DNAForge Privacy Policy

Effective date: June 19, 2026

Company: Humic Labs Incorporated, doing business as DNAForge

Contact: hassaan@dnaforge.com

DNAForge is software for designing, organizing, importing, and routing biology work. Users may use DNAForge to manage sequences, plasmids, primers/oligos, notebook context, protocols, files, annotations, provider requests, returned results, and related scientific records. This policy explains how DNAForge collects, uses, shares, stores, and deletes data in the product.

This policy covers the DNAForge product, website, beta downloads, desktop/web applications, hosted services, provider-routing workflows, support channels, diagnostics, and import/migration tools. It does not govern DNAForge's internal legal/corporate document vault or founder/counsel document-storage process, which is handled separately.

DNAForge does not sell users' raw confidential scientific records, raw Customer Content, or personal information. DNAForge may create, use, disclose, license, and commercialize aggregated, de-identified, statistical, derived, or benchmark information based on use of the service, including information about workflow demand, experiment categories, provider availability, quote/order patterns, turnaround times, pricing, failure modes, routing outcomes, provider performance, market trends, and model-training/model-evaluation datasets. DNAForge may make small-segment demand intelligence available under reasonable aggregation thresholds. DNAForge may also use, disclose, license, or sell aggregated, de-identified, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, or otherwise non-identifying customer-derived data to labs, model builders, providers, customers, or partners for training, fine-tuning, evaluating, benchmarking, validating, or improving their models, tools, products, services, or market intelligence. DNAForge will not use this information to reveal a user's confidential Customer Content or directly identify a user or workspace unless the user has directed DNAForge to do so, opted into a provider marketplace or quote workflow, or the use is otherwise permitted under the applicable agreement.

1. Data we collect

Account and workspace data. We collect account identity data such as name, email address, authentication provider, workspace or organization membership, invitations, role/permission settings, account status, and audit-log events. We use this to authenticate users, administer workspaces, enforce access controls, provide support, and maintain security records.

Product and scientific work data. Users may upload, create, edit, import, or generate scientific records in DNAForge. This may include DNA/RNA/protein sequences, plasmids, constructs, primers, oligos, annotations, protocols, notebook entries, experiment plans, files, comments, tags, metadata, provenance, project organization, and import/migration records. This may include unpublished research, proprietary constructs, genetic or sequencing data, and confidential laboratory context.

Electronic lab notebook and source-system migration/import data. If a user uses a DNAForge migration tool, browser extension, file import, or source-system connector, DNAForge may process data the user is authorized to access in electronic lab notebooks, molecular-biology tools, sequence/design tools, LIMS, file stores, or other scientific source systems, including Benchling, SnapGene, and similar software. This may include source URLs, source IDs, entity names, notebook entries, sequence records, files, comments, attachments, project/folder structure, field mappings, import reports, unsupported-field notes, and user-selected migration bundles. A local migration bundle remains local unless the user uploads or imports it into DNAForge. Users are responsible for confirming that they have the right to export, migrate, upload, import, or otherwise process data from those source systems under applicable employer, university, institution, provider, customer, source-system, and third-party terms.

Provider-routing data. When users ask DNAForge to help request quotes, place orders, route jobs, track provider status, or receive returned results, DNAForge may collect and process provider names, selected services, quote/order metadata, project context, order files, sequence/design files, sample metadata, shipping or operational metadata, provider account references, order status, provider communications, returned results, invoices or reconciliation metadata, and support messages.

Diagnostics and usage data. We may collect crash reports, error reports, app version, operating system, browser/device metadata, download records, installation/update events, logs, performance telemetry, and reliability events. We use this to debug, secure, and improve the product, especially during beta.

Support and communications. If users contact DNAForge, we collect the information they provide in support requests, emails, Slack/Discord/Telegram/meeting channels if used for support, feedback forms, and other communications.

Billing/payment data. If DNAForge adds paid features, payments, credits, subscriptions, provider-routing payments, or invoicing, billing identity and payment-related records may be processed by DNAForge and/or payment processors. DNAForge generally uses payment processors, provider portals, or secure vendor-supported systems where available. If provider credentials or tokens are enabled, DNAForge may store or process the information needed for user-directed provider connections, subject to product controls and security measures.

