Skip to content
vcfkit

Privacy

Bioinformaticians work with sensitive genomic data. This page states explicitly what happens to your data in each context. No vague language.

CLI (vcfkit binary)

Section titled “CLI (vcfkit binary)”

Your files never leave your machine.

The binary reads from stdin or a file path you provide and writes to stdout or a file you specify. No network calls are made during normal operation.

Optional telemetry

Section titled “Optional telemetry”

vcfkit supports opt-in anonymous telemetry. It is off by default.

To enable:

Terminal window
vcfkit telemetry enable

When enabled, each command sends a JSON payload to a logging endpoint containing:

  • Command name (e.g., normalize, filter)
  • Input size bucket (e.g., <1K, 1K-100K, >100K records)
  • Duration in milliseconds
  • Success or error (no error message text)
  • vcfkit version
  • OS name (not hostname)

What is never sent:

  • File paths
  • File contents
  • Variant data
  • Sample IDs
  • Hostname or username

Configuration is stored in ~/.config/vcfkit/config.toml.

Natural-language filter (--ask)

Section titled “Natural-language filter (--ask)”

When you use vcfkit filter --ask "...", one network call is made — to the Anthropic API — to translate your query into a filter expression.

What is sent to Anthropic:

  • Your query text (e.g., "rare missense variants")
  • The VCF header schema: INFO and FORMAT field names, types, and descriptions as written in the ##INFO and ##FORMAT header lines
  • Contig names from ##contig header lines

What is never sent to Anthropic:

  • Variant data rows (CHROM, POS, REF, ALT, sample genotypes, etc.)
  • File paths
  • Sample identifiers

The translated expression is a deterministic filter string (e.g., INFO/AF < 0.01) that runs through vcfkit’s existing parser. The LLM cannot cause arbitrary behaviour — it can only produce a filter expression that the parser either accepts or rejects.

The expression is shown to you before any filtering runs, unless --yes is passed.

Key requirement

Section titled “Key requirement”

--ask requires ANTHROPIC_API_KEY to be set. If it is not set, the command fails with an error and no network calls are made.

Anthropic’s data handling policy applies to the data sent. See Anthropic’s privacy policy for details.

Disabling

Section titled “Disabling”

Simply use -e (expression mode) instead of --ask. No network calls are made.

Browser demo (vcfkit.dev)

Section titled “Browser demo (vcfkit.dev)”

Your VCF never leaves your browser tab.

The page loads WebAssembly and JavaScript from vcfkit.dev. Once loaded, all VCF processing runs client-side using the WASM module. No VCF content is transmitted to any server.

What vcfkit.dev does collect

Section titled “What vcfkit.dev does collect”

Standard web server access logs:

  • IP address (anonymized in aggregate)
  • Referrer
  • User agent
  • Timestamp
  • Which page was requested

This is Cloudflare Pages default behavior. No cookies are set by the vcfkit.dev site itself.

Future hosted features

Section titled “Future hosted features”

Any future features that process data server-side will be:

  • Clearly labeled as server-side
  • Opt-in
  • Documented on this page before launch

No such features currently exist.

Contact

Section titled “Contact”

To report a privacy concern: open an issue or email the maintainer at the address in the GitHub profile.