Privacy Policy

April 1, 2020. There is no prior version of this privacy policy.


We are a site for biologists, computational researchers, and others (collectively, “Visitors” or “you”) to explore curated single-cell transcriptomics datasets at (the “Site”). As a visitor to the Site, the collection, use and sharing of your personal data is subject to this Privacy Policy.

Please read our full Terms (which incorporates this Privacy Policy) and this Privacy Policy for complete details, but here is the key information you should know:

  1. Data Controllers and Contracting Parties

    By accessing and using the Site, you are contracting with the Chan Zuckerberg Initiative, LLC (“Provider,” “we” or “us”), and agreeing that Provider is the “controller” of your personal data provided to, collected by, or processed in connection with the Site. This Privacy Policy along with the Terms of Use form a contract. If you don’t agree with this Privacy Policy or the Terms of Use, do not access or use the Site. This Privacy Policy applies to only this Site, and excludes any other services that state that they are offered under a different privacy policy. For example, this Privacy Policy does not apply to

  2. Data We Collect

    Cellxgene is a tool that enables fast visualizations of curated single-cell transcriptomics datasets. It takes data submitted by researchers (gene expression matrices that indicate counts of how often genes are expressed in certain cell types and metadata detailing how those matrices were generated) and helps you visualize it for faster analysis, exploration, and – hopefully – insight.

    This data is not personally identifiable.

    1. Data You Provide To Us.

      We collect certain information from you when you provide it to us directly. Specifically, this includes data you submit for display in cellxgene as well as if you contact us for support or with information about a dataset via email.
    2. Data From Your Browser or Device.

      Whenever you use any online service, certain information gets created and logged automatically; the same is true when you access or use the Site. Here’s what we collect:
      • Log.
        When you access or use the Site (whether on your computer or on a mobile device), we gather certain information automatically and store it in log files. This information includes IP addresses, the Internet Site Provider, referring pages, date/time stamps, clickstream data, and duration of time spent on the Site.
      • Device.
        In addition to log data, we collect information about the device you’re using to access the Site; this includes the type of device, browser type, operating system, settings, unique device identifiers, and crash data that helps us understand when something goes wrong.
      • Cookies and Other Similar Technologies.
        We also use cookies (small text files sent by your computer each time you access the Site that are unique to your account or your browser) and similar technologies. For example, we use analytics services (e.g. Google Analytics) that place cookies that collect information that allows us to understand how often you use the Sites, where you are accessing the Sites from and events that happen on the Sites. If you’d like to opt-out of Google Analytics, you can go here.
  3. How We Use Your Data

    CZI does not sell, rent, or lease your personal data to others. We use your data for the following business purposes only:

    1. Site.

      We use the information we collect to provide the Site, and maintain and improve the Site, including understanding the content that Visitors find valuable.
    2. Communications.

      We may also use your information to respond to an email from you, and to engage with you about a dataset you wish to share.
    3. Aggregate Insights.

      We use your data to produce and share aggregated insights that do not identify you. For example we may use your data to generate statistics about the location of our Visitors, and how many Visitors engage with the Site on a monthly basis. These aggregated insights are not personally identifiable.
    4. Security and Investigations.

      We use your data (including your communications) if we think it’s necessary for security purposes or to investigate violations of our Terms of Use or this Privacy Policy. We may use human and automated systems and inferences we make to determine whether you or others can be trusted to engage with the Sites.
  4. How We Share Information

    Except in the instances listed below, we will not disclose your personal information to others unless you consent to it, nor will we ever sell your personal information to advertisers or other third parties. However, we share your information in the following ways:

    1. Third Party Site Providers.

      CZI works with vendors, service providers, and other partners that help us provide the Site by providing services on our behalf. These services are, for example, performing statistical analysis, database management services, database hosting, and security. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
    2. Legal and Safety Reasons.

      We may disclose information if we believe in good faith that it’s necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on us; (c) to protect or defend our rights or property; and/or (d) to investigate or assist in preventing any violation of the law.
    3. CZI Entities.

      We may share your information with our affiliates, in which case we will require them to honor this Privacy Policy. “Affiliates” refers to entities controlled by CZI and does not include Facebook for purposes of this policy; CZI and Facebook are independent entities, and we do not share data with Facebook.
    4. Reorganization, Sale or Merger.

