Hail Privacy Policy

The Broad Institute, Inc. ("Broad," "we," "us," or "our") values your privacy. This Privacy Policy ("Policy") provides important information about how Broad collects and uses your Personal Data when you access or use the Hail application. Please review this Policy, which is incorporated into and made part of the Hail Terms of Use. By accessing or using Hail, you consent to our collection, use, and disclosure of your information in accordance with this Policy and our Terms of Use. If you do not agree to our Policy or Terms of Use, you may not use Hail.

This Privacy Policy applies to Broad where Broad is the "controller" of your Personal Data, i.e., the entity that determines the purposes and means for processing such data. Broad may in some cases process Personal Data on behalf of users of Hail, such as where users perform analysis of Personal Data including genomics data on Hail. In that case, Broad is a "processor" with respect to such information, and you should refer to the user's own privacy notices to receive additional information about their privacy practices.

Information We Collect

We collect information (including Personal Information) about you in two ways. The first is information you voluntarily provide to us when you choose to do any of the following:

• Register to use Hail.
• Communicate with us (e.g., by email).

The second way we collect information is through certain automated technologies that are used when you access Hail. An example is a "cookie," which is a small piece of computer code that is placed on your computer or other device that can be used for various purposes, such as to recognize a user or to track their activities on a website. We describe automated technologies in more detail below. We collect various information through these automated technologies, including your Device Information as described below, along with how you use Hail, such as the web pages within Hail that you view, the links you click, the length of time you spend visiting Hail, and the web page or web site that led you to Hail.

What kind of information do we collect?

We collect various types of information:

• "Personal Information" is information that alone or in combination with other information may be used to readily identify, contact, or locate you. For example, your name and email address are Personal Information we may collect through your use of the Platform.
• "Device Information" is information that relates to a particular computer, mobile device, or other device (e.g., iPad) that you use to access the Platform. Device Information includes such things as an IP address (which is a number assigned by an internet service provider to the computer you use to access the Internet), a device ID (which is a number assigned to a mobile phone by the device manufacturer), or the type of operating system or web browser used to access the Platform.
• Other information you choose to provide, such as when you request technical or customer support.

Do we use cookies and other tracking technologies?

Yes. We use cookies for various purposes, such as to make it easier for you to navigate Hail, to enable a faster log-in process, or to allow us to track your activities on Hail. There are two types of cookies: session and persistent cookies.

Session Cookies. Session Cookies exist only during a session. They disappear from your computer or device when you close your browser or turn off your computer or device. We use Session Cookies to allow our systems to uniquely identify you during a session or while you are logged in to Hail. This allows us to process your communications and requests and verify your identity after you have logged in and as you move through Hail, and to optimize your experience in using Hail.

Persistent Cookies. Persistent Cookies remain on your computer or device after you have closed your browser or turned off your computer or mobile device. We use Persistent Cookies to track aggregate and statistical information about user activity on Hail (see "Tracking Technologies" below).

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to Hail who disable cookies may not be able to use Hail.

Tracking Technologies. We may use automated devices and applications to evaluate usage of Hail. We also may use other analytics tools, including Google Analytics, to evaluate Hail. We use these tools to help us improve our application, performance, and user experiences. We may also use third-party tracking technologies to detect malicious code or attacks on Hail. These entities may use cookies and other tracking technologies to perform their services. We do not share your personal information with these third parties.

Do you respond to Do Not Track signals?

Do Not Track ("DNT") is a privacy preference that users can set in their web browsers. When users turn on DNT, their browser sends a message to websites requesting that they do not track the user. However, Hail does not change its information collection in response to DNT browser settings or signals. For information about DNT, visit www.allaboutdnt.org.

How do we use your information?

We use your information, including your Personal Information, for various purposes:

• Provide the Application. We, and our vendors and service providers, use your information (e.g., user identification and password) to provide Hail, respond to your inquiries, and troubleshoot issues with Hail, and for other customer service purposes.
• Improve and Develop Our Application. We use your information to ensure Hail is working as intended, to better understand how users access and use our application, both on an aggregated and individualized basis, to make improvements to our application, to develop new features and services, and for other research and analytical purposes.

