1. Introduction
  2. FDNA’s purpose
  3. Patient Privacy
  4. How we process Protected Health Information (PHI) Protection
  5. Uses of the PHI
  6. Control: Your Choices
  7. Tiered System for Data Collection and Sharing
  8. Data Repositories
  9. Informed Consent
  10. Member Certification
  11. Data withdrawal or change in access designation
  12. Requests for data access
  13. Acknowledgment responsibilities


  1. Introduction
    This Data Sharing & Protection Policy (“Policy”) explains how FDNA Inc. (“FDNA”) collects, processes and stores personal information of patients and other third parties provided by our users (“Members”), which to the best of our knowledge are certified physicians, researchers and other healthcare providers. We encourage all our Members to read this Policy carefully.
  2. FDNS’s Purpose Our mission is to seek fundamental knowledge about rare diseases and genetic disorders, with an emphasis on their physical manifestation in facial morphology. Our ultimate goal is enhancing innovative medical research, facilitating accelerated and improved patient diagnosis and supporting more efficient development and administration of life-saving therapeutics. Our Data Sharing & Protection Policy supports this mission by promoting the broad and responsible sharing of phenotype and genotype data collected and submitted by our Members, while providing the utmost protection of patient privacy. Sharing will amplify the scientific value of data and complement multiple research efforts conducted world-wide for the benefit of science and of patients with urgent and unmet medical needs.
  3. Patient Privacy 

    The protection of patients’ privacy and confidentiality is paramount, and this Policy reflects our continued commitment to responsible data stewardship, which is essential to uphold the public trust in medical research. Therefore, personal identifiers such as name, address, and social security number are not collected by us and Members should avoid sharing such data with us or other Members through our products and services. The collected data may, however, include facial images, clinical observations, test results, family history and other demographic information, which may be shared on an individual-level, in accordance with the access designation, as more fully described below, and in accordance with applicable privacy and personal data protection regulations around the world (“Privacy Regulations”), including US Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the EU General Data Protection Regulation of 2016 (“GDPR”).. Individual-level data is coded in our data repositories and a corresponding unique case identifier number is provided to the submitting Member.

  4. How we process Protected Health Information (PHI) Protection

    In order to maintain the privacy of patient photos provided by clinicians and researchers, the Face2Gene software employs facial analysis technology to automatically extract de-identified data from individual patient facial photos.  Upon input of a patient photo, the photo is analyzed to detect visual data from the face, including facial features, such as eyes, eyebrows, ears, nose, mouth, forehead, jawline and chin. These features are mapped and abstracted into de-identified data points and ratios between them, creating a mathematical facial descriptor of the patient’s face. The facial descriptor is created by machine learning through autonomous computing processes that are inherently non-linear.  This means that the original facial image cannot be reverse engineered into an identifiable facial photo.

    It is only the patient’s de-identified facial descriptor that interacts with the Face2Gene learning system, where it is compared to thousands of known syndrome facial descriptors, looking for correlating mathematical patterns between them. For each validated syndrome in the Face2Gene learning system, a digital facial descriptor (known as a syndrome gestalt) has been developed based on real world data. Syndrome gestalts are created by analyzing and finding patterns across of large sets of de-identified facial data from individuals diagnosed with specific genetic syndromes. The Face2Gene learning system provides the clinician or researcher with a list of best-matched syndromes based on the comparative analysis.
    Face2Gene’s composite photos are syndrome models that are de-identified facial images representing the typical facial gestalt of a syndrome. These models allow clinicians to visually compare their patient to typical syndrome gestalts during evaluation. A model-generation algorithm builds these de-identified models automatically by averaging (creating a digital composite) dozens of photos from patients with confirmed diagnoses. Only the completed models are seen by clinicians or Face2Gene staff and never the patient photos used to create them.
    While only de-identified data is accessed by the Face2Gene learning system, original photos are encrypted and stored securely in a separate area of the Face2Gene database which is available only to the individual clinician or researcher who submitted the case.
    If the Member chooses, he/she may elect to share access to case data with clinical team members, collaborators or other Members.  When using Face2Gene to work on cases privately or within your own clinical team, your institutional photo consent form is sufficient, as the patient’s PHI remains private to you and your clinical team. When sharing cases with collaborators outside your clinical team, it is the clinician’s or researcher’s responsibility to obtain appropriate consent from the patient or parent/guardian. The Member has the ability to delete patient photos at any time.
    The following data fields are treated as PHI within the Face2Gene system: case name, date of birth, date of visit, and case notes. Since data in these fields is or may be identifiable, it is treated in the same manner as patient photos, encrypted and stored securely in a separate area of the Face2Gene database which is available only to the individual clinician or researcher who submitted the case.  All digital communication links between Members and the Face2Gene private cloud occurs over secure, encrypted communication protocols.
    The Face2Gene team is also working directly with clinical and research collaborators to facilitate a process for the capture of valuable data from clinical documents, including diagnoses, phenotypic features and genetic test results. In order to maintain patients’ privacy, a process of automatic PHI redaction and data extraction is employed. The resulting de-identified data can then be incorporated into the individual patient case, enabling the Member more effective use of the Face2Gene software for clinical evaluation and/or research analysis. Similar to the analysis and extraction of de-identified data from a photo, only the de-identified clinical data interacts with the Face2Gene learning system. Meanwhile, the original clinical document(s) are encrypted and stored securely for the benefit of the Member, who may wish to access the document(s) at a later date. As with any other PHI data, the original document is available only to the individual clinician or researcher who submitted the case.

