Somatic Mosaicism across Human Tissues (SMaHT) Network Privacy Policy

Version 1.0 - Dated April 3, 2025

SMaHT Organizational Center Website: https://smaht.org

SMaHT Data Portal Website: https://data.smaht.org

Disclaimer of Endorsement

The Organizational Center (“OC”) and Data Analysis Center (“DAC”) are supported by the NIH Common Fund under Award Numbers 1U24NS132103-01 and 1UM1DA058230-01, respectively, as part of the Somatic Mosaicism across Human Tissues (SMaHT) Network. All content, terms and conditions, and policies associated with the SMaHT Data Portal and OC Website (the “Services”) are produced by the SMaHT Policy Working Group. The views and opinions of authors expressed on the Services do not necessarily state or reflect those of the National Institutes of Health (“NIH”) or the U.S. government. Furthermore, the NIH does not endorse or promote any SMaHT entity or any of its products or services nor guarantees the products, services, or information provided by the OC, DAC, or SMaHT Policy Working Group.

Terms & Conditions

As a user of the Services, you agree that you are 13 years of age or older and furthermore agree to the

Terms and Conditions of Services defined herein and where applicable the terms defined by the NIH

Genomic Data User Code of Conduct. These terms include, but are not limited to:

  1. You will request controlled-access datasets solely in connection with the research project described in an approved Data Access Request for each dataset;
  2. You will make no attempt to identify or contact individual participants or groups from whom data were collected, or generate information that could allow participants’ identities to be readily ascertained;
  3. You will not distribute controlled-access datasets to any entity or individual beyond those specified in an approved Data Access Request;
  4. You will adhere to computer security practices in compliance with NIH Security Best Practices for Controlled-Access Data such that only authorized individuals possess access to data files;
  5. You acknowledge Intellectual Property Policies should they exist as specified in a dataset’s associated Data Use Agreement and Data Use Policy; and,
  6. You will report to the NIH SMaHT Program Officer(s) any inadvertent data release in accordance with the terms described in the Data Use Agreement and Data Use Policy, breach of data security, or other data management incidents contrary to the terms of data access.

The SMaHT Network terms and conditions may be changed at any time by posting revisions on the Services. As a user, you agree to review the Terms & Conditions and Privacy Policies each time you use the Services so that you are aware of any modifications made to these policies. By accessing or using the Services, you agree with and to be bound by all of the terms and conditions and policies as posted on the Services at the time of your access or use, including the Privacy Policies then in effect.

For documents and/or data available from or provided by the Services, the SMaHT OC, DAC, or Network does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process provided. Furthermore, no specific medical advice is intended or provided by any of the Services, and where applicable, the users are urged to consult with a qualified physician for diagnosis and for answers to personal questions.

If you have any questions about these terms, conditions, or the practices of this site or any of the other Services, please contact the OC at smahtsupport@gowustl.onmicrosoft.com or DAC at smhelp@hms-dbmi.atlassian.net.

Privacy Policy

I. Introduction

The SMaHT Policy Working Group (“PWG” or “we”) has created this Privacy Policy to demonstrate its commitment to privacy and transparency of practices. The SMaHT Data Portal and OC website (“Website”) link to other National Institutes of Health (NIH) sites and non-NIH sites. Once you leave the SMaHT Data Portal and Website, you are subject to the privacy policy for the site(s) you are visiting. This Privacy Policy explains the SMaHT Network’s information-gathering and dissemination practices for the SMaHT Data Portal and Website (the “Services”). By accessing the Services, you consent to the practices and terms of this Privacy Policy. Limited data are collected about your visit to any of our Services in order to help us better understand public use of the sites and to improve and continue to make our Services more useful to visitors. This page describes the information that is automatically collected and stored. The SMaHT Network, OC, and DAC never collect information for commercial marketing or any purpose unrelated to the NIH mission and goals.

If and when visitors send a support request containing personal information to the SMaHT Data Portal Support email at smhelp@hms-dbmi.atlassian.net, the SMaHT DAC maintains the request in the SMaHT Help Desk System. Only designated SMaHT DAC Team Members requiring access to the support requests in order to assist visitors may view this information.