2. How we use data

DNAForge uses data to:

  • provide accounts, authentication, workspace membership, access control, and audit logs;
  • create, import, store, search, display, and export scientific product records;
  • generate, validate, transform, route, and track provider job/order packets at the user's direction;
  • communicate with providers, labs, CROs, and users about quotes, orders, status, exceptions, and returned results;
  • run AI and agent workflows requested by the user;
  • debug errors, investigate reliability issues, improve performance, and secure the service;
  • provide support, onboarding, migration assistance, and beta feedback workflows;
  • comply with legal, security, accounting, tax, and compliance obligations;
  • create, use, disclose, license, and commercialize aggregated, de-identified, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, or otherwise non-identifying information, including workflow demand, experiment categories, provider availability, routing patterns, pricing, turnaround, failure modes, routing outcomes, market trends, model-training datasets, model-evaluation datasets, and model benchmarks.

3. AI and agent processing

DNAForge may use AI models, model APIs, local models, agent tools, or workflow services to help users transform sequences, draft protocols, parse imports, validate provider packets, summarize records, classify files, debug product behavior, or operate product agents.

When a user runs an AI/agent workflow, data relevant to that workflow may be sent to model providers or tool services. This may include prompts, selected records, files, metadata, generated outputs, provider-routing context, error traces, and tool-call results. DNAForge may limit external processing to data reasonably needed for the requested feature, support, security, reliability, evaluation, or product-improvement purpose.

Training and controls posture:

  • Where DNAForge's provider terms or configuration allow it, DNAForge does not allow third-party model providers to train their general foundation models on raw Customer Content submitted through DNAForge for hosted DNAForge AI features.
  • DNAForge may use feedback, usage data, logs, evaluations, derived data, aggregated data, de-identified data, routing outcomes, and user-approved examples to improve DNAForge products, models, agents, validation systems, routing logic, benchmarks, provider matching, and marketplace intelligence.
  • DNAForge may use, disclose, license, or sell aggregated, de-identified, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, or otherwise non-identifying customer-derived data to third-party labs, model builders, providers, customers, or partners for training, fine-tuning, evaluating, benchmarking, validating, or improving their models, tools, products, services, or market intelligence.
  • DNAForge does not use private Customer Content to train DNAForge-owned models in a way that reveals confidential Customer Content or directly identifies a user/workspace unless the user has affirmatively opted in or directed that use.
  • Certain plans or workspace configurations may offer controls for hosted AI features. If a feature requires hosted AI/model processing, users may choose not to use that feature.
  • DNAForge does not promise per-workspace AI disablement, bring-your-own-key support, local-only models, per-call consent, provider allowlists, or zero-data-retention unless those controls are available for the specific product feature or plan.

4. Local vs. cloud storage

DNAForge may include local desktop features, local files, local import bundles, and hosted/cloud workspaces.

Data that remains only on the user's machine is not stored by DNAForge unless the user uploads it, syncs it, imports it into a hosted workspace, sends it through a hosted AI/agent workflow, attaches it to a support request, or routes it to a provider through DNAForge.

Data stored in a hosted DNAForge workspace may be stored in DNAForge-controlled cloud infrastructure and subprocessors. Users should assume hosted workspace data can be accessed by workspace members according to their roles and by limited DNAForge personnel or service providers when needed for support, security, reliability, legal/compliance, or user-directed processing.

5. How we share data

DNAForge may share data in the following cases:

  • Workspace sharing. Data is shared with members of the user's workspace or organization according to roles, permissions, invitations, and audit-log settings.
  • User-directed providers/labs/CROs. When a user routes a quote, order, job packet, file, sample context, or result workflow to a provider/lab/CRO, DNAForge shares the information needed to complete that workflow.
  • Segment-level demand intelligence and derived data products. DNAForge may share, license, sell, or commercialize aggregated, de-identified, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, or otherwise non-identifying information about workflow demand, experiment categories, provider availability, routing patterns, pricing, turnaround, failure modes, routing outcomes, market trends, and model-training/model-evaluation datasets, provided the information does not reveal confidential Customer Content or directly identify a user/workspace. DNAForge may use small-segment reporting under reasonable aggregation thresholds.
  • Opt-in identified marketplace demand. If a user asks DNAForge to request quotes, contact providers, publish a provider-facing request, join a marketplace, seek provider outreach, or otherwise make demand visible, DNAForge may share the relevant organization identity, contact information, request details, workflow context, and provider-routing data with selected providers, labs, CROs, marketplace participants, or support services.
  • Service providers/subprocessors. DNAForge uses infrastructure and service providers for hosting, authentication, storage, email, analytics/diagnostics, payments, model processing, support, cloud storage, and security. These providers process data to provide services to DNAForge.
  • Support and troubleshooting. DNAForge personnel or service providers may access data when needed to answer support requests, investigate bugs, recover data, secure accounts, or respond to user-directed requests.
  • Legal/compliance/security. DNAForge may disclose data if required by law, legal process, security investigation, corporate transaction, or to protect rights, safety, or security.
  • User-directed exports. Users may export, download, share, or transfer their own data out of DNAForge.