  5. Uses of the PHI

    We generally process PHI for the following reasons:

    • To provide our Services.​ We process PHI to provide our Service, which includes:
      • running the software that employs facial analysis technology to help identifying specific genetic syndromes, delivering results and powering other Face2Gene tools and features;
      • using the PHI in a manner consistent with this Policy;
      • enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
      • enforce our User Agreement and other agreements;
    • To analyze and improve our Services.​ We constantly work to improve and provide new reports, tools and Services. For example, we are constantly working to improve our ability to obtain better results. We may also need to fix bugs or issues, analyze the use of our website to improve the Member’s experience or assess our marketing campaigns.
    • To allow you to share your Personal Information with others. You have the choice to share the PHI with third parties including clinical team members, collaborators or other Members.

    We will not sell, lease, or rent the PHI to a third party for research purposes without your explicit consent. We will not​ share the PHI with any ​public databases. We will not​ provide PHI to ​law enforcement​ or ​regulatory authorities​ unless required by law to comply with a valid court order, subpoena, or search warrant for PHI.

  6. Control: Your Choices
    You have the ability to make decisions about how your data is shared and used.
    You choose:

    • To store or discard the PHI​ after it has been analyzed.
    • Which health report(s)​ you view and/or opt-in to view.
    • When and with whom ​you share your information​, including clinical team members, collaborators or other Members.
    • To define the storing data settings as per the incremental access rights designated by Members explained below.
    • To delete your account and data, at any time.
  7. Tiered System for Data Collection and Sharing 

    Our Policy is a four-tiered system for collecting, storing and sharing the data, based on the following incremental access rights designated by Members:

    • Private Access (default): for data gathered and transmitted by each of our Members, processed by our technology and stored privately and securely;
    • Controlled Access: for sharing case data with fellow colleagues within a clinical department or internal Members of the institution.
    • Collaborative Access: for data made available only for review by our network of Members for professional information and educational purposes, as well as sharing comments and observations within Face2Gene Forums; and
    • Shared Access: for data made available to certain Members in case that is expressly authorized by the submitting Member, subject to applicable Privacy Regulations.

    The status of the access rights is conditioned exclusively to the interaction done and authorizations granted by each Member on a case by case basis, revocable at any time at Member´s exclusive discretion and shall appear in the overview tab of each of the Member´s cases.

  8. Data Repositories 

    In accordance with our four-tiered system, data will be stored in four separate designated data repositories, corresponding to the access level indicated by Members. Our data repositories are hosted in a secure private cloud environment and apply the appropriate technical protection measures necessary to comply with data security, confidentiality, and privacy laws and regulations. We audit our security policies and technical measures periodically to ensure compliance with applicable Privacy Regulations.

    The four data repositories are:

    • Data designated as Private Access will be stored in a data repository partitioned in a way that allows only the submitting Member to access, review and retrieve such data.
    • Data designated as Controlled Access will be stored in a data repository partitioned in a way that allows only the submitting Member and other Members actively selected by the submitting Member to access, review and retrieve such data. Except when the submitting Member actively selects to share these data with other specific Members, such data will not be shared with any third party on an individual-level and may only be shared on an aggregate-level (such as general statistics across multiple data sets or subsets) to ensure that no patient’s personal health information (PHI) is publicly disseminated nor re-identified.
    • Data designated as Collaborative Access will be stored in a data repository accessible only to other Members where case data is shared with Face2Gene Forums. Such data may be shared on an individual-level only with other Members and may not be disseminated publicly on an individual-level. It may, however, be shared on an aggregate-level.
    • Data designated as Shared Access will be stored in a separate data repository. Such data may be retrieved and shared on an individual- and aggregate-level with other certain Members in case that is expressly authorized by the submitting Member, subject to applicable Privacy Regulations.

