seqr
Feature UpdatesLog in
Privacy Policy
Last Updated 9/22/2023
The Broad Institute of MIT & Harvard ("Broad") values your privacy. This Privacy Policy ("Policy") provides important information about how Broad collects and uses your Personal Information (as defined in Section 6 below) through the seqr platform. Please make sure you review this Policy before using the seqr platform. If you have any questions about this Policy, please contact us at seqr@broadinstitute.org.
1. What is Broad?
The Broad Institute of MIT & Harvard is a non-profit research institution that is dedicated to improving human health by using genomics to advance our understanding of the biology and treatment of human disease, and to help lay the groundwork for a new generation of therapies. For more information on the organization, please see https://www.broadinstitute.org/about-us. We will refer to Broad in this Policy as "we," "us" or "our."

This Policy applies to the seqr platform ("Platform") - an open-source web-based application developed and hosted by Broad. To be more broadly available to researchers, seqr has been made available as a connected application in the National Human Genome Research Institute Analysis Visualization and Informatics Lab‐Space (NHGRI's AnVIL; https://anvilproject.org). The seqr platform is used by Broad employees and external users for family-focused rare disease analysis and project management. While the Platform is owned by the Broad's Translational Genomics Group, the genomic and other data hosted within the Platform ("Genomic Data") is owned or controlled by the data contributor who consented the sample and uploaded the data to the Platform.

Please note that the Platform may link to other websites that are not affiliated with us ("Third-Party Sites"). We may offer those links as a convenience to you but we are not responsible for the privacy practice of those Third-Party Sites. You should make sure you review the privacy policies for those Third-Party Sites before providing them any of your information.
2. What is the purpose and scope of this Policy?
This Policy describes the Personal Information we collect from users of the Platform, the purposes for collecting that information, how we use that information, and with whom we share that information. Please note that this Policy only applies to information that we collect about users of the Platform, and does not apply to Genomic Data about Research Participants that may be contributed by users to the Platform.
3. Does this Policy Apply to Genomic Data Uploaded to the Platform?
This Policy only applies to information that we collect about users of the Platform and does not apply to Genomic Data contributed by users to the Platform. While the Platform also allows users to view and contribute Genomic Data for research purposes, the relevant Genomic Data contributor is responsible for obtaining all necessary permissions and consents for such data. If you are a user of the Platform, you are required to keep the Genomic Data confidential and not to disclose such data to any third party, except other users of the Platform with permission to view it. If you are an individual whose Genomic Data has been uploaded to the Platform (a "Research Participant") and have questions about the privacy or use of your Genomic Data, please refer to the research consent for the study you participated in for more information, including contact information.
4. If I use the Platform, am I agreeing to this Policy?
Yes. However, your use of the Platform is entirely voluntary and you have certain rights to control use of your information as described below. If you decide to use the Platform, you are agreeing that we can use your information as described in this Policy.
5. How do we collect information from you?
We collect information about you in two ways. The first is information you voluntarily provide to us when you choose to do any of the following, none of which is required:
Register to use the Platform, such as when you create an account on the Platform, in which case we collect your name and e-mail address;
Use the Platform, such as comments, material or information you may post on or upload to the Platform ("User Content"); and
Communicate with us (e.g., by email).
In all these cases, we only collect information that you have provided to us, except for information obtained through cookies and the tracking technologies noted below. The second way we collect information is through certain automated technologies that are used when you access our Platform. An example is a "cookie", which is a small piece of computer code that is placed on your computer or other device that can be used for various purposes, such as to recognize a user or to track their activities on a website. We describe automated technologies in more detail in Section 7 below. We collect various information through these automated technologies, including your Device Information as described in Section 6 below; your Location Information as described in Section 6 below; and how you use our Site and App, such as the web pages you view, the links you click, the length of time you visit our Platform, and the web page or web site that led you to our Platform.
6. What kind of information do we collect?
We collect various types of information:
"Personal Information" is information that alone or in combination with other information may be used to readily identify, contact, or locate you. For example, your name and email address are Personal Information we may collect through your use of the Platform.
"Device Information" is information that relates to a particular computer, mobile device, or other device (e.g., iPad) that you use to access the Platform. Device information includes such things as an IP address (which is a number assigned by an internet service provider to the computer you use to access the Internet), a device ID (which is a number assigned to a mobile phone by the device manufacturer), or the type of operating system or web browser used to access the Platform.
"Location Information" is information that can be used to identify your geographical location, such as where you are geographically located when you are accessing the Platform using a mobile phone. We will not collect Location Information from your mobile phone using a location-based service without sending you a separate notice to your mobile phone and obtaining your consent. Please note, however, that certain automated technologies such as cookies can identify IP addresses and other data to infer the location of a device that you may be using.
7. Do we use cookies and other tracking technologies?
Yes. We use cookies for various purposes, such as to make it easier for you to navigate our Platform, to enable a faster log-in process, or to allow us to track your activities on our Platform. There are two types of cookies: session and persistent cookies.
Session Cookies. Session cookies exist only during a session. They disappear from your computer or device when you close your browser or App or turn off your computer or device. We use Session Cookies to allow our systems to uniquely identify you during a session or while you are logged into the Platform. This allows us to process your communications and requests and verify your identity after you have logged in and as you move through our Platform, and to optimize your experience when using the Platform.
Persistent Cookies. Persistent Cookies remain on your computer or device after you have closed your browser or turned off your computer or mobile device. We use persistent cookies such as local storage objects, and other similar technologies to track activity on our Platform and to enhance the functionality of our Platform to track aggregate and statistical information about user activity on our Platform (see "Tracking Technologies" below). We may also use local storage objects to collect and store information about your visits to our Platform, such as page visits, the duration of the visit, the specific link(s) that you clicked during your visit, and the address of the website from which you arrived at the Platform.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies may not be able to browse certain areas of the Site or use the Platform.

