Sign in
Join For Free

Privacy Policy

Effective Date: November 22, 2024

Welcome to GEDmatch. If you have any questions, comments, or concerns regarding this Privacy Policy or our services, please contact us at:

Email: support@gedmatch.com
Address: 19300 Germantown Road, Germantown, Maryland 20874

Remember that by continuing to use GEDmatch, you consent to our Terms of Service, including this Privacy Policy. As always, you may stop using GEDmatch any time, and you may delete your information through the settings in your account.

GEDmatch is operated by Verogen, Inc. (“Verogen”), a subsidiary of Qiagen N.V.

Verogen respects your privacy and recognizes the importance of your personal information. We are committed to protecting your information through our compliance with the Terms of Service and this Privacy Policy. “Personal information” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules or regulations. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Service.  This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

You may print a copy of this Privacy Policy by clicking here. If you have a disability, you may access this policy in an alternative format by contacting support@gedmatch.com.

This Privacy Policy describes our practices in connection with information we may collect through your access or use of our Site. By using our Site, you consent to our collection and use of the information described in the Terms of Service and this Privacy Policy.

Privacy Policy Table of Contents

 GEDmatch Collection and Use of Information

When you register on GEDmatch, we collect your name, an optional alias, and email address to process your registration. Once you are registered, you can provide other personal information such as your sex, Y-DNA or mtDNA haplogroup, genetic sequence/information, Genealogy Data, and/or Tier1 payment information. GEDmatch will only collect your personal information if you provide it to us voluntarily. If you are located outside the United States, you consent to the storage, processing, and transfer of your personal information outside your country.

In addition, we automatically collect certain information regarding visitors to our Site, including IP address, information about your equipment, browsing actions, and usage patterns. The information we collect automatically is statistical data and does not include personal information. We use this information solely for internal purposes, such as to improve our Site.

Our Site may use third party tools to help us understand, in aggregate, the age, gender and interests of Site visitors. These tools do not reveal to us your name or other identifying information. We do not combine the information collected through use of these tools with personally identifiable information. The information received from these tools is used only to improve our Site and the type of information displayed to Site visitors so we can better serve those interested in GEDmatch.

GEDmatch offers you opportunities to engage in forums that are designed to be visible to other users, including comments and postings. You should be aware that any information you choose to submit via these forums can be read, collected, and used by other participants and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit when you engage in such activities.

We may disclose your Raw Data, personal information, and/or Genealogy Data if it is necessary to comply with a legal obligation such as a subpoena or warrant. We will attempt to alert you to this disclosure of your Raw Data, personal information, and/or Genealogy Data, unless notification is prohibited under law.

GEDmatch products and services are not intended for children under the age of 16. We do not knowingly collect any information from children. If we learn that we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.

Raw DNA Data Provided to GEDmatch

Verogen operates the GEDmatch PRO portal to support government agency (including law enforcement and military) use with investigative comparisons to kits in the GEDmatch database. Please see the “DNA Data” section below for instructions regarding how to select a privacy option when you upload Raw Data. If you are a law enforcement officer or if you are working on behalf of a law enforcement officer or other government agency, you agree you will not upload Raw Data to GEDmatch via the GEDmatch.com website; instead, please click here to upload Raw Data via the GEDmatch PRO portal to identify the perpetrator of a Violent Crime (where ‘Violent Crime’ is defined as murder, nonnegligent manslaughter, aggravated rape, robbery or aggravated assault) or to identify human remains.

When you upload Raw Data to GEDmatch, you agree that the Raw Data is one of the following:

  • Your DNA;
  • DNA of a person for whom you are a legal guardian;
  • DNA of a person who has granted you specific authorization to upload their DNA to GEDmatch;
  • DNA of a person known by you to be deceased; or
  • DNA obtained from an artifact (if and only if: (1) you have a reasonable belief that the Raw Data is DNA from a previous owner or user of the artifact; and (2) that previous owner or user of the artifact is known to you to be deceased).
 

By registering for GEDmatch and using the Site, you agree that you will not upload Raw Data that does not satisfy one of these categories. If you have previously uploaded Raw Data that does not satisfy one of these categories, you hereby agree that you will remove it immediately.

We will not be responsible for any Raw Data provided to GEDmatch in violation of these Terms. Violators of these Terms may have their Raw Data or other personal information deleted without warning, their access blocked, and/or be subject to other remedial steps, including any legal action allowed under law.

