Privacy Policy

Last Updated: March 2026

1. Introduction

MyGNAO1 ("we", "our", or "the Platform") is committed to protecting the privacy of every individual who uses mygnao1.org. This Privacy Policy explains what data we collect, how we use it, how we store it, and the controls you have over it.

Given the nature of our platform — a community built around a rare pediatric neurological disorder — we treat privacy not as a compliance obligation, but as a foundational principle. Families share sensitive information about their children and their medical journeys. We take that trust seriously.

MyGNAO1 is registered and operated in The Hashemite Kingdom of Jordan. This Privacy Policy is governed by the laws of Jordan. Where applicable, we also acknowledge the rights of users under international frameworks including the General Data Protection Regulation (GDPR) for users accessing the Platform from the European Union.

By using the Platform, you agree to the practices described in this Privacy Policy.

2. What Data We Collect

2.1 Account Data

When you register an account, we collect:

  • Email address
  • Password (stored in hashed form — we never store plain-text passwords)
  • Name or display name (if provided)

2.2 Patient Profile Data

If you register a patient profile on behalf of a GNAO1-diagnosed patient, you may optionally provide:

  • Patient year of birth
  • Diagnosis details
  • Mutation information (if known)
  • Medical history, seizure types, developmental status
  • Care updates and treatment experiences
  • A patient photo (subject to your visibility settings)
  • Location information (city or country level only — see Section 6)

All patient profile fields are optional. You are never required to provide any specific information.

2.3 Contributor Access Request Data

If you apply for Contributor (Editor) access, we collect the information submitted in the request form. This information must be accurate and authentic as per our Terms of Use.

2.4 Concepts Data

To improve the usability of care update entry, the Platform uses a shared concept system for fields such as medication names. When you enter a medication or similar term, the Platform checks whether a matching concept exists. If it does, it is returned for your selection. If it does not, a new concept is created and made available to other users. This helps group related data for community benefit and future research aggregation. Concepts are platform-wide and not tied to individual user identities.

2.5 Usage and Technical Data

We collect standard technical data through server logs and third-party analytics, including:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring URLs
  • General geographic region (derived from IP, not from profile data)

This data is used to maintain platform performance, diagnose issues, and understand general usage patterns. We do not use this data to build individual user profiles or track users outside of the Platform.

2.6 Communications

If you contact us via email (e.g. support@mygnao1.org), we retain that correspondence to respond to your inquiry.

3. How We Collect Data

We collect data through the following means:

  • Registration and profile forms completed by you
  • Care update and treatment entry forms
  • Contributor access request forms
  • Server logs generated automatically when you access the Platform
  • Third-party analytics tools (see Section 7)
  • Email correspondence initiated by you

4. How We Use Your Data

4.1 Platform Functionality

To provide core platform features including account management, patient profiles, care timelines, the Community Map, and the GNAO1 Library.

4.2 Community Support

To enable families to connect, share experiences, and access information relevant to GNAO1-related disorders — in accordance with your chosen visibility settings.

4.3 Platform Improvement

To understand how the Platform is used and to improve its performance, usability, and content.

4.4 Transactional Communications

To send essential account-related emails such as registration confirmation, OTP verification, and contributor access request updates. We do not send marketing emails.

4.5 Research (Phase 2 — Opt-In Only)

In a future phase of the Platform, anonymized and aggregated patient data may be made available to researchers studying GNAO1-related disorders. This will only occur with explicit, informed, and individually withdrawable consent from the patient's guardian. No data will be used for research without this consent. No data will ever be used for commercial purposes.

4.6 Concepts Aggregation

Anonymized concept data (e.g. medication names, treatment terms) may be aggregated to support research insights and improve the collective understanding of GNAO1 treatment experiences.

5. Data We Do Not Collect or Use

To be explicit:

  • We do not collect exact GPS coordinates or precise locations
  • We do not track users outside of the Platform
  • We do not sell data to any third party
  • We do not use data for advertising or commercial purposes
  • We do not share identifiable data with researchers without explicit guardian consent
  • We do not store plain-text passwords

6. Patient Profile Privacy Controls

You have granular control over what information is visible and to whom. Patient profile privacy is managed across three independent settings:

6.1 Profile Visibility

  • Public: Your patient profile is accessible to anyone, including non-registered visitors. The profile may appear in the Community Map.
  • Community: Your patient profile is accessible to logged-in users only.
  • Private: Your patient profile is not accessible to anyone except you. A count is added to the Community Map with no additional information attached.

