consented to the processing of your information;
  • where necessary to comply with a legal obligation, such as a court order or to exercise or defend legal claims;
  • to protect your vital interests, or those of others, such as in the case of emergencies;
  • where you have made the information public;
  • where necessary in the public interest;
  • and where necessary for the purposes of our or a third party’s legitimate interests, such as those of our Third-Party service Providers and partners.

4. Our Legitimate Interests

The legitimate interests of DNAstack and our third-party service providers and partners include:

  • Providing and improving the Platform. We do so as it is necessary to provide the Platform to you, and to keep developing and improving the Platform.
  • Keeping the Platform safe and secure. We do so as it is necessary to ensure the Platform is secure, and to protect against fraud, spam and abuse, etc.

5. Information We Collect About You

When you use DNAstack, we collect various types of information about you. Some of this information like email address, can be used to identify you (“Personally Identifying Information” or “PII”), and some of this information, like activity and log data, cannot be used to identify you (“Non-Personally Identifying Information” or “Non-PII”).

The amount and type of personal information we ask for depends on the nature of the interaction. We will only collect such information as is necessary or appropriate to fulfill the purpose of your requested interaction with DNAstack.

We collect information in a few different ways, including information that you enter when you create an Account and automatically when you use the Platform (for example, when you navigate within the Platform).

5.1 Information you provide us

We collect information that you provide us, including:

  • Account and profile information: We collect information you provide us to sign up for an Account, such as your full name, business/organization name, email, username and password, mailing address, phone number, profile photos, business logos and trademarks, etc.
  • Content you submit: We collect information and content that you submit to the Platform, such as categories and details of curated data collections that you may create, comments, feedback, reviews and other information you upload to the Platform, all other information you provide to us on the Platform (including Input Data and genomics information);
  • Payment source information: If applicable, we may collect certain information in order to process your order, such as billing address and payment details (credit card, Paypal information, etc).
  • Cookies: We use cookies and similar tracking technologies to track the activity on our websites and improve your user experience. We will automatically collect, store, and use the following categories of data when you browse and search our site: technical information, for example, the type of device (and its unique device identifier) you use to access our site, the Internet protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform; and information about your visit to our site including pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Communications: When you communicate with us (via email, etc.), we store a copy of your communications.

Such information may be considered your personally identifying information.

5.2 Information from third parties.

We collect information that third parties provide us, including information from other platforms, publicly available information, information from our Third-Party Service Providers, or the organization which granted you access to the Platform. The information we receive from these other platforms for log in or sign up purposes will generally be considered Personally Identifiable Information.

  • Other Platforms: If available, DNAstack may allow you to sign up and log in to the Platform using accounts that you have created with third-party platforms. If you access DNAstack with a third-party account, we will collect information that you have agreed to make available, such as your name, email address, public profile information, etc. You may also provide us with access to images posted to Gravatar ( The foregoing information is collected by the third-party account provider and is provided to us under their privacy policies. You can generally control the information that we receive from these sources using the privacy settings in your third-party account.
  • Publicly available information: We may collect information that you make available to the public, such as when you make a public post on LinkedIn about the Platform or DNAstack.
  • Information from your organization: If you are working at an organization that is party to a licensing arrangement with DNAstack (whether directly or via an Enterprise Licensing Agreement), that organization may have provided us with your information in order to grant you permission to access the Platform.
  • Information from an external organization: If an organization that is party to a licensing arrangement with DNAstack (whether directly or via an Enterprise Licensing Agreement) would like to provide you with access to the Platform, that organization may have provided us with your information in order to grant you access to the Platform.

5.3 Information automatically collected when you use the Platform

We collect certain information automatically whenever you use the Services:

  • Website activity: We collect information about your use of the Platform, including your search activity, usage activity, analytics, other types of raw data relating to how you interact with the Platform, session duration, etc.
  • Device information: We also collect information that your device provides us in connection with your use of the Platform, such as your desktop device type, system language, browser type, IP address and location data, including geo-location data, etc.
  • Cookies and similar technology: We use cookies in connection with your use of the Platform to collect information related to what you see and interact with. We may use cookies to collect usage information, determine our total audience size and traffic and determine which areas of the Platform are of greatest interest to users. Disabling cookies on your web browser may interrupt the proper use of the Platform.
  • Web Beacons/Pixel Tags: These are invisible tags placed on certain pages of our Website. When you access our Website, pixel tags generate a notice of that visit. They usually work in conjunction with cookies, registering when a particular computer visits a particular page. If you turn off cookies, the pixel tag will simply detect an anonymous website visit. We may use web beacons to recognize users and access traffic patterns.