Option to Provide an Alias

Although you may provide a real name for registration and data upload, you have the option of providing an alias for either login or data. If an alias has been provided, it will be displayed in place of the real name along with results along with the user’s email address. If DNA data you provide is linked to your Genealogy Data, and only one or the other uses an alias, it may be possible for users to see the real name in the linked data.

Security

In today’s world, there are real dangers of identity theft, credit fraud, etc. We try to strike a balance between these conflicting realities and the need to disclose information to other users. In the end, if you require absolute privacy and security, you agree that you will not provide your personal information, Raw Data, or Genealogy Data to GEDmatch. If you do not agree and you have already provided your personal information, Raw Data, or Genealogy Data, you agree to delete it immediately.

Although we have endeavored to create a secure and reliable Site for you, the confidentiality of any communication, material, or personal information provided to GEDmatch via the Site or email cannot be guaranteed.

The original Raw DNA and GEDCOM data you provide to GEDmatch is not kept in its original form. It is converted to a form that makes it more efficient for the software to perform searches and comparisons. The Genealogical Data is loaded into a relational database that might still be recognizable as text. The Raw DNA is converted to a compressed binary format in a process we call ‘tokenization.’ Although the Raw DNA is not encrypted in the usual sense of the word, it would be very difficult for a human to read it. Original uploaded files are deleted from the Site servers soon after they are processed and archived.

We encrypt your login password before putting it in our database. We cannot tell what your password is. However, there have been cases in the news of encrypted data being hacked and decoded. Be aware that may be a possibility on this or any other Site. We take measures to ensure that only registered GEDmatch users (and, depending on the privacy option you select at the time we collect Raw Data, GEDmatch PRO users) have access to your results. Direct access to your data is available to GEDmatch personnel, including volunteers, on a need-to-know basis.

Information such as Raw Data, Genealogy Data, and profile information may be stored as an archive copy as part of a backup or recovery plan. When a registered GEDmatch user deletes or requests deletion of Raw Data, Genealogy Data, and/or profile information, all copies of that information, including copies stored in backups, will be deleted within thirty (30) days of the request).

Improvement of Our Products and Services

We may use your data in our own research, for example to develop or improve products and services. Additionally, state genetic data privacy laws require us to provide you with notice that your deidentified genetic or phenotypic information may be shared with or disclosed to third parties for research purposes in accordance with Part 46: Protection of Human Subjects (commencing with Section 46.101) of Title 45 of the Code of Federal Regulations. However, please note that we will not share with or disclose to third parties your deidentified genetic or phenotypic information for research purposes pursuant to Part 46.

Email Address

Everybody who registers with the Site must provide a valid email address for the principal contact. It provides log-in verification and allows us to contact them if necessary. It also provides a mechanism to verify your identity if you want to contact us. You agree to keep your log-in information secure, and to keep your email address up to date.

Your email address and name (or alias, if provided) will be displayed along with any matches to your Raw Data or Genealogy Data. Some users obtain an email address separate from their primary email for this purpose.

You understand that any registered GEDmatch user using the tools available on the Site may gain access to the email address you provide.

Cookies

Cookies may be used by this Site to enable certain privacy and log-in capabilities. A cookie is a small file placed on your computer. You have the ability to delete cookie files from your computer at any time or avoid cookies by configuring your browser to reject them or to notify you when a cookie is being placed on your computer. Please note that because of our use of cookies, our services do not support “Do Not Track” requests sent from a browser at this time.

This Site may contain links to advertising placed by third party sites. Advertising by third party sites may be placing and reading cookies on your browser, or using web beacons to collect information, in the course of ads being served on this Site. We have no control over how third party sites may utilize cookies. If you feel that a third party site is engaging in unethical or illegal use of this capability, please notify us so that we may take appropriate action to remove that link.

To explore what cookie settings are available to you or to modify your preferences with respect to Cookies, you can access your cookie management settings by clicking the Manage Cookies link at the bottom of the website. To find out more information about cookies generally, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/ or https://ico.org.uk/for-the-public/online/cookies/ if you are located in the European Union.

Information about Interest-Based Advertisements:

We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the GEDmatch services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including personal information) may be provided to us by you, or derived from the usage patterns of particular users on our services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave our services. To accomplish this, we or our service providers may deliver cookies, including a file (known as a “web beacon”) from an ad network to you through our services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own cookies on your browser, just as if you had requested a web page from their site.

