Privacy Policy

Last updated: March 26, 2026

AJO ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at ajo.co, including our genetic testing services, family tree builder, voice journaling features, and related mobile applications (collectively, the "Service").

1. Information We Collect

Personal Information

When you create an account or use our services, we may collect: name, email address, date of birth, mailing address (for kit shipping), phone number, payment information (processed by third-party providers), and profile information you choose to provide.

Genetic Information

If you purchase a genetic testing kit, we collect your biological sample (saliva or buccal swab) and the resulting genetic data generated by our CLIA-certified and CAP-accredited laboratory partners. This includes raw genotype data and interpreted results such as ancestry composition, carrier status, and health-related genetic markers.

User-Generated Content

We collect content you create through the Service, including family tree data, voice recordings, journal entries, photographs, biographical information, and any other materials you upload or create.

Automatically Collected Information

When you access the Service, we automatically collect device information, browser type, IP address, usage patterns, referring URLs, and interaction data through cookies and similar technologies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process genetic samples and deliver test results
  • Generate AI-powered insights, transcriptions, and biographical content from your voice recordings and family data
  • Process transactions and send related information
  • Send administrative notifications, updates, and security alerts
  • Respond to your inquiries and provide customer support
  • Personalize your experience and deliver relevant content
  • Monitor and analyze usage trends to improve the Service
  • Protect against fraudulent or unauthorized activity
  • Comply with legal obligations

3. Genetic Data Protections

We treat your genetic information with the highest level of care and apply additional protections:

  • Laboratory standards: All genetic testing is performed by CLIA-certified and CAP-accredited laboratories that meet federal and state regulatory requirements.
  • No sale of data: We do not sell your genetic data to third parties, including employers, insurance companies, pharmaceutical companies, or advertisers.
  • Research participation: Any use of genetic data for anonymized research purposes is strictly voluntary and requires your separate, explicit consent. You may opt out at any time.
  • Data ownership: You retain ownership of your genetic data. You may download your raw data or request its complete deletion at any time.
  • Sample destruction: Physical samples are destroyed after processing unless you explicitly consent to extended storage for future testing.

4. Data Sharing & Disclosure

We may share your information in the following circumstances:

  • Service providers: We share data with trusted third-party providers who assist in operating the Service, including our laboratory partners, cloud infrastructure providers (Supabase for database and authentication, Backblaze B2 for encrypted audio storage), AI processing services (for transcription and content generation), and payment processors.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Safety: We may disclose information to protect the rights, safety, or property of AJO, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
  • With your consent: We may share information for any other purpose with your explicit consent.

We do not sell your personal information or genetic data to advertisers or data brokers.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Row-level security policies on database tables to ensure data isolation between users
  • Encrypted, private cloud storage for sensitive files including voice recordings
  • JWT-based authentication and signed URL access for media files
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to personal data on a need-to-know basis

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We retain genetic data until you request its deletion. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Voice recordings, transcriptions, and AI-generated content are retained until you delete them or close your account. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal and genetic data.
  • Portability: Request a machine-readable copy of your data, including raw genetic data.
  • Restriction: Request that we limit the processing of your data.
  • Objection: Object to the processing of your data for certain purposes.
  • Withdrawal of consent: Withdraw consent for research participation or other optional data uses at any time.

To exercise any of these rights, contact us at hello@ajo.co. We will respond to your request within 30 days.

8. Children's Privacy

Our genetic testing services are not intended for individuals under the age of 18. We do not knowingly collect genetic samples from minors. Family tree and journaling features may be used by minors with parental or guardian consent.

If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information without consent, please contact us at hello@ajo.co.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where required by law, sending you an email notification. We encourage you to review this Policy periodically.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: hello@ajo.co
  • Address: 265 Greenwich Ave, Greenwich, CT 06830
  • Phone: (203) 307-5007