Welcome to Sonar!

Before using Sonar and all related tools and services, please review this Privacy Policy. This policy is intended to make clear what sorts of data we (Seven Bridges Genomics Inc.) collect, what we do with it, and how our users (“you”) can control what happens to it. Please also see the Sonar Terms of Service for additional, information about your use of Sonar.

I. What Data We Collect

In the course of your use of our services, we may collect the following types of information:

Submitted Data: You may provide us with genomic variant data derived from human subjects, for instance by uploading a VCF file. You may also provide us with clinical and/or phenotype data of these subjects in various formats that will undergo an ETL procedure prior to being made available in Sonar.

Submitted Metadata: When you provide us Submitted Data, that Submitted Data will usually be accompanied by associated metadata describing the Submitted Data, which may include information about the provenance of the variant data, or information providing mappings between genotype and clinical data.

Payment Information: In order to pay for services you may be required to submit payment information, such as a credit card number and billing address.

Account Information: In the course of registering an account or subsequently, we may ask you to provide information such as your name, employer, email address or phone number. In addition, your account may be associated with other accounts that are apart of the same organization or entity. These associations will only be visible to users from the organization with administrative privileges and staff members of Seven Bridges.

User Activity Information: We may keep logs of your activity as you use our services, for example which pages you visit, when you start a task. We may also track user activity on our site using third-party services such as Google Analytics, which you can learn more about at http://www.google.com/analytics/, Fullstory, which you can learn more about at https://www.fullstory.com, and other similar services.

Other User­ Provided Information: You may provide information to us via other communications with our team, for instance emails exchanged with our support team or suggestions submitted via a feedback form.

Marketing Information: In order to better understand use of and interest in our product, we may collect information on users or potential users of our product, for instance by matching up users with the institutions with which they are affiliated.

II. What We Do With It

We store and process Submitted Data and Submitted Metadata on your behalf, for instance when you run a query on your data. We may also access and process your Submitted Data and Submitted Metadata in order to provide support to you, for instance by running a few tests on your data for debugging purposes if your query fails. Your data is processed on servers provided by Amazon Web Services and stored on their servers in encrypted form. You can find more information about Amazon Web Services’ security practices at http://aws.amazon.com/security/.

We only use your Payment Information in order to bill you for services. Your Payment Information, and some elements of your Account Information are stored and processed on our behalf for this purpose by a third­-party service provider, Stripe Inc. – check out their privacy policy at https://stripe.com/us/privacy and their security protections at https://stripe.com/help/security. We do not store any credit card information ourselves.

We may use your Account Information to contact you about your use of our services, for instance to let you know a query has completed, or to otherwise inform you about our services, for instance by letting you know about changes or improvements to our offerings. We may also aggregate information from user’s Account Information in order to better understand use of and interest in our Service. Your Account Information may be stored on Amazon Web Services, our third-party infrastructure provider.

We may use User Activity Information, Account Information and Other User­ Provided Information to maintain, improve and better understand usage of our Service and otherwise analyze aspects of our business. This information may be stored or processed by third­-party service providers on our behalf.If you explicitly so choose (see “Controlling Your Data” below), we may share your Submitted Data and some elements of your Account Information with other users who have administrative privileges for your institutional affiliation.

We may disclose your data to third parties in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, or if, at our sole discretion, we believe this is necessary in order to meet any legal requirement or enforceable governmental request or to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our Service, or anyone else who could be harmed by such activities. We may also transfer any and all information we collect from users to a third party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfers, or other disposition of all or any portion of Seven Bridges Genomics Inc.’s business, assets, or stock.

We will not use your data in ways that go beyond those laid out in this Privacy Policy without your consent.

III. Controlling Your Data

You can access and edit most elements of your Account Information via the “Account Settings” menu. To access, correct, or delete information we have about you, please contact us at legal@sbgenomics.com. We will make reasonable efforts to accommodate such requests. EU citizens, in particular, have the right to access, correct, or delete their personal data under the EU-U.S. Privacy Shield agreement.

IV. Links to Third Party Sites

Our Site and Services may contain links to sites and services maintained by third parties. For instance, earlier in this Privacy Policy we link to http://aws.amazon.com/security/, a site maintained by Amazon Web Services. This Privacy Policy does not apply to such third-party sites and services, and Seven Bridges Genomics Inc. is not responsible for and makes no representations about their practices. Third-­party sites and services may collect and disclose information about you in various ways, and may have different rules and policies regarding collection, use and disclosure of such information.

Questions, Comments, and Complaints

If you have any questions, comments, or complaints about this Privacy Policy or our use of your personal data, please contact us at legal@sbgenomics.com.

EU-US Privacy Shield Compliance and Swiss-US Privacy Shield Compliance

Seven Bridges Genomics Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Seven Bridges Genomics Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Seven Bridges Genomics Inc. commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Seven Bridges Genomics Inc. at: legal@sbgenomics.com. You may also contact our subsidiary Seven Bridges Genomics UK Ltd. by mail at:

101 Euston Road, 8th Floor
London, NW1 2RA
United Kingdom

Seven Bridges Genomics Inc. has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/file-a-complaint/ for more information and to file a complaint.

EU citizens may also raise privacy concerns with their national Data Protection Authority, the contact details of which can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. You may, under certain conditions, be able to invoke binding arbitration regarding a privacy issue before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Privacy Policy Changes

We may update or otherwise modify this Privacy Policy periodically. We shall notify you of changes to this Privacy Policy by posting it on this page, so please check back periodically. In some cases, we may also notify you via email or other mechanisms.