Users in the European Union should visit the European Interactive Digital Advertising Alliance’s user information website http://www.youronlinechoices.eu/.

Legal Disclosures

In this section, we have included some legally required disclosures under U.S. state and European Union (“EU”)/United Kingdom (“UK”) privacy laws. If you are a resident of the EU, UK, Lichtenstein, Norway or Iceland, please see the corresponding “EU and UK Data Subject Rights” section below.  Alternatively, if you reside in California, please see the corresponding “Information for California Residents” section or “Information for Virginia Residents” section, respectively. If there are any conflicts between any section of this Privacy Policy and any provision of the Terms of Service or other section of this Privacy Policy, the portion that is more protective of personal information in your country or state of residence shall control to the extent of such conflict. While these laws apply only to residents of the specified jurisdictions, all users have the ability to change, correct or delete their information through their account settings or by contacting us at support@gedmatch.com.

Personal Information

This chart details the categories of Personal Information that we collect and have collected over the past 12 months:

Category of Personal Information 

Examples of Personal Information We Collect

How We Use Personal Information

Categories of Third Parties With Whom We Disclose this Personal Information: 

Profile or Contact Data
  • First and last name
  • Alias
  • Email
  • Unique identifiers such as passwords

To enable you to create an account and log in to and use GEDmatch, to communicate with you (including to provide support and answer questions), to understand how our users interact with GEDmatch, and to improve our offerings.

We also use this information in accordance with your specific opt-in/opt-out settings for law enforcement and familial genealogical research purposes, as described in more detail above.
  • Service Providers
  • Parties You Authorize, Access or Authenticate

Payment Data and Commercial Information About Your Transactions with Us
  • Payment card type
  • Last 4 digits of payment card
  • Bank account number
  • Billing address, phone number, and email
  • Information on checks you send us
  • Information about Tier1 level subscriptions

To receive and process payment for the Tier1 version of GEDmatch, and to provide you with the GEDmatch service.
  • Service Providers (specifically our payment processing partners, currently Network Merchants, LLC)

Device/IP Data
  • IP address
  • Device ID
  • Domain server
  • Type of device/operating system/browser used to access the GEDmatch services

To provide the GEDmatch services, to understand how our users interact with GEDmatch, and to improve our offerings.
  • Service Providers
  • Analytics Partners
  • Advertising Partners

Web Analytics
  • Web page interactions
  • Referring webpage/source through which you accessed the Services
  • Non-identifiable request IDs
  • Statistics associated with the interaction between device or browser and the GEDmatch services

To provide the GEDmatch services, to understand how our users interact with GEDmatch, and to improve our offerings.
  • Service Providers
  • Analytics Partners
  • Advertising Partners

Consumer Demographic Data
  • Gender

To provide the GEDmatch services, to understand how our users interact with GEDmatch, and to improve our offerings.
  • Service Providers
  • Parties You Authorize, Access or Authenticate

Biometric Data
  • Y-DNA or mtDNA haplogroup
  • Genetic sequence/information
  • Genealogy data

To provide the GEDmatch services, and in accordance with your specific opt-in/opt-out settings.
  • Service Providers
  • Parties You Authorize, Access or Authenticate

Photos, Videos and Recordings
  • Photos, videos or recordings of you when you provide a testimonial

To understand how our users interact with GEDmatch and to improve our offerings.
  • Service Providers
  • Parties You Authorize, Access or Authenticate

Categories of Data Considered “Sensitive” Under the California Privacy Rights Act and the Virginia Consumer Data Protection Act
  • A person’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
  • Genetic data
  • Y-DNA or mtDNA haplogroup
  • Geneology data

To enable you to create an account and log in to and use GEDmatch, to communicate with you (including to provide support and answer questions), to understand how our users interact with GEDmatch, and to improve our offerings.

To provide the GEDmatch services, and in accordance with your specific opt-in/opt-out settings.
  • Service Providers
  • Parties You Authorize, Access or Authenticate

Other Identifying Information that You Voluntarily Choose to Provide
  • Identifying information in emails or letters you send us, or in Content you post via a GEDmatch discussion forum

To provide the GEDmatch services, to understand how our users interact with GEDmatch, and to improve our offerings.
  • Service Providers

In addition to the specific uses described above, we also use personal information for fraud protection, security and debugging purposes, and we may use and disclose personal information for meeting legal requirements and enforcing legal terms, as described in more detail in our Terms of Service.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice. If you are a California resident, please note that we only use or disclose your sensitive personal information for the purposes set forth in section 7027(m) of the CCPA regulations and we do not collect or process sensitive personal information with the purpose of inferring any characteristics about California residents.