6.2 Photo Visibility

  • Public: The patient photo is visible to anyone who can access the profile.
  • Community: The patient photo is visible to logged-in users only.
  • Private: The patient photo is not visible to anyone except you.

6.3 Location Visibility (Community Map)

  • Hidden: No location information is displayed. You are counted on the map as a number only.
  • City: Your city name may be displayed on the map. The map pin is always placed at country level — never at city coordinates.
  • Country: Your country name is displayed on the map. The pin is at country level.

Important: Regardless of your location visibility setting, MyGNAO1 does not place map markers at exact city coordinates or any precise geographic location. All map pins represent country-level positions only.

All visibility settings are reversible at any time from your account.

7. Analytics and Cookies

7.1 Analytics

We collect anonymized usage data through server-side logs and platform infrastructure to understand how the Platform is used. This includes pages visited, session duration, and general geographic region derived from IP address. We do not use this data to identify individual users or to track users outside of the Platform. We do not use third-party analytics services.

7.2 Essential Cookies

We use essential cookies necessary for the Platform to function, including authentication session cookies. These cannot be disabled without affecting core platform functionality.

7.3 No Third-Party Analytics Cookies

We do not use third-party analytics services and do not set analytics cookies of any kind.

7.4 No Advertising Cookies

We do not use advertising, retargeting, or tracking cookies of any kind.

8. Data Storage and Security

8.1 Storage Location

All data submitted to the Platform is stored on secure servers in AWS US-EAST-1 (Northern Virginia, United States). Data does not leave this environment except as described in this Privacy Policy.

8.2 Security Measures

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS enforced across all Platform surfaces)
  • Encryption at rest for database and file storage
  • Access controls limiting data access to authorized systems and personnel only
  • No static credentials — infrastructure access is managed via IAM roles

8.3 Data Retention

We do not currently apply automated data retention or deletion schedules. Data associated with your account remains stored for as long as your account exists. Upon account deletion, all associated data is permanently deleted (see Section 9.2).

9. Your Rights

9.1 Access and Correction

You may access and update your account information and patient profile data at any time through your account settings.

9.2 Data Deletion

Account deletion is not currently available as a self-service feature within the Platform. To request deletion of your account and all associated data, please contact us at support@mygnao1.org. We will process your request and confirm deletion. Upon deletion, all associated data including patient profiles, care updates, and submitted content will be permanently removed.

9.3 Withdrawal of Research Consent

If you have consented to your patient's data being used for research purposes (Phase 2), you may withdraw that consent at any time. Withdrawal will prevent future use of your data for research. It will not affect any processing that occurred prior to withdrawal.

9.4 Visibility Control

You may change your patient profile visibility settings at any time. Changes take effect immediately.

9.5 GDPR Rights (EU Users)

If you are accessing the Platform from the European Union, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at support@mygnao1.org.

10. Children's Data

MyGNAO1 does not permit individuals under the age of 18 to register accounts. Patient profiles represent GNAO1-diagnosed patients who may be minors. All patient profile data is submitted and managed exclusively by the patient's legal guardian, who confirms their guardianship at the time of registration.

We treat data relating to minor patients with the highest level of care. Such data is never publicly exposed beyond the visibility settings chosen by the guardian, never sold, and never used for any purpose beyond those described in this Privacy Policy.

11. Third-Party Services

We use the following third-party services in the operation of the Platform:

  • Amazon Web Services (AWS) — infrastructure, storage, and email delivery

We do not share personally identifiable information with these services beyond what is technically necessary for their function. Each third-party service operates under its own privacy policy.

MyGNAO1 does not own or control external links, third-party websites, or support groups referenced on the Platform. We are not responsible for their privacy practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When changes are made, the "Last Updated" date at the top of this page will be revised. We encourage you to review this page periodically. Continued use of the Platform following any changes constitutes your acceptance of the updated Policy.

For significant changes affecting how we handle your data, we will make reasonable efforts to notify registered users directly.

13. Contact

For any questions, concerns, or requests related to this Privacy Policy or your data, please contact us at:

Email: support@mygnao1.org
Or through the Contact page at: mygnao1.org/contact