Help Center

Privacy, Data & Trust

How DNA45 handles your data, what we never collect, and the controls you have at any time.

Data Policy

A precise account of how data flows through DNA45 — storage locations, retention, encryption, and processing chains.

Issued by Mankind Research Updated 1 May 2026

This policy is a technical complement to the Privacy Policy. It explains exactly where each piece of data lives, who can see it, how long it is kept, and the route a single query travels from your browser to a returned card.

Data classes

DNA45 segregates data into four classes. Each is governed by different storage, retention and access rules.

  • Identity data. Name, email, profile picture, Google subject ID. Stored in Supabase Auth (Postgres, encrypted at rest, EU region).
  • Conversation data. Your typed questions and the structured cards returned. Stored client-side in your browser’s localStorage by default; optionally synced to Supabase if you are signed in.
  • Telemetry. Anonymous, aggregate usage counters (e.g. “weather card rendered”). No content, no identity, no IP. Used only to debug and prioritise features.
  • Operational logs. Web-server access logs (IP, user agent, timestamp, response code) held by Netlify for security and rate-limiting. Rotated automatically every 7–30 days.

The path of a single query

  1. Your browser sends the query string over TLS 1.3 to dna45.com on Netlify’s global edge.
  2. Our edge function detects intent (weather, sports, SASSA, Gautrain, etc.) and either answers locally or fans out to a provider.
  3. If a language model is required, the query is forwarded to OpenAI / Anthropic / Google AI without your identity attached.
  4. External APIs (Open-Meteo, Wikipedia, OpenStreetMap) are called for live data.
  5. The structured response is composed into a card and streamed back to your browser.
  6. The card is rendered, cached locally for the session, and (if signed in) synced to Supabase.
Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Supabase databases are encrypted with provider-managed keys. localStorage on your device is governed by your browser’s sandbox.

Retention

  • Identity data. Retained while your account exists. Deleted within 30 days of an account-deletion request.
  • Conversation data. Synced threads are retained until you delete them or your account.
  • Telemetry. Retained for up to 13 months, then deleted.
  • Operational logs. Retained 7–30 days by Netlify, then rotated.

Access

Within Mankind Research, only on-call engineers may access production systems. All access is audited. We do not have a customer-support function that can view your conversation contents.

Data subject rights

Wherever you are based, you can:

  • Request a copy of the data we hold on you (email privacy@mankindresearch.org).
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Withdraw consent at any time by signing out and clearing local data.

For users in jurisdictions with stronger statutory rights (POPIA in South Africa, GDPR in the EU/UK, CCPA in California) those rights apply directly.

Cross-border transfers

DNA45 uses providers in South Africa, the EU and the United States. Where data crosses borders, we rely on the providers’ standard contractual clauses and equivalents.

Security

We follow industry baselines: TLS in transit, AES at rest, least-privilege access, automatic dependency scanning. Reports of suspected vulnerabilities can be sent to security@mankindresearch.org.

Confidence Score

Every answer DNA45 returns carries a Confidence Score — a percentage between 0 and 100 that reports how well the claim can be backed by external, credible sources at the moment the card is rendered.

It is calculated from five signals: the number of independent sources that support the claim, the credibility of each source (NASA, Nature, peer-reviewed journals and statistical agencies score higher than anonymous blogs), the recency of those sources, whether the sources agree with each other, and how topically relevant they are to the claim. When the system finds many credible sources backing a claim, the score is high. When it finds little to no external referential material and has to rely largely on the model’s own knowledge base, the score is significantly lower.

This is not because we distrust the model. We take pride in its knowledge base — it is the shape of knowledge, the structure that lets DNA45 reason at all. But facts change over time. Truth is validated by the outside world: by laboratories, journals, academies and statistical bodies where knowledge is birthed every day. The model is the Shepherd. The world is the validator. The Confidence Score is what they agree on.

Read the full policy

For the band-by-band breakdown, the list of sources we treat as credible, and what the score is — and is not — see the dedicated Confidence Score article.

Did this answer your question?