Categories of Sources of Personal Information

We collect personal information about you from the following categories of sources:

  • You
    • When you provide such information directly to us.
      • When you create an account or use our interactive tools and Services.
      • When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
      • When you send us an email or otherwise contact us.
    • When you use the Services and such information is collected automatically.
      • Through Cookies (defined in the “Tracking Tools, Advertising and Opt-Out” section below).
      • If you use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
  • Public Records
      • From the government or other sources.
  • Third Parties
    • Vendors
      • We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
      • We may use vendors to obtain information to generate leads and create user profiles.
    • Advertising Partners
      • We receive information about you from some of our vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements or communications.
    • Third-Party Credentials

If you provide your third-party account credentials, such as your social network account credentials, to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.

How We Disclose Your Personal Information

We disclose your personal information to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some data sharing we engage in through our use of retargeted advertising cookies may constitute a “sale” of your personal information, as discussed further below. For more information, please refer to the state-specific sections below.

 

  • Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
    • Hosting, technology and communication providers.
    • Security and fraud prevention consultants.
    • Support and customer service vendors.
    • Product fulfillment and delivery providers.
    • Payment processors.
      • Our payment processing partner Network Merchants, LLC (“NMI”) collects your voluntarily-provided payment card information necessary to process your payment.
  • Analytics Partners. These parties provide analytics on web traffic or usage of the Services. They include:
    • Companies that track how users found or were referred to the Services.
    • Companies that track how users interact with the Services.
  • Advertising Partners. These parties help us market our services and provide you with other offers that may be of interest to you. They include:
    • Ad networks.
    • Marketing providers.
  • Parties You Authorize, Access or Authenticate
    • Third parties you authorize via the privacy option that you select when you upload Raw Data, such as GEDmatch and GEDmatch PRO users.
    • Social media services for authentication purposes.

Your Privacy Choices

When you provide the DNA kit, you will be asked to select from four privacy options related to how we conduct matching of DNA kits submitted to our database. For additional detail regarding these privacy options, please see the description here in our Terms of Service. This information will also be presented to you in the user interface at the time of upload.

Information for California Residents

Under the CCPA, California residents have certain rights regarding their data, including:

Access

You have the right to request certain information about our collection and use of your personal information over the past 12 months. In response, we will provide you with the following information:

  • The categories of personal information that we have collected about you.
  • The categories of sources from which that personal information was collected.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we have disclosed your personal information.
  • The specific pieces of personal information that we have collected about you.

If we have disclosed your personal information to any third parties for a business purpose over the past 12 months, we will identify the categories of personal information disclosed with each category of third party recipient.

Deletion

You have the right to request that we delete the personal information that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your personal information to provide you with the GEDmatch services or complete a transaction or other action you have requested, or if deletion of your personal information involves disproportionate effort. If your deletion request is subject to one of these exceptions, we may deny your deletion request. If you have a GEDmatch account, you can also delete your information through your account settings.

Correction

You have the right to request that we correct any inaccurate personal information we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your personal information, that such personal information is correct. If your correction request is subject to one of these exceptions, we may deny your request.

Cookies Data Sales and Sharing Opt-Out

In this section, we use the terms “selling” and “sharing” as they are defined in the CCPA. As described in the Cookies section above, we have incorporated cookies from certain third parties on the GEDmatch website. These cookies allow those third parties to receive certain information about your interaction with the website that is associated with your browser or device.  Those third parties may use that data to serve you relevant ads on our services or on other websites you visit. Under the CCPA, our sharing your personal information (specifically, Device/IP Data and Web Analytics) obtained through third party cookies for online advertising (“Cookies”) may be considered a “sale” of information and may also constitute “sharing” for cross-context behavioral advertising under the CCPA. You can opt out of our selling and sharing of your Cookies by following the instructions in this section.

We sell and/or share (and, over the past 12 months, we have sold and/or shared) your Cookies  to and/or with Advertising Partners for the following business or commercial purposes:

  • Marketing and selling our services.
  • Showing you advertisements, including interest-based or online behavioral advertising.