II. Types of Information Collected

Information Collected When Browsing the SMaHT Data Portal and Website

“Personal Information” means any information that can be used to identify you, directly or indirectly, as an individual person. The SMaHT Network collects Personal Information when you visit any of the Services, send SMaHT DAC or Network an email, respond to a survey, provide online feedback, or otherwise communicate with us. The SMaHT Network also collects information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Services.

The following information is collected automatically when using the Services:

Log File Data

The Services collect aggregate information about site traffic and server load. Additional processes store IP addresses, browser information, location, and device statistics of visitors for auditing and security purposes. This information is used strictly to maintain and improve the Services.

Cookies

The Services use “cookies” during site visits. The “cookie,” which is a small text file stored in temporary client-side storage, is used by our Web applications for usability purposes and to comply with subscription and settings preferences that our visitors have given us. The Services also use “cookies” on a limited basis to measure user interactions with the Services through Google Analytics or YouTube. You can turn off cookies in your browser preferences at any time if you wish to do so. Please note that for the Data Portal, opting out of cookies will affect the site performance and limit the level of access to and functionality available from the Data Portal, as cookies are required for log-in access and for the performance and application functions on AWS. Instructions for disabling or opting out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml. The use of cookies is required to access the SMaHT data portal through the web UI.

These data are used to monitor the health and growth of the system and comply with security and auditing best practices. The SMaHT OC, DAC, or Network may conduct analyses and generate reports with this information, which are shared only with SMaHT DAC Team Members, NIH Senior Staff, and members of the NIH Communications Team who require this information to perform their duties.

Information Collected When Submitting a Support Request

The SMaHT OC, DAC, or Network collects Personal Information that you enter through the Services or give to the SMaHT Network in another way. For example:

  • When you access the Services, the DAC may collect:
    • contact information, such as your name, email address, mailing address, and telephone number
  • When you fill out a survey, the SMaHT Network may collect, depending on the survey:
    • satisfaction with an event or course, product usage, and product satisfaction
    • other information in response to solicited questions, as you voluntarily contribute

When you submit a support request through the SMaHT DAC Support email at smhelp@hms-dbmi.atlassian.net, we collect the following types of information:

  • Name
  • E-mail address
  • Phone number (if provided)
  • Inquiry type
  • Inquiry description
  • Any files uploaded in support of the inquiry
  • Date and time the inquiry was submitted

Information the SMaHT Network Obtains from Third Party Sources

The SMaHT OC, DAC, or Network collects Personal Information about individuals from a number of third-party sources.

  • Business Partners and Service Providers: Our business partners and service providers, such as contacts database and website hosting providers, collect Personal Information and share some or all of this information with us.

Online Comment Forms

Please note that the SMaHT OC, DAC, and Network will not intentionally share the contents of any email feedback or comment form with any party. However, due to the nature of electronic communications, the SMaHT OC, DAC, and Network cannot and do not provide any assurances that the contents of your e-mail will not become known or accessible to third parties.

You are urged not to provide any confidential information about you, your health, or other patients’ health via electronic communication. If you do so, it is at your own risk.

III. How the SMaHT Network Uses Your Information

The SMaHT Network uses information, including Personal Information, for internal and service-related purposes. The SMaHT Network may use and retain any data that it collects to provide and improve any of the Services. The SMaHT OC, DAC, or Network may communicate with you using the email address you provide for informational and/or operational purposes, such as account management, customer service, system maintenance, and other Services-related purposes. The SMaHT Network may use information, including Personal Information, to show or send you information that it thinks may be useful or relevant to you. The SMaHT Network may anonymize or aggregate data collected through the Services and use and disclose it for any purpose.

IV. How the SMaHT Network Shares Your Information

Only members of the SMaHT Network staff, its approved contractors, and its approved vendors have access to the data collected by the Services. The SMaHT Network may share information with its third-party vendors and service providers, to comply with legal obligations, to protect and defend our rights and property, and with your permission. The SMaHT Network may share any information it receives with vendors and service providers it uses to help provide and improve the Services. For example, the SMaHT Network may disclose information to the service providers that help host the Services or send its emails.