Tracking Technologies. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Platform. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Platform, performance, and user experiences. We may also use third-party tracking technologies, such as a web application firewall, to detect malicious code or attacks on our Platform. These entities may use cookies and other tracking technologies to perform their services. We do not share your Personal Information with these third parties.
8. Do you respond to Do Not Track signals?
Do Not Track ("DNT") is a privacy preference that users can set in their web browsers. When users turn on DNT, their browser sends a message to websites requesting that they do not track the user. However, our Platform does not change its information collection in response to DNT browser settings or signals. For information about DNT, visit www.allaboutdnt.org.
9. How do we use your information?
We use your information, including your Personal Information, for various purposes:
Provide the Platform. We, and our vendors and service providers, use your information (e.g. your Profile information, user identification, and password) to provide the Platform, respond to your inquiries, and troubleshoot issues with the Platform, and for other customer service purposes.
Personalize Your Experience. We use your information to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while you are using the Platform.
Improve and Develop Our Platform. We use your information to ensure our Platform is working as intended, to better understand how users access and use our Platform, both on an aggregated and individualized basis, to make improvements to our Platform, to develop new features and applications, and for other research and analytical purposes.
10. With whom do we share your information?
We may need to share your information, including your Personal Information, with third parties. The following are the categories of third parties with whom we may share your Personal Information:
Other Users. The purpose of the Platform is to facilitate the sharing of information and collaboration. During such collaboration, Personal Information you supplied during the registration process may be visible to other Platform users.
Vendors and Service Providers. We use various third-party vendors and service providers that assist us in providing the Platform. For example, we may use third-party vendors to store and authenticate account credentials, send email communications, and for hosting and storing information collected through our Platform. We may need to share your information with these vendors and service providers to enable them to provide these services to us. These service providers and vendors are required to only use your information to provide their services to us and in a manner consistent with this Policy.
Marketing. We do not rent, sell, or share Personal Information about you with other people or unaffiliated organizations for marketing purposes.
As Required By Law. We may be required, by law, to disclose your Personal Information to third parties, such as in the following situations:
In response to a request by law enforcement;
In response to legal process, such as a subpoena, a request for discovery in a civil proceeding, or in response to a court order.
Enforce Our Terms and Protect You, Us and Others. We may access, preserve, and disclose your Personal Information to enforce the Terms of Use for the Platform and protect your, our, or others’ rights, property, or safety.
Merger, Sale, or Other Corporate Transactions. A legal entity, such as Broad, may be involved in a business transaction where its ownership or assets are sold or transferred to another legal entity. This can happen in a merger with another legal entity, an acquisition by another legal entity, a corporate reorganization, or a legal proceeding (e.g. bankruptcy or receivership), where a trustee or other party takes over control of the entity. In each of these situations, your information, including your Personal Information, may be sold or transferred as part of such a transaction as permitted by law and/or contract.
With Your Consent. We may ask you from time to time to give us permission to share your information with other third parties not described in this section. In each case, we will describe that third party and the purpose for sharing your information.
Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and their use of the Platform with third parties and publicly for marketing, advertising, research, or similar purposes. This information will not identify you personally.
11. Can other users see my Personal Information?
The Platform allows you to interact with other users. Therefore, any information that you post to the Platform, including your contact information, will be visible to other users. Although we expect users to only use such information in connection with the Platform, we cannot assure you that such other users will not disclose or use your information outside of the Platform.
12. What rights do I have with respect to my information?
Users can update their seqr profile at any time. All users can also contact us to request access to, a copy of, correction, or deletion of their Personal Information by contacting us at seqr@broadinstitute.org.