You have the right to opt-out of the sale and/or sharing of your Cookies. You can opt-out using the following methods:

  • By implementing the Global Privacy Control or similar control that is legally recognized by a government agency or industry standard and that complies with applicable laws. Note that this must be initiated through your browser and applies to your specific device and browser used at the time you cast the signal. Please note this does not include Do Not Track signals.
  • Email us at: support@gedmatch.com
  • Call us at: (858) 285-4101

Once you have submitted an opt-out request, we will not ask you to reauthorize the sale and/or sharing of your Cookies for at least 12 months.

To our knowledge, we do not sell or share the personal information of minors under 16 years of age.

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of personal information that we receive from you.

Other California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at support@gedmatch.com.

If you are a resident of California, you have a right to file a complaint alleging a violation under the California Genetic Information Privacy Act (“California GIPA”) with California’s Attorney General or other applicable state officials. To file a complaint alleging a violation under California GIPA, please contact:

    • Phone number (toll-free in California): (800) 952-5225
  • District Attorney:
    • Contact information for county district attorneys is available at: https://www.cdaa.org/district-attorney-roster

If applicable, you may also file a complaint alleging a violation under California GIPA by contacting the applicable state officials listed below:

  • County counsel authorized by agreement with the district attorney in actions involving violation of a county ordinance;
  • City attorney of a city having a population in excess of 750,000;
  • City attorney in a city and county (for example, city attorneys listed at: https://www.cdaa.org/city-attorney-roster); or
  • With the consent of the district attorney, a city prosecutor in a city having a full-time city prosecutor in the name of the people of the State of California.

Information for Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.

Information for Virginia Residents

If you are a Virginia resident, you have the rights set forth under the VCDPA. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process personal information of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your personal information as a service provider, you should contact the entity that collected your personal information in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia resident, the portion that is more protective of personal information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at support@gedmatch.com.

Access

You have the right to request confirmation of whether or not we are processing your personal information and to access your personal information.

Correction

You have the right to correct inaccuracies in your personal information, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your personal information.

Portability

You have the right to request a copy of your personal information in a machine-readable format, to the extent technically feasible.

Deletion

You have the right to delete personal information you have provided to us or we have obtained about you.

Consent or “Opt-in” Required and How to Withdraw

We may seek your consent to collect or process certain personal information, including Sensitive Data.

If you would like to withdraw your consent, please follow the instructions under the “Exercising Your Rights under State Privacy Laws” section.

Opt-Out of Certain Processing Activities

We process your personal information for targeted advertising purposes. You have the right to opt-out of the processing of your personal information for targeted advertising purposes. To opt-out of our processing of personal information obtained through third party cookies for online advertising purposes, please follow the method described in the “Exercising Your Rights under CCPA and VCDPA” section.

You have the right to opt-out from the processing of your personal information for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you, if applicable.

Appealing a Denial

If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section. In such appeal, you must (1) provide sufficient information (including account login credentials, first name, last name and/or email address) to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the VCDPA. We will respond to your appeal within 60 days of receiving your request. If we deny your appeal, you have the right to contact the Virginia Attorney General using the methods described at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.

You may appeal a decision by us using the following methods:

Email us at: support@gedmatch.com (title must include “VCDPA Appeal”)

Call us at: (858) 285-4101

Other Virginia Resident Rights

If you have a complaint, we encourage you to reach out to us at support@gedmatch.com. If you are a resident of Virginia, you have a right to file a complaint alleging a violation under Virginia’s Genetic Information Privacy Act (“Virginia GIPA”) with Virginia’s Attorney General. You can find information relating to filing a complaint on the Virginia Attorney General’s website here.

Exercising Your Rights under CCPA and VCDPA

To exercise the rights described in this Privacy Policy, you or, if you are a California resident, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information (including account login credentials, first name, last name and/or email address) to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable law. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods:

Email us at: support@gedmatch.com

Call us at: (858) 285-4101

If you are a California resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Information for Washington Residents

If you are a resident of Washington state, please see our Consumer Health Data Privacy Policy for additional information about the processing of your health data and your rights under the Washington My Health My Data Act.

Information for European Union and United Kingdom Residents

If you are a resident of the EU, UK, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) or the UK Data Protection Act with respect to your personal data, as outlined below. For this section, we use the terms “personal data” and “processing” as they are defined in the GDPR, but “personal data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Verogen will be the controller of your personal data processed in connection with the GEDmatch services.

