Skip to content
CrickUpload your file

The privacy promise

Privacy is the product.

Crick is built so that we couldn't betray your trust even if we wanted to. There is no database to leak, no account to compromise, and nothing of yours sitting on a server somewhere.

What we promise

We never store your raw DNA file

When you upload your file, it's read into memory just long enough to find the matches. Then it's gone — discarded the moment your results are ready. Not held, not backed up, not written to a folder, not transferred anywhere.

We never store your matches

Your results are computed in memory, packed into a small URL, and handed straight back to your browser. The server forgets them the instant you have them. The next request — even from you, a millisecond later — has no idea what came before.

You don't need an account

There's no sign-up, no email, no password to reset. There's nothing to delete because there's nothing to begin with. The only person who can see your results is the person holding the URL.

You can come back to your results

The URL is the result. Bookmark it. Email it to yourself. Print the page. It will render identically next year, because everything needed to redraw your page is encoded in that URL — and we keep every prior version of the format around forever, so older URLs never break.

You can't be identified from our logs

We strip the URL fragment (the encoded payload) and the request body from our server logs. The only aggregate numbers we keep are uploads per day, error rates, which DNA services people use, and which match categories were hit overall — never individual variants, never per-person.

How can this be possible?

By design, Crick has:

Combine that with strict security headers — including one that stops links you click from a results page from telling the destination site where you came from — and the surface area for accidentally leaking your data is vanishingly small.

What about the URL itself?

The encoded URL contains only the IDs of the matches Crick found, plus the genotype keys needed to choose the right wording. It does not contain raw variant data, rsids, chromosomal positions, or anything that could be reverse-engineered back into your genome. If you share the URL, you're sharing the names of the matches that came back — not a copy of your DNA.

What happens if we get something wrong?

Privacy is a continual practice, not a fixed claim. If you discover a way data could leak — please tell us at [email protected]. We'll fix it, write up what happened, and add a test so it can't happen again.

— The Crick team

Take it for a spin