Effective date: April 28, 2026 ยท Last updated: April 28, 2026
Chromly LLC (“Chromly,” “we,” “us”) operates chromly.app (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
1. The short version
Your genome data never leaves your device. We do not collect, store, or transmit your DNA file or any genetic information. Genome files you upload to Chromly are processed entirely in your browser and stored locally on your computer using your browser’s file system (OPFS). We have no access to them.
2. Information we collect
We only collect information needed to deliver and support the Service:
Email address — when you purchase a license. Used to send your license key and respond to support requests.
Payment information — processed by our payment provider, Creem.io. Chromly does not receive or store your card number, CVV, or full billing details. We receive only a payment confirmation and the email you provided at checkout.
License key — we generate a license key tied to your purchase and store it on our servers to validate activations.
Aggregate, non-identifying totals — we may track aggregate counts (e.g., total purchases, total active licenses) for business operations. These figures cannot be tied back to individual users.
We do not collect:
Your DNA, genome, SNP, or any genetic data
Individual analytics, behavior tracking, or device fingerprints
Cookies for advertising or third-party tracking
Genetic data is classified as “special category” personal data under GDPR Article 9. Chromly’s architecture is designed such that we never receive or process this data — it remains on your device at all times.
3. Browser storage
Chromly stores the following on your own device only:
LocalStorage: your activated license key and minor user preferences (e.g., view settings).
OPFS (Origin Private File System): any genome files you import. These files never leave your machine.
You can clear this data at any time by clearing site data for chromly.app in your browser settings.
Cloudflare — hosting and content delivery. Cloudflare may log standard server data (IP address, request timestamps) for security and abuse prevention. See Cloudflare’s Privacy Policy.
Ensembl / EMBL-EBI — OPTIONAL, off by default. Only if you enable online variant lookups, a single variant label (an rsID — a standard code naming one spot in your DNA where people differ, e.g. rs4680) is sent to look up what that spot does. Your genome file is never sent. Ensembl anonymises server logs (removes IP) after 30 days and does not sell data.
NCBI / NIH — OPTIONAL, off by default. Only if you enable online lookups, a gene symbol or a single rsID is sent to retrieve public gene and variant summaries. NCBI does not sell or share personal data.
gnomAD / Broad Institute — OPTIONAL, off by default. Only if you enable online lookups, and only when a variant is not already in our bundled data, a single rsID is sent to retrieve public population-frequency data. Your genome file is never sent. Questions about any of these? Email [email protected].
5. How we use your information
To deliver your license key after purchase
To validate your license key when you activate Chromly
To respond to support requests you send us
To prevent fraud and abuse
We do not sell, rent, or share your information with advertisers or data brokers.
Lawful basis for EU/UK users (GDPR):
Purchase and license validation — contract performance (Art. 6(1)(b))
Support communications — legitimate interest in responding to your requests (Art. 6(1)(f))
Aggregate, non-identifying business totals — legitimate interest in operating the Service (Art. 6(1)(f))
Fraud and abuse prevention — legitimate interest in protecting the Service (Art. 6(1)(f))
6. Your rights
Depending on where you live, you may have rights including:
Access: request a copy of personal information we hold about you.
Correction: request that we correct inaccurate information.
Deletion: request that we delete your information. Note: deleting your purchase record will deactivate your license.
Opt-out of sale: we do not sell personal information.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
California residents (CCPA/CPRA): You have the right to know what personal information we have collected about you, to request deletion of that information, and to opt out of any sale or sharing for cross-context behavioral advertising. We do not sell or share personal information for those purposes. To exercise CCPA rights, email [email protected].
7. Data retention
We retain purchase records (email, license key, payment confirmation) for as long as your license is active, and for a reasonable period afterward to handle support, refunds, and tax/legal obligations. Aggregate, non-identifying totals are retained indefinitely.
8. Security
We use industry-standard practices to protect the limited data we collect, including HTTPS for all traffic and minimizing the data we hold. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9. Children
Chromly is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. International users
Chromly is operated from the United States. If you access the Service from outside the U.S., you consent to your information being transferred to and processed in the United States.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Effective date” at the top reflects the current version. Material changes will be posted on this page; continued use of the Service after changes means you accept the updated policy.