After 24 hours Promethease deletes all information about your raw genome.
After 45 days Promethease deletes your Promethease report.
At no time is your DNA data shared - or sold - to any external party, period. We also do not sell any products like vitamins or supplements.
When you look at SNPedia with your webbrowser, the pages you've requested are part of the SNPedia webserver logs. This makes it possible to match a set of genotypes to a given IP address. These logs are not kept long term; typically they are removed after 1 month, however this is not automated.
When using http://promethease.com you are uploading your genome to our central website. All traffic is encrypted via https and your upload is retained in a well protected location. If a genome is uploaded, but the user does not continue and generate a report, the uploaded genome is automatically deleted after 24 hours. As soon as a report has been generated (typically 10 minutes) the uploaded genome is deleted. If you've imported directly from 23andMe the imported genomes are not deleted when your report was generated, but are instead retained for 24 hours.
If you've made a payment to use Promethease, you will see that your email address was provided by the payment processor (Stripe.com). This email address is used to email you a link to your Promethease report. You may choose to change this to a different address, or to remove the email address. If you do not remove your email address, you will be mailed a link to your completed report. This is probably the weakest link in the security, so you might wish to blank your email, but it makes it much more likely that you will lose the ability to retrieve your completed report.
This is an older way to run Promethease directly on your Windows/Mac/Linux desktop computer.
Running the Desktop version requires requesting over 50,000 pages from SNPedia, and over 20k of these are genotype pages. As stated above, these requests are recorded in the webserver traffic logs, and could link your genotypes to your IP address. By paying to speed things up you will be downloading a single file containing much of the information in SNPedia. Since its a single request and compressed it runs faster, but as a side benefit only a few new or rare genotypes will be requested. This greatly improves your privacy, and leaves SNPedia with no way to know what genotypes you have. However since the cache is not yet perfectly up to date, nor fully comprehensive, during even paid Promethease runs most users will need to request a *few* genotypes directly from SNPedia, which leaks some information. Even for a perfect cache which doesn't need to read any pages, most users will eventually click through with their webbrowser to look at the full details of some of their genotypes. Again this leaks information into the server logs.
For this reason, in time we hope to scrub the ip/genotypes from the SNPedia logs. But I am strong believer in release early, release often and Promethease wouldn't exist at all if I had to wait until every case was covered.
You can improve security by running Promethease behind Tor. For the extremely security conscious, Promethease may not yet be for you. If you can't wait, consider doctoring a few versions of your genotype file, and running Promethease a few times, from various coffee shops in foreign countries. You alone will know which file was real, and the rest will serve as chaff. Other possibilities exist, and your comments on this important topic are welcome.
These technical solutions are still being formulated, in line with the discussions raised in recent articles ([PMID 18769715]) and by the NIH and Wellcome Trust.