5.4 Information collected on behalf of a Data Custodian

  • The Platform allows Data Consumers to apply to access Data owned or controlled by a certain Data Custodian (“Data Access Application”). As part of this Data Access Application process, the Data Custodian can require that Data Consumers submit certain personal information, which may include PII(“Access Information”). The type of Access Information required by the Data Custodian is in the Data Custodian’s sole discretion and DNAstack collects such Access Information from the Data Consumer on behalf of the Data Custodian.

6. Use of Information

In general, we use both Personally Identifiable Information and Non-Personally Identifiable Information in order to administer, operate and provide the Platform to you.

How we use your Personally Identifiable Information:

  • facilitate the ordinary operation of the Platform;
  • verify your contact information;
  • troubleshooting technical issues that you encounter and providing User support;
  • to respond to customer service inquiries when you contact us;
  • to enforce our Terms of Use and Privacy Policy, including pursuing available legal remedies to us and to prosecute or defend a court, arbitration or similar proceeding;
  • to provide you with system or administrative messages relating to the Platform;
  • to let you know about new features or updates to our Terms of Use or Privacy Policy;
  • to send you information about your relationship or transactions with us;
  • Communicate with you about your Account and our Services;
  • Bill and collect fees owed to us;To meet legal requirements;
  • to send you marketing communications with respect to the Platform and DNAstack’s product offerings (where you have opted-in to receive such messages);
  • to send you marketing communications with respect to third-party product offerings (where you have opted-in to receive such messages);
  • to administer surveys, contests or promotions (to the extent that you have opted-in to participate in these).

How we use your Non-Personally Identifiable Information

  • to analyze, evaluate and improve our Platform functionality and experience. For example, we use crash reporting to be able to fix issues promptly and analytics to gain insight into what actions you are taking within the Platform
  • to personalise your Platform experience, such as listing third-party software solutions such as data hosting or analytics/bioinformatics platform that you may connect and use with the Platform;

Aggregated Statistics

We may also de-identify or aggregate the information collected in connection with the Platform, in ways that do not personally identify you. From time to time, we may use this non-identifying aggregated information to perform statistical analyses of user behaviour and demographics in order to measure the interest in and use of the Platform, to publish trends such as types of Users, number of active Users, etc., or to provide information on Platform activity to our Third-Party Service Providers or other third-party software solutions that you may connect and use with the Platform.

Any use of your information that is incompatible with these uses will be disclosed to you in advance so that you may opt out of such uses at your discretion.


With respect to a particular Data Access Application, DNAstack will use Access Information to facilitate such application and data access permissions/operations on the Platform between Data Consumers and Data Custodians.

7. Sharing Your Information

We will not rent or sell your information to anyone. If any of your information is shared or disclosed to third parties, it will only be so that we can provide you with the full suite of our Services.

Third-Party Service Providers. We may share your information with third parties who provide services to us (“Third-Party Service Providers”), such as hosting by Microsoft Azure, mailing list management, credit card payment processing solutions, analytics and reporting, real-time customer service chat, independent contractors, etc. These Third-Party Service Providers will only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. These Third-Party Service Providers may have their own terms of service and privacy policies on the collection and use of your information which either we or you provide them. We may use a variety of third-party service providers both inside and outside of Canada, which may make your information subject to foreign laws and foreign legal proceedings. If you would like to know what third-party services providers are in use with the Platform, please contact us at

Legal Requests. We cooperate with law enforcement inquiries and demands for information that are made under force of law. Therefore, we may disclose your information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), in accordance with the applicable law (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, in accordance with the applicable law (c) as otherwise required under any applicable law. If we are required by law to make any disclosure of your information (including personal or business information), we may (but are not obligated to) provide you with written notice (to the extent permitted by law) prior to such disclosure so that you may take appropriate action.

We may also disclose your information if we determine in good faith that disclosure is reasonably necessary or appropriate to protect the property rights of DNAstack, third parties, yourself or the public at large.

Related Business Affiliates. We may share your information with affiliates under common control with us, who are required to comply with the terms of this Privacy Policy with regards to your information.

Sale of Business. If we become involved in a business merger, acquisition, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such transaction. If we do this, such disclosure will be subject to confidentiality arrangements that are typical of such transactions.

Marketing. We do not share your information with third parties for promotional purposes unless you have opted-in to such disclosure. If you have opted-in to have your information shared, you may choose to opt-out from receiving further communications from any third party that is not our agent or service provider at any time by contacting the marketing partner/affiliate directly.

FAQ. If you send us a request for information or support in relation to our Services, we reserve the right to publish the content of your request (with any PII removed) for the purposes of clarifying our Service for other users (e.g. in a “FAQs” section).

Access Information. With respect to a particular Data Access Application, DNAstack will disclose a Data Consumer’s Access Information to the corresponding Data Custodian.

