AfriGen-D

Privacy Policy

Last updated: April 2026

1. What We Collect

When you use AfriGen-D FedImpute, we collect:

  • Account information: name, email, username (from AfriGen-D Identity / Authentik SSO)
  • Authentication data: login timestamps, IP addresses, user agent strings
  • Job data: submitted workflows, parameters, input/output file metadata
  • Usage logs: API calls, page views, feature usage for audit and security

2. How We Use Your Data

  • To provide and operate the imputation service
  • To enforce data access policies (GA4GH Passport/Visa)
  • To maintain security and detect abuse
  • To generate anonymised usage statistics for reporting to funders
  • To communicate service updates and maintenance notices

3. Genomic Data

Uploaded VCF files are processed on ILIFU research cloud infrastructure at the University of Cape Town, South Africa. Files are stored temporarily (30 days for inputs, 7 days for results) and automatically deleted. We do not share, sell, or transfer your genomic data to third parties. Reference panels used for imputation remain on the server and are never included in your results. Users can also choose to instantly delete their data without any retention delay.

4. Data Storage and Security

  • All data is stored on ILIFU infrastructure in Cape Town, South Africa
  • Data in transit is encrypted via TLS (HTTPS)
  • Authentication uses OIDC with Authentik SSO
  • Access to controlled datasets requires GA4GH Passport visas
  • All API write operations are logged in an audit trail

5. Data Sharing

We do not sell or share personal data with third parties. Anonymised, aggregate usage statistics may be shared with funding bodies (NIH) as part of grant reporting. In a federated context, job metadata may be shared with partner nodes to enable cross-site imputation, but genomic data remains at the originating node.

6. Your Rights

You have the right to:

  • Access your personal data held by the platform
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your job history and results

To exercise these rights, contact support@bioinformaticsinstitute.africa.

7. POPIA Compliance

As a South African institution, the University of Cape Town complies with the Protection of Personal Information Act (POPIA). The responsible party for this platform is the Computational Biology Division, University of Cape Town.