DNAForge does not sell raw Customer Content or personal information. Aggregated, de-identified, statistical, derived, benchmark, and user-directed marketplace/demand data are separate categories and may be used or commercialized as described in this policy and applicable terms.

6. Subprocessors and infrastructure

DNAForge may use infrastructure and service-provider categories including:

  • hosting/application infrastructure;
  • database/storage/object storage;
  • authentication/identity;
  • analytics/diagnostics/crash reporting;
  • email and notification services;
  • support/customer communication tools;
  • model providers and AI tool services;
  • payment processors, if paid features or provider-routing payments are enabled;
  • cloud file storage for user-directed uploads or internal operations.

DNAForge does not publish a named subprocessor table during the limited closed beta. The public subprocessor posture is category-level unless DNAForge later publishes a specific register.

7. Retention, deletion, workspace removal, and export

Users may request export of product data from DNAForge in a reasonable machine-readable format where technically feasible.

Users may request deletion of their account or removal from a workspace. Workspace owners or administrators may request deletion or export of workspace data, subject to role/permission checks and legal/security constraints. Individual member departure or personal account deletion does not delete shared workspace records controlled by a workspace or organization.

Some data may remain after deletion, including:

  • backups and disaster-recovery copies;
  • audit logs and security records;
  • provider order records and support communications;
  • billing/accounting/tax records;
  • legal/compliance records;
  • de-identified, aggregated, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, demand-intelligence, marketplace-intelligence, routing-intelligence, model-training, model-evaluation, and model-benchmark data that no longer identifies a user/workspace or reveals confidential Customer Content.

Deletion of Customer Content does not require DNAForge to delete aggregated, de-identified, statistical, derived, benchmark, synthetic, transformed, normalized, labeled, scored, demand-intelligence, marketplace-intelligence, routing-intelligence, model-training, model-evaluation, or model-benchmark data that no longer identifies a user/workspace or reveals confidential Customer Content. DNAForge does not promise immediate deletion or a fixed deletion timeline during the limited closed beta.

8. Security

DNAForge uses commercially reasonable administrative, technical, and organizational safeguards appropriate for the beta stage of the product, including access controls, role-based permissions where available, encrypted transport, vendor-supported encryption, audit/security logs where available, secrets management, internal access restrictions, and incident-response procedures.

During beta, users should not import data whose contractual, regulatory, export-control, clinical, patient, or institutional restrictions exceed DNAForge's current published controls.

Incident/security contact: hassaan@dnaforge.com.

9. Sensitive biology data

DNAForge treats unpublished scientific work, proprietary constructs, genetic/sequencing data, provider-order packets, protocols, and laboratory context as sensitive product data. Access is limited by workspace controls, product permissions, subprocessors, user-directed provider sharing, and support/security needs.

DNAForge does not claim support for human genetic data, regulated clinical data, export-controlled data, biosecurity-sensitive sequences, institutional data-use agreements, or customer-specific restricted data unless the user has all required permissions and DNAForge has expressly confirmed support for obligations DNAForge itself must satisfy.

10. International, institutional, and regulated data

DNAForge's initial beta policy states what the product is and is not designed for:

  • DNAForge is not yet a HIPAA-covered service or clinical records system.
  • DNAForge is not yet positioned as a regulated GxP, CLIA, CAP, GLP, GMP, or validated quality system.
  • Users should not upload, import, route, or process HIPAA-regulated data, clinical records, GxP/CLIA/CAP/GLP/GMP-regulated data, export-controlled data, human-subjects data, or institutionally/sponsor/customer/employer-restricted data unless they have all permissions, approvals, rights, and agreements needed to do so.
  • Users are responsible for confirming that they are allowed to upload/import/share data under their employer, university, institution, sponsor, funder, provider, customer, electronic lab notebook, source-system, and third-party terms.
  • DNAForge may add enterprise/security addenda later for customers with stricter requirements.

This is the closed-beta boundary for publication. Later enterprise, regulated-data, biosecurity, or institutional support will be handled through separate terms, addenda, and product controls.

11. Policy changes

DNAForge may update this policy as the product, subprocessors, AI providers, provider-routing workflows, or legal obligations change. DNAForge will publish the effective date and may provide notice of material changes through the website, app, email, or other reasonable means.