Privacy Policy

Last updated: March 7, 2026

1. What We Collect

When you use 20% Better, we collect only what is necessary to generate your personalized genetic health report:

  • Your raw DNA file — uploaded from 23andMe, Ancestry, or MyHeritage
  • Your name — to personalize your report
  • Your email address — to deliver your report
  • Payment information — processed securely by Stripe (we never see or store your card details)

2. How We Use Your Data

Your data is used for the following purposes:

  • Your DNA file is analyzed against our curated database of health-relevant genetic markers
  • Your name is included in the personalized report
  • Your email is used to deliver the completed report and for transactional communications
  • Your email and name may be used for advertising audience matching — we may upload hashed (encrypted) customer email lists to advertising platforms (such as TikTok or Meta) to create lookalike audiences for marketing. These platforms never receive your genetic data, report contents, or health information. You can opt out of this by contacting us at privacy@20percentbetter.co
  • We never use your genetic data for research, advertising, profiling, or any purpose beyond generating your report

3. Zero-Retention DNA Policy

Your raw DNA file is permanently deleted immediately after your report is generated. We do not retain, archive, or back up your genetic data. Once your report is delivered, your file no longer exists on our systems.

During processing, your file is stored in an encrypted, isolated serverless environment. It is never written to persistent storage and is destroyed when processing completes.

4. We Never Sell or Share Your Data

Your genetic data, DNA files, and report contents are never sold, rented, shared, or disclosed to any third party. Period. We are not in the data brokerage business.

As described in Section 2, we may share hashed (non-reversible) email addresses with advertising platforms solely for audience matching purposes. This never includes your genetic data, health information, or report contents.

5. Third-Party Services

We use a small number of trusted services to operate:

  • Stripe — payment processing. Stripe handles your card details directly; we never see or store them. Stripe's Privacy Policy
  • Amazon Web Services (S3) — temporary file storage during upload. Files are encrypted in transit and at rest, and permanently deleted after processing.
  • Resend — email delivery for sending your completed report.
  • Modal — serverless compute for running the analysis. No data persists after execution.

6. Cookies & Analytics

We use minimal cookies necessary for site functionality. We also use the following analytics and measurement tools to understand how visitors interact with our site and to measure the effectiveness of our advertising:

  • Google Analytics — anonymous usage statistics (pages visited, time on site, traffic sources). No personally identifiable information is collected.
  • Microsoft Clarity — anonymous session recordings and heatmaps to understand how visitors use the site. All data is anonymized.
  • TikTok Pixel — measures the effectiveness of our TikTok advertising campaigns. Tracks page visits and conversion events without collecting genetic or health data.

These tools do not have access to your genetic data, DNA files, or report contents. They only track general website usage patterns. You can opt out of tracking by using browser privacy settings or extensions like uBlock Origin.

7. Data Security

We take the security of your data seriously:

  • All file uploads are encrypted in transit (TLS/HTTPS)
  • Files are encrypted at rest during temporary storage
  • Processing occurs in isolated serverless environments
  • Genetic files are permanently deleted after report generation
  • Payment data is handled entirely by Stripe's PCI-compliant infrastructure

8. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Deletion — request deletion of your personal data (note: your DNA file is already automatically deleted)
  • Correction — request correction of inaccurate personal data
  • Portability — request your data in a portable format

These rights apply regardless of where you are located, including under the GDPR (EU/EEA), CCPA (California), and similar regulations.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect data from minors. If you believe a minor has submitted data to us, please contact us and we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users via email or a prominent notice on our website. The “Last updated” date at the top reflects the most recent revision.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at privacy@20percentbetter.co.