      We may share your information in connection with a merger, reorganization, or sale of all or a portion of our organization or assets related to CZI. In the event of a merger, reorganization or sale of assets, the buyer or other successor entity will continue to be bound by the terms of this Privacy Policy.
  5. Choices and Rights

    1. Rights.

      You have the following rights with respect to the personal data we have about you:
      • Delete data.
        You can ask us to erase or delete all or some of your personal data.
      • Change or correct personal data.
        You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
      • Object to, limit, or restrict use of personal data.
        You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
      • Right to access and/or take your personal data.
        You can ask us for a copy of your personal data in machine-readable form.
      • The right not to be discriminated against.
        CZI will not discriminate against you in any manner for exercising any of the above rights with respect to your personal data.
      • Contact us at if you have questions or would like to exercise any rights you have under applicable law to control your personal data. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
  6. Retention and Deletion.

    We retain your personal data as needed to provide the Site. This includes data you provided to us and data generated or inferred from your use of the Site.

  7. Data Transfers.

    CZI is based in the United States; when you engage with the Site, you are sending personal data into the United States which may have different data protection rules than those of your country. We process data both inside and outside of the United States.

  8. Our Legal Bases.

    We will collect, use and share your personal data only where we have a legal right to do so. This section explains our legal bases for processing personal data, including under GDPR.

    1. Consent.

      We rely on consent to engage in certain data collection activities, like through cookies or data you choose to submit to us for display on cellxgene.
    2. Legitimate Interests.

      We rely on legitimate interests to process the device and log data we collect when you use the Site. We process this data based on our legitimate interest in understanding how the Site is being used so we can improve it and have a sense of its impact, and your legitimate interest in accessing the Site.
    3. Contract.

      We rely on contract where processing is necessary for the performance of a contract with you (e.g. to make the data you submitted to us publicly available via cellxgene).

    Where we rely on consent, you have the right to revoke your consent and where we rely on legitimate interests, you have the right to object by emailing us at If you have any questions about the lawful bases on which we collect and use your personal data, please contact our Data Protection Officer via email at

  9. California Residents

    1. The CCPA gives consumers who are residents of California the right to request the following information about the personal information that a business has collected in the past 12 months:

      Information about Data Collection.

      • The categories of personal information that have been collected.
      • The specific pieces of personal information that have been collected about you.
      • The categories of sources from which personal information has been collected.
      • The business purpose for which we have collected personal information.

      Information about Data Disclosure.

      • The categories of third parties with whom personal information has been shared.
      • The categories of personal information that we have disclosed for a business purpose.
    2. We have described in fuller detail in this Privacy Policy the personal information that we collect and how we use and disclose it, but we provide the following additional disclosure:
      • Information we collect.
        We have collected the following categories of personal information within the past 12 months: (1) identifiers; and (2) internet or other similar network activity.
      • Sources of information.
        We obtain these categories of personal information directly and indirectly from activity on For example, from the website usage details collected automatically.
      • Purposes of disclosure.
        We disclose the personal information we collect for one or more of the following business purposes: (1) to provide you with information you request from us; (2) to operate, de-bug and improve our Site as described in more detail in this Privacy Policy; (3) to protect against malicious or fraudulent activity on the Site and prevent security incidents.
    3. To request any of the above information, email Please include in your request sufficient information to allow us to reasonably verify that you are the person about whom we’ve collected personal information. Please note that we do not sell your personal data, and that CZI will not discriminate against you in any way based on your exercise of these rights.
  10. Other Important Information

    1. Security.

      Security of personal data is important to us. We implement security safeguards designed to protect your personal data, including reasonable administrative, technical and physical safeguards to protect that personal data from unauthorized access, use, alteration and destruction. Despite these efforts, we cannot guarantee that your data may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. Please notify us immediately at if you become aware of any security issues relating to the Site.
    2. Direct Marketing and Do Not Track Signals.

      We don’t currently share personal data with third parties for their direct marketing purposes, nor do we support any Do Not Track signals, since there’s currently no standard for how online services respond to those signals. As standards develop, we may establish policies for responding to DNT signals that we would describe in this Privacy Policy.
    3. Changes.

      We may modify this Privacy Policy from time to time, and you can see when the last update was by looking at the “Last Updated” date at the top of this page. If we make material changes to it, we’ll provide you notice through this Privacy Policy. Your continued use of the Site after we publish a notice about changes to this Privacy Policy means that you acknowledge and agree to the updated Privacy Policy following the date it takes effect.
    4. Children.

      The Site is not designed or intended for children under 16. If we become aware that we have the information of such children collected through the Site, we will promptly delete it.
    5. Contact Information.

      If you have questions or complaints regarding this Privacy Policy, please contact us at If contacting us does not resolve your complaint, residents in the European Union (and some other countries) also have the right to contact our Data Protection Officer (at and their local data protection authorities. You may contact our representative for the European Union at
    6. See Section 7 of the Terms of Use for contact information.