With whom do we share your information?

We may need to share your information, including your Personal Information, with third parties. The following are the categories of third parties with whom we may share your Personal Information:

• Vendors and Service Providers. We use various third-party vendors and service providers that assist us in providing Hail. For example, we may use third-party vendors to store and authenticate account credentials, and for hosting and storing information collected through our application. We may share your information with these vendors and service providers to enable them to provide these services to us. These service providers and vendors are required to only use your information to provide their services to us and in a manner consistent with this Policy.
• As Required By Law. We may be required by law to disclose your Personal Information to third parties, such as in the following situations:
  • In response to a request by law enforcement;
  • In response to legal process, such as a subpoena, a request for discovery in a civil proceeding, or in response to a court order.
• Enforce Our Terms and Protect You, Us, and Others. We may access, preserve, and disclose your Personal Information to enforce the Terms of Use for the Platform and protect your, our, or others' rights, property, or safety.
• Merger, Sale, or Other Corporate Transactions. A legal entity, such as Broad, may be involved in a business transaction where its ownership or assets are sold or transferred to another legal entity. This can happen in a merger with another legal entity, an acquisition by another legal entity, a corporate reorganization, or a legal proceeding (e.g., bankruptcy or receivership) where a trustee or other takes over control of the entity. In each of these situations, your information, including your Personal Information, may be transferred as part of such a transaction as permitted by law and/or contract.
• With Your Consent. We may ask you from time to time to give us permission to share your information with other third parties not described in this section. In each case, we will describe that third party and the purpose for sharing your information.
• Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and their use of the Platform with third parties and publicly for marketing, advertising, research, or similar purposes. This information will not identify you personally.

What rights do I have with respect to my information?

We will respond to any user request as soon as we reasonably can, and within the time and in the manner required by law. We may request additional information from you to verify the request. We may not be able to accommodate all requests; for example, we may be unable to accommodate a deletion request if we are required to maintain information under law or a legal obligation or if information is used as part of a study.

Authority (Privacy Act)

To the extent that you are using Hail to process selected research data from certain U.S. Government Sources, we are collecting and processing your personal information on behalf of a U.S. Federal Agency as authorized by federal law, especially the Privacy Act of 1974.

What kind of security does Hail use to protect my information?

We seek to use reasonable physical, technical, and administrative measures designed to protect personal information within our organization. Unfortunately, no data transmission, processing, or storage system can be guaranteed to be 100% secure. If you have reason to believe that your use of Hail is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the "Contacting Us" section below.

Is there any transfer of Personal Information from one country to another?

We store the information you provide on servers in the United States. If you are a user of Hail located outside of the United States, you agree to the transfer of your Personal Information to the United States and acknowledge that the laws in the United States may offer less protection to your Personal Information than the laws where you are located.

Links to Third-Party Websites

Our Platform may reference or provide links to third-party websites. Other websites may also reference or link to Hail. Because these websites are not controlled by Broad, we are not responsible for these third-party websites. We encourage our users to be aware when they leave our application to review the privacy policies posted on each and every website that collects personally identifiable information. Please be aware that Broad does not control, endorse, screen or approve, nor are we responsible for, the privacy policies or information practices of third parties or their websites or mobile applications. Visiting these other websites is at your own risk.

Whom do I contact if I have a question or a complaint?

You may contact us at the address below if you have any questions or complaints about information practices or this Policy:

For inquiries specific to Hail:
By email to: hail-team@broadinstitute.org

For inquiries regarding Broad's privacy practices or policies:
By email to: privacy@broadinstitute.org

Will you update or change this Policy?

Yes, we may need to update or change this Policy for various reasons, such as to comply with changes in the law or to cover new features or services. If we update or change this Policy we will post the changes to the Policy on Hail.

To make sure you are aware of any updates or changes, you should review this Policy periodically and make sure you have your most current email address in your account. We will post the effective date of any new policy.