Personal Data We Collect

The “GEDmatch Collection and Use of Information” section and the chart above detail the personal data that we collect.

Personal Data of Children

We do not knowingly collect or solicit personal data from children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use GEDmatch or send us any personal data. If we learn we have collected personal data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided personal data to us, please contact us at Support@gedmatch.com.

Personal Data Use and Processing Grounds

We will only process your personal data if we have a lawful basis for doing so. We process your personal data as a matter of contractual necessity to provide you with the GEDmatch services. For example, we need your contact information in order to enable your account, provide support and communicate with you, your payment information to provide you with the Tier1 level of services if selected by you, and, at your option, your DNA and genealogical data so that you can use the GEDmatch services for genealogical purposes. We also process your personal data when we believe it furthers the legitimate interests of us or third parties. For example, we process your device ID and we generate web analytics in order to understand how our users use GEDmatch, so that we can improve GEDmatch for everyone. In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. For example, your personal data will only be processed for law enforcement and/or research access when you expressly opt in, as described in more detail above. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection. From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

EU and UK Data Subject Rights

You have certain rights with respect to your personal data, including those set forth below. For more information about these rights, or to submit a request, please email us at Support@gedmatch.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

  • Access: You can request more information about the personal data we hold about you and request a copy of such personal data. If you are an account holder, you can also access certain of your personal data by logging on to your account.
  • Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
  • Erasure: You can request that we erase some or all of your personal data from our systems.
  • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
  • Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes.
  • Restriction of Processing: You can ask us to restrict further processing of your personal data.
  • Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Transfers of Personal Data

The GEDmatch service is operated by Verogen, a company based in the United States. You acknowledge that any personal data you submit to, or that is collected by, the GEDmatch service is received by Verogen in the U.S. and will be hosted on U.S. servers or may, in the future, be hosted on EU servers operated by Verogen or its service providers. This is necessary for Verogen to be able to provide you with the GEDmatch services as requested by you and set forth in these Terms of Service and Privacy Policy. If you do not wish for your data to be processed and hosted in the U.S. or in the EU, please do not use the GEDmatch services. While Verogen receives or collects personal data directly from you as the EU or UK data subject, Verogen takes the protection of your personal data seriously. In some circumstances, your personal data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses.

If you are located in the European Union or the United Kingdom, you may use the following information to contact our Data Protection Officer and our European Union-Based Member Representative:

  • For our EU Representative, individuals and data protection supervisory authorities in the EU and the UK may contact our data protection representatives according to Articles 27 EU and UK GDPR:
 
  • EU Mail: DP-Dock GmbH, Attn: Verogen Inc., Ballindamm 39, 20095 Hamburg, Germany
 
  • UK Mail: DP Data Protection Services UK Ltd., Attn: Verogen Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
  • Email: verogen@gdpr-rep.com
 

Data Retention

We retain personal information about you for as long as you have an open account with us or as otherwise necessary to provide you with the GEDmatch services. See the “Security” section about our retention and deletion of original uploaded files.  When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the personal information, why we collected the personal information, and the sensitivity of the personal information. In some cases we retain personal information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

For example:

  • We retain your profile information (including your DNA kits) and credentials for as long as you have an account with us.
  • We retain your payment data for as long as we need to process your purchase or subscription.
  • We retain your device/IP data for as long as we need it to ensure that our systems are working appropriately, effectively and efficiently.

Updates to This Policy

We may update the GEDmatch.com Privacy Policy at any time. We will inform you of updates by posting an announcement on the Site, by sending you an email and/or by some other means. You agree to review the updated terms and policy, and by continuing to use the Site after we have posted a notice on the Site about the update, you accept the changes to the GEDmatch.com Privacy Policy. Please note that if you’ve opted not to receive legal notice emails from us, those legal notices will still govern your use of our services, and you are still responsible for reading and understanding them.

Contact us:

Verogen Inc. is incorporated in the State of Delaware, USA

Email: support@gedmatch.com

US Mail:

Verogen, Inc.
19300 Germantown Road
Germantown, Maryland 20874

GED match logo

GEDmatch offers a free DNA site built for genetic genealogy research. With a global database of autosomal DNA data and unmatched utility, we make this data accessible and effective.

Svg Vector Icons : http://www.onlinewebfonts.com/icon

How To Upload

Resources

About Us

Partners

Email
support@gedmatch.com

Address
11111 Flintkote Avenue
San Diego, CA 92121

  • © GEDmatch 2024