The SMaHT Network may allow access to data collected by the Services to send you information the SMaHT Network thinks may be useful or relevant to you.

The SMaHT Network may access, preserve, and disclose collected information, if it believes doing so is required or appropriate to: comply with law enforcement requests and legal processes, such as a court order or subpoena; respond to your requests; comply with the law; or protect your, our, or others’ rights, property, or safety.

If the SMaHT Network is involved in a transition of service to another provider, your information may be disclosed in connection with the negotiation of such a transaction, and/or transferred as part of such a transaction as permitted by law and/or contract. The SMaHT Network cannot control how the recipient entities may use or disclose such information.

V. Other Sites

Our privacy policies apply only to your use of the Services. The Services contain links and integrations to other sites, including sites that may indicate relationships or collaborations with the SMaHT Network. At times, in support of technical integrations, you may be required to provide your email address and name to third parties to fully use and/or access all Services. The SMaHT Network is not responsible for the privacy practices of such other sites. You should read and review the privacy policies of each site you visit to determine what information that site may be collecting about you. Below are the privacy policies for the third-party websites & services that the Services currently integrate with:

  • Amazon Web Services: The Data Portal is deployed on the Amazon Web Services (AWS) Platform. As such, various types of information about users flow through AWS and are accessible to a select few engineers within the DAC team. This information includes but is not limited to network flow logs, performance analytics and error logging. You may visit the AWS privacy policy here: https://aws.amazon.com/privacy/
  • Sentry: Sentry is a third-party performance and error monitoring service. The Data Portal includes both client- and server-side components that integrate with Sentry. This integration may report performance and error logs generated by a user on the site. This data will only be accessible to a select few engineers within the DAC team. You may visit Sentry’s privacy policy here: https://sentry.io/privacy/
  • Google: Users have the option to integrate their Data Resource Portal login with Google to allow users to “login with Google.” The Services will access your basic profile information including your name and email address. You may visit Google’s privacy policy here: https://policies.google.com/privacy
  • Google Analytics & reCaptcha: The Services use Google Analytics to monitor user interaction and use of the sites. See Log File Data above for information on what is collected with Google Analytics. Additionally, the Services uses Google reCaptcha when submitting forms to prevent spam bots from submitting forms. You may visit Google’s privacy policy here: https://policies.google.com/privacy

Other Third-Party Web Sites and Applications

YouTube - The SMaHT Network uses YouTube to host informational videos on the SMaHT. NIH conducts and publishes a Privacy Impact Assessment (PIA) for each use of a third-party website as they may have a different functionality or practice. To learn more, visit the published PIAs at http://www.hhs.gov/pia/#Third-Party.

For more information on the uses of social and new media for which GSA has negotiated a federally-friendly Terms of Service Agreement, visit DigitalGov at http://www.digitalgov.gov/resources/negotiated-terms-of-service-agreements/.

VI. Passwords and Tokens

You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your passwords, accounts, or security tokens. It is your sole responsibility to (1) control the dissemination and use of activation codes and passwords; (2) authorize, monitor, and control access to and use of your account and password; (3) promptly inform us of any need to deactivate a password or token; and (4) safeguard your programmatic access keys (e.g. do not put them in public computers or in unsecured directories) and refresh the access keys periodically. You grant to the SMaHT DAC and Network and to all other persons or entities involved in the operation of the Services the right to transmit, monitor, retrieve, store, and use your information in connection with the operation of the Services. The SMaHT DAC or Network cannot and does not assume any responsibility or liability for any information you submit, including to Online Community, or your or third parties’ use or misuse of information transmitted or received using the SMaHT tools and services, including Online Community.

VII. Contact Information

For further information about the SMaHT privacy policy or the practices of the SMaHT Data Portal and Website, please contact SMaHT DAC Support at smhelp@hms-dbmi.atlassian.net and OC at smahtsupport@gowustl.onmicrosoft.com, respectively.

For information about the NIH privacy policy, please contact the NIH Senior Official for Privacy at privacy@mail.nih.gov; or call 301-451-3426 or visit https://www.nih.gov/privacy-policy.