    We have the right to monitor, retrieve, store, review and use all data, regardless of privacy level opted by Members, only to the extent actually required to ensure the proper operation and maintenance of our products and services.
    Access to data by FDNA personnel for maintenance and support purposes is limited strictly on a “need-to-access” basis and requires compliance with rigid internal authorization policies. In addition, all data stored in our repositories are used to train and improve our technology automatically for the continued development thereof.

  9. Member Certification 

    By uploading data to our products and services, Members certify and assure that the data has been collected in a legal and ethically appropriate manner and that patients’ identifiable PHI, which are not the minimum necessary to accomplish the intended purpose of such use, disclosure or request, respectively, have been removed or de-identified before submission.
    Members control whether the data will be submitted to a Private, Controlled, Collaborative or Shared Access data repository and assure that:

    • The data submission is consistent with applicable laws, regulations, and institutional policies, specifically such laws and regulations which are in effect in the patient’s jurisdiction;
    • Data submission and subsequent data sharing (if applicable) are consistent with the informed consent or permission;
    • Risks to individuals and their families associated with data submitted to the designated data repositories were considered; and
    • To the extent relevant and possible, risks to groups or populations associated with data submitted to designated data repositories were considered.

    If no indication is made, data will be designated as Private Access by default.

  10. Data Withdrawal or Change in Access Designation 

    An access level may be increased by a Member, provided the consent obtained from the patient supports such change. If, at any time, a patient revokes his or her consent in whole or in part, the respective data may be removed from the data repository completely or transferred to another data repository, as applicable.
    To change the access designation or withdraw data from our repositories, Members may: (i) contact us in writing via e-mail sent to support@fdna.com and clearly indicate the case identifier number and nature of the change (we will apply the change within 10 business days and certify such change in writing to the requesting Member); and/or (ii) applicable for the Shared Access, unclick the “Match your Patient” or “Share case Photo with other Face2Gene users with matching patients” button in each of the Member´s cases.
    In certain cases, the data that was already shared or disclosed in accordance with the original access may not be retrieved even if the Member changes the settings.

  11. Requests for Data Access
    Data stored in our designated repositories may be accessed either on an individual- or aggregate- level, based on the submitting Members’ designation of such data, the corresponding informed consents or permissions and applicable laws and regulations.
    Requests for access to data are reviewed by us on a case by case basis. Decisions are based primarily on conformance of the purpose described in the access request to the data use with the values and missions described in this Policy, as well as on the scope of data requested and the identity of the requesting entity.
    Generally, data will be shared with any entity or individual with a valid reason to request such data and will be limited to the minimum necessary to accomplish the intended purpose of such use. Third parties approved to access data from our repositories are expected to abide by terms and conditions specified in a separate agreement signed with us in accordance with the relevant Privacy Regulations, including:

    • Using the data only for the approved purpose;
    • Protecting data confidentiality;
    • Following all applicable laws, regulations, and policies for handling such data;
    • Not attempting to identify individual participants from whom the data were obtained;
    • Not selling any of the data obtained from our data repositories;
    • Not sharing any of the data obtained from our data repositories with individuals or entities other than those listed in the data access request;
    • Complying with security practices that outlines expected data security protections (e.g., physical security measures) to ensure that the data are kept secure and not released to any person not permitted to access the data.

    If requests for access to data are submitted by entities or individuals for non-commercial / non-profit purposes only, we will consider, based on certain criteria, such as the identity of the requester, the purposes listed in the request and the scope of data requested, granting access to such data on a non-profit basis, and in certain cases, on a pro-bono basis (bearing all costs ourselves), and, as necessary, in accordance with applicable Privacy Regulations.

  12. Acknowledgment Responsibilities 

    Anyone accessing datasets from our designated data repositories, whether on an individual- or aggregate-level, will be required to acknowledge our contribution in all resulting oral or written presentations, disclosures, or publications.


Last Updated: January 1, 2023