We will respond to any user request as soon as we reasonably can, and within the time and in the manner required by law. We may request additional information from you to verify the request. We may not be able to accommodate all requests; for example, we may be unable to accommodate a deletion request if we are required to maintain information under law or a legal obligation or if information is used as part of a published study.
13. What kind of security does seqr use to protect my information?
We use reasonable security to protect the Personal Information we collect from users, including using our good faith efforts to adhere to the NIST 800-53 Rev 4’s Moderate Impact baseline. However, we cannot guarantee the security of information we collect or any transmission of information over the Internet. For this reason, you should make sure that you keep your profile account on the Platform confidential, including any user identification or password. You should also notify us immediately if there has been any unauthorized use of your account.
14. Is there any transfer of Personal Information from one country to another?
We store the information you provide on servers in the United States. If you are a user of the Platform, you agree to the transfer of your Personal Information to the United States and acknowledge that the laws in the United States may offer less protection to your Personal Information than the laws where you live.
15. Whom do I contact if I have a question or a complaint?
You may contact us at the addresses below if you have any questions or complaints about information practices or this Policy:
By email to: seqr@broadinstitute.org
By mail to:
The Broad Institute of MIT and Harvard
415 Main St.
Cambridge, MA 02142,
United States
Attention: Data Privacy
16. Will you update or change this Policy?
Yes, we may need to update or change this Policy for various reasons, such as to comply with changes in the law, or to cover new features or services provided through the Platform. If we update or change this Policy we will post the changes to the Policy on the Platform and in the App. To make sure you are aware of any updates or changes, you should review this Policy periodically and make sure you have your most current email address in your seqr profile. Any changes to our Policy will become effective upon our posting of the revised Policy on the Platform. Use of the Platform following such changes constitutes your acceptance of the revised Policy then in effect. You will be able to determine when this Privacy Policy was last revised by checking the "Last Updated" information that appears at the top of this page.
17. HIPAA, Protected Health Information and Clinical Compliance Features.
The Broad is not a Covered Entity or Business Associate as such terms are defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA") and, therefore, is not generally subject to the requirements of HIPAA with respect to Personal Information we process through the Platform. seqr is not intended to store protected health information subject to HIPAA ("PHI").
18. Notice to Residents of the European Union
This section outlines certain additional information that we are obligated to provide to data subjects of the European Union as well as certain rights such data subjects have with respect to the processing of their Personal Information, pursuant to applicable local laws. Capitalized terms not otherwise defined in this Policy, shall have the meaning ascribed to them by the European Union General Data Protection Regulation 2016/679 and its amendments ("GDPR"). With respect to User Supplied Data, we are a data processor or subprocessor for our users, who are either data controllers or data processors. As such, we are not liable for the provisions of GDPR that pertain to the data controllers as it relates to User Supplied Data. Our obligations as a data processor for User Supplied Data shall include those specified in Article 28 of the GDPR. If you make a request for User Supplied Data, we will submit that request to the provider of User Supplied Data for further instructions on such request, except to the extent we are required to act upon that request under GDPR.

We do act as data controller for Personal Information that we collect directly from users themselves. In such cases, we rely on the following legal bases for processing such information:
Performance of a contract. We will process your Personal Information to provide the Platform to you, under the terms of the Terms of Service you've agreed to as a condition of using the Platform.
Legitimate interests. We may use your Personal Information for our legitimate interests provided that our legitimate interests are not outweighed by any prejudice or harm to your rights and freedoms, including:
improving our products and services and the content on Platform (for example to manage our network, improve the Platform, and better tailor the features, performance and support of the Platform);
operating and administering of the Platform;
promoting the safety and security of the Platform;
fulfilling your requests and communicating with you when you contact us; and
marketing and promoting the Platform.
Consent. In some cases, you will give us consent to use your Personal Information for a specific purpose. For example, we may rely on your consent to use technical information such as cookie data to the extent required by the GDPR. You can withdraw your consent at any time by contacting as seqr@broadinstitute.org; however, such withdrawal shall not affect the legality of any processing done before receipt of the withdrawal.
Legal obligations. We may be required to process your Personal Information to comply with our legal obligations.
Data Retention. We retain Personal Information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect applicable statute of limitation periods and legal requirements.EU Data Subject Rights. Data Subjects of the European Union have the following rights:
Access, Correction and Erasure Requests: You have the right to:
contact us to confirm whether we are processing your Personal Information;
receive information on how your Personal Information is processed;
obtain a copy of your Personal Information;
request that we update or correct your Personal Information; and
request that we delete Personal Information in certain circumstances.
Right to Object to Processing: You have the right to request that we cease processing of your Personal Information: for marketing activities, including profiling for statistical purposes where such processing is based upon our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your Personal Information for the establishment, exercise or defense of a legal claim.
Right to Restrict Processing: You have the right to request that we limit the processing of your Personal Information:
while we are evaluating or in the process of responding to a request by you to update or correct your Personal Information where such processing is unlawful and you do not want us to delete your data;
where we no longer require such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim; and
where you have submitted an objection to processing based upon our legitimate business interests, pending our response to such request.
Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your Personal Information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to Personal Information that we have obtained directly from you and only where our processing is based upon consent or the performance of a contract.
If you believe our processing of your Personal Information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged violation.

Submitting Requests: EU data subject can submit requests by contacting us at seqr@broadinstitute.org. We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain Personal Information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of Personal Information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.
seqr v1.0-9cb930aaFAQPrivacy PolicyTerms of ServiceFor bug reports or feature requests please submit  Github IssuesIf you have questions or feedback,  Contact Us