DNA45 is operated by Mankind Research Labs Sandton. This policy explains what we collect, how we use it, and your choices. It applies to dna45.com and any subdomains.

What we collect

• Account basics. When you sign in with Google we receive your name, email and profile picture. Stored via Supabase Auth so we can keep your thread history across devices.
• Your queries (questions you submit) are processed by the DNA45 system to generate responses and are not associated with your identity in internal processing pipelines.
• Technical logs. Standard web-server logs (IP address, user agent, timestamp) kept by our host (Netlify) for security and rate-limiting. These rotate automatically.
• Local device state. Theme, narrate toggle, session history are stored in your browser’s localStorage. They never leave your device.

What we do not collect

• We do not sell your data. Ever.
• We do not run third-party advertising trackers.
• We do not build a profile of your browsing habits beyond your DNA45 conversation history.
• We do not share your queries with advertisers or data brokers.

How we use your data

1. To answer your questions and render living cards.
2. To maintain your signed-in session and let you pick up a thread on another device.
3. To improve the service — aggregate, de-identified usage patterns only.
4. To keep the service secure (rate-limiting, abuse prevention).

Google User Data

This section explains, in compliance with the Google API Services User Data Policy, exactly how DNA45 accesses, uses, stores, and shares user data obtained through Google APIs. DNA45 uses Google sign-in (Google OAuth 2.0) as one of several optional authentication methods, brokered through Supabase Auth.

Data accessed

When you choose to sign in with Google, DNA45 requests only the following non-sensitive, minimum-necessary scopes:

• openid — to obtain a stable Google account identifier (the sub claim).
• email — to obtain your primary Google email address, which serves as your DNA45 login identifier.
• profile — to obtain your display name and profile picture URL for rendering in the DNA45 user interface.

DNA45 does not request, access, or otherwise process any restricted or sensitive Google API scopes. Specifically, DNA45 does not access your Gmail messages, Google Drive files, Google Calendar events, Google Photos, Google Contacts, YouTube channel data, Google Fit data, or any other Google service data.

How we use Google user data

Google user data obtained through the scopes above is used solely for the following purposes, each tied to a user-facing feature of DNA45:

• To authenticate you and create or restore your DNA45 account.
• To associate your saved threads, broadcast sessions, and preferences with your account so you can resume them across devices.
• To display your name and avatar in the top navigation of the DNA45 interface.

We do not use Google user data for advertising, marketing, profiling, retargeting, building advertising audiences, training generalised or non-personalised machine-learning models, or any purpose other than providing the user-facing functionality of DNA45.

How we store Google user data

• Identity records (Google account ID, email, name, avatar URL) are stored in our authentication backend operated by Supabase, Inc., with encryption at rest and in transit.
• Sessions are managed via signed JWT tokens persisted to your browser’s localStorage. Google access tokens and refresh tokens are not transmitted to or stored by DNA45 servers.
• Access to stored identity records is restricted to authorised systems and a small number of operations engineers under the principle of least privilege.
• All transport between your browser, DNA45, Supabase, and Google is performed exclusively over HTTPS/TLS.

How we share Google user data

We do not sell, rent, trade, or otherwise transfer Google user data to advertisers, data brokers, analytics vendors, or any third party for advertising or profiling purposes.

Google user data is processed only by the following infrastructure providers, each acting strictly as a data processor on our behalf for the operation of the service:

• Supabase, Inc. — authentication and account database. supabase.com/privacy
• Netlify, Inc. — static hosting and serverless function execution. netlify.com/privacy

No human reviewer at DNA45 reads Google user data except where required by law, where you have given explicit consent (e.g. responding to a support request you have raised), or where strictly necessary for security investigations and abuse prevention.

Data retention and deletion

Identity records are retained for as long as your DNA45 account is active. To delete your account and all associated Google user data, email privacy@mankindresearch.org from the email address you signed in with. Deletion is completed within 30 days, and a confirmation will be sent once the records are purged from our authentication backend and any associated backups are cycled out.

Limited Use compliance

DNA45’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

AI / ML model training

We do not use Google user data, in whole or in part, to develop, improve, or train any generalised or non-personalised artificial-intelligence or machine-learning models. The language-model infrastructure used by DNA45 to generate answers is operated by third-party providers under contractual data-processing agreements and receives only your typed query — never your Google profile information, account ID, or email.

Other third-party data sources

Outside of identity, DNA45 generates response cards using a curated set of public, reputable APIs and open data providers. These sources form the external data layer used to construct answer cards. The purpose of this section is to make the provenance of system inputs transparent and traceable. Each provider operates under its own terms of service and privacy policy, which govern any data exchange with those systems.

• Open-Meteo, Wikipedia, OpenStreetMap — public data sources for weather, knowledge and maps.
• Third-party language-model providers — inference infrastructure for answer generation, operating under contractual data-processing agreements. Receives only your typed query, never your identity.
• Other open-data APIs — The Bible API, OpenQuotes, lyric databases, public sports and finance feeds, and similar providers used to construct individual cards.

Your choices

• Sign out. Click your avatar in the top nav, or visit Sign in.
• Delete your account. Email privacy@mankindresearch.org. Your record is removed within 30 days.
• Clear local data. Use your browser’s “Clear site data” tool for dna45.com.

Children and Minors Policy

DNA45 is not directed at, or intended for use by, children under the age of 13. Because DNA45 can surface complex and sensitive information, parents and guardians are responsible for controlling access to the service for minors. If we become aware that personal information from a child under 13 has been provided, we will take steps to remove it.

Changes to this policy

We will post any changes to this page and update the “Updated” date in the byline above. For material changes we will also notify signed-in users in-app.

Contact

Questions or requests: privacy@mankindresearch.org.

Mankind Research Labs Sandton
9th Floor, 5th on Atrium
Sandhurst, Sandton
South Africa, 2196