8. Protecting Your Information

We strive to protect your information. We use commercially reasonable administrative, technical, and physical measures to safeguard your information in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. For data transmission security, we use standard encryption protocols (SSL/HTTPS) for transmission of information. The encryption process protects your information by scrambling it before it is sent to us from the App. Our hosting service providers for our database and application are reputable third-party hosting service providers whose privacy, security, transparency and industry-specific standards are best-in-class. Our systems and databases are backed up regularly to help protect your information in case of an uncontrollable catastrophe.

Unfortunately, no data transmission over the Platform and the internet and no storage of data can be guaranteed to be 100% secure. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your information, we cannot warrant the security of any information you transmit to us, and you acknowledge that there is always some risk when transmitting information to us through the Services.

To the fullest extent permitted by law, in no event will we, our affiliates, officers, directors, shareholders, employees, contractors, agents, suppliers, or licensors be liable, howsoever caused, for the loss or theft of your personal information, your Input Data (including genomics data), or any damages caused as a result thereof, so long as we are not grossly negligent in the protection of said information.

You must be diligent in protecting your own personal information and Input Data, including logging out of your Account at the end of each Session.

You also acknowledge that where you use workflows or code uploaded or provided by third-parties or other Users, we cannot confirm what security protocols are in place to protect your personal information, Input Data, or the transferring of such information and data.

9. Data Retention

Information associated with your account will generally be kept until it is no longer required for the purpose for which it was collected. We may however retain information from deleted accounts to comply with the law, to prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Use and take other actions permitted by law. The information we retain will, of course, be subject to this Privacy Policy.

Information about you that is no longer necessary and relevant to provide our Services to you may be de-identified and aggregated with other non-personal data to provide insights which are commercially valuable to us, such as statistics related to the use of the Services.

10. Managing Your Settings

Adjusting Notification and Email Preferences. If you originally subscribed or opted-in to receive newsletter communications from us, you may unsubscribe by following the instructions contained at the bottom of each type of email. All other notification settings, if applicable, are found in the account settings section of the Platform.

Updating Account Information. You may correct, amend or update User Account information that is inaccurate at any time by adjusting that information in the account settings section of the Platform.

Deleting Information and Accounts. You may request that your User Account is deleted by contacting us at: We will generally respond to your request within 10-14 business days.

11. EU Member Rights

If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:

Access and Porting. You can access much of your information by logging into account and accessing the account settings screen of the Platform. If you require additional access or to download a copy of your data, please contact us at: We will generally respond to your request within 10-14 business days.

Correcting and Deleting. You can also rectify, restrict, limit or delete much of your information by logging into your account and accessing the account settings screen of the Platform. If you are unable to do this please contact us at We will generally respond to your request within 10-14 business days.

Objecting. Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.

Revoke Consent. Where you have previously provided your consent, you have the right to withdraw your consent to the processing of your information at any time. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

Complain. Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Response. We will respond to all requests that we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.

12. International Transfers of Personal Information

The Platform is hosted and operated from within Canada. If you are located outside of Canada and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in Canada, as it is necessary to provide the Services and our obligations to you under the Terms of Use.

13. Children

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18 years of age. In the event that we learn that we have collected personal information from a child under 18 years of age, we will take appropriate steps to delete that information. If you become aware or believe that a child has provided us with personal information, please contact us as provided in the “Questions” section.

14. Additional Details

Links To Other Websites. The Platform may contain links to other websites on the internet maintained by third parties. Clicking on a link to a third party site will make you leave the Platform and go to the site you requested. We cannot control the activities of third parties. Therefore, we cannot accept responsibility for any use of your PII by such third parties, and we cannot guarantee that these third parties will adhere to the same privacy practices as ours. We encourage you to carefully review the privacy policies of any other service provider from whom you request services.

15. Changes in This Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time and in our sole discretion, so please check back frequently. If we decide to change our privacy practices, we will post the changes to this Privacy Policy on the home page or dashboard of the Platform as an update alert, or message in the notification section of the Platform, or by sending you an e-mail update, and/or any other places we deem appropriate so that you can be made aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

16. Questions

If you believe that we have not adhered to this Privacy Policy, and would like to make an amendment to your personal information being held by us, please contact our privacy officer by email at or

17. Severability

If any provision of this Privacy Policy is found to be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from this policy and shall not affect the validity and enforceability of any remaining provisions.

18. Privacy Complaint Resolution Process

Concerns, complaints, and comments regarding privacy can be communicated to us by email at

Upon contacting us, you will receive a response within 24h. If you feel your concern has not been adequately addressed, DNAstack provides you with an appeal process. The DNAstack Chief Privacy and Security Officer (CPSO) will re-examine your concern and work with you to determine the fairest course of action. The CPSO can be contacted by email at

Finally, if DNAstack is unable to resolve your concern, you may contact the Privacy Commissioner of Canada in writing, at:
112 Kent Street,
Ottawa, ON K1A 1H3

Additionally, the privacy commissioner offers these phone numbers for general inquiries:
Call 1-800-282-1376
Fax 613-947-6850