Privacy Policy.

DataBiologics Privacy Policy

Last Updated: October 14, 2025

I. Introduction

DataBiologics (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy of our visitors and users, and providing them with detailed information as to how their information is used and protected.

This Privacy Policy describes how we collect, process, and safeguard users of the Services personal information through our websites, products, and services including our IMPACT and ACCESS platforms (together “Services”). This Policy applies to individuals in the United States, European Economic Area (EEA), United Kingdom (UK), Canada, Australia, New Zealand, and other applicable jurisdictions. Additional rights and disclosures apply depending on users of the Services’ jurisdiction and are described below. This Privacy Policy is incorporated into our Terms of Use. By using our Services, users of the Services are consenting to the practices described in this Privacy Policy. If users of the Services do not agree with this Privacy Policy, do not access or use the Services.

II. Protected Health Information

Additional protections may be afforded to information collected from users of the Services when registering and logging-in to a certain secure portion of our website that requires verification of identity (the “Platform”), which is intended to be used by health care providers and their patients (users, including but not limited to patients, providers, and partners) who utilize the Platform in order for the provider to solicit treatment-related information. All information collected and stored by us or disclosed by users of the Services within the Platform is considered Protected Health Information (“PHI”) and/or medical information, and shall be governed by applicable state and federal laws that apply to such information, including the Health Insurance Portability and Accountability Act (“HIPAA”). The applicable privacy practices with respect to PHI and/or medical information is set forth in a distinct Notice of Privacy Practices, which is available to users of the Platform within the Platform. This section only applies to users who access portions of our platform where PHI is collected in accordance with HIPAA.

III. Information Collected by Us

We collect the following types of information:

Information Users Disclose.

We receive information about users when users provide it through forms or surveys, and when users sign up for a user account and use our Services. In addition, we receive information about users when users use, edit, or access their account. As a result of those actions, users may supply us with certain information, including, but not limited to, user's name, age, date of birth, e-mail address, phone number, product preferences, payment or financial information, and other information. . Information may be collected directly from users or via our clients (e.g., healthcare users, including but not limited to patients, providers, and partners) in accordance with applicable data protection laws.

Information Automatically Collected.

We may automatically collect certain information resulting from use of our Services. This information may include users of the Services IP address, login details, password, and the location of users’ device. We may also use device identifiers, cookies, and other technologies on devices, applications, e-mails, and our web pages to collect information about users’ browsing actions and patterns, information about users’ devices (such as information related to users’ computer, internet connection, operating system, and internet browser type), or other technical information.

IV. Information Collected by Third Parties

When the Services are used, certain third parties may use automatic information collection technologies to collect information about users or users’ device. These third parties may include: advertisers, ad networks, and ad servers; analytics companies; your mobile device manufacturer; and, users’ mobile service provider. The information they collect may be personally identifiable and may include information about users’ online activities over time and across different websites, apps, and other online services websites. These third parties may use this information to provide you with interest-based advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

V. How We Use Users’ Information

We collect users’ information in order to provide and improve our Services. In addition, we may disclose users’ deidentified and anonymized information for research or commercial purposes, except for users’ payment and financial information, and information prohibited from disclosure pursuant to federal and state law.

Information you disclose is used to improve and provide our Services. We, our partners, contractors, or agents, may use personal information about you for various purposes, including, but not limited to:

• Conducting internal research and development and making business decisions about current and future product and Service offerings;
• Responding to users’ comments, questions and requests and providing customer service;
• Communicating with you about products, services, offers, promotions, rewards and events and providing news and information we think will be of interest to you;
• Managing users’ online account(s) and sending technical notices, updates, security alerts and support and administrative messages;
• Personalizing users’ online experience and providing advertisements, content or features that match users’ profile and interests;
• Monitoring and analyzing trends, usage and activities;
• Complying with any court order, law, or legal process, and responding to any government or regulatory request;
• Enforcing or applying our Terms of Use; and/or
• Fulfilling any other purpose for which you provided the information.

Information automatically collected is used generally to improve our Services. In addition to the uses related to information you disclose, as outlined above, we may use information automatically collected in a similar manner. We may also combine this information with other information we collect about you and use it for various purposes, such as improving our websites and users’ online experience, understanding which areas and features of our sites are popular, counting visits, tailoring our communications with you, determining whether an email has been opened and links within the email have been clicked and for other internal business purposes.

VI. How Collected Information Is Shared by Us

We may share users’ personal information with our affiliates, partners and other third parties, including subcontractors, to:

• assist us with the maintenance and operation of the Services;
• market and promote the Services, including the measurement of the success of such efforts;
• comply with any court order, law, or legal process, including to respond to any government or regulatory request; to enforce or apply our Terms of Use;
• protect our, our customers’, or others’ rights, property, or safety; or
• to disclose to a buyer or other successor entity in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

In addition, we may disclose users’ deidentified and anonymized information for commercial purposes, except for payment and financial information, and information prohibited from disclosure pursuant to federal and state law.

VII. Privacy and Security

We design our systems with users’ security and privacy in mind, and we take reasonable steps to protect users’ personal information from unauthorized access, use, or disclosure.

The safety and security of users’ information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share users’ password with anyone.

VIII. Notification of Changes

We reserve the right to change this Privacy Policy from time to time at our sole discretion. Users’ continued use of our Services indicates users’ assent to the Privacy Policy as posted. The date the privacy policy was last revised is identified at the top or bottom of this page. If we make material changes to how we treat our users’ personal information, we will notify you by email or through a notice on our website. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

IX. Accessing/Deleting Users’ Personal Information

You may be able to update, correct, or delete users’ personal information by contacting us. We may not be able to delete users’ personal information without also deleting users’ account, and we may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

X. California Residents

Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section may apply to you at such time that we become subject to CCPA. At this time, we are not subject to the CCPA.

If you are a California resident, and if the CCPA applies to us, you can make certain requests regarding users’ personal information. We will fulfill each of these requests to the extent required and permitted by law.

You can ask us what personal information we have about you, including a list of categories of users’ personal information that we have sold and a list of categories of users’ personal information that we have shared with another company for business purposes. If you make this request, and to the extent required by law, we will return to you any of the following, as applicable: the categories of personal information we have collected about you; the categories of sources from which we collect users’ personal information; the business or commercial purpose for collecting or selling users’ personal information; the categories of third parties with whom we share personal information; the specific pieces of personal information we have collected about you; a list of categories of personal information that we have sold, along with the category of any other company we sold it to; and, a list of categories of personal information that we have disclosed for a business purpose.

You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information we collected about you in the previous 12 months.

In addition, you have the right to ask us to delete users’ personal information. Once we receive a request, we will delete the personal information (to the extent required by law) we hold about you as of the date of users’ request from our records and direct any service provider users, including but not limited to patients, providers, and partners to do the same. In some cases, deletion may be accomplished through de-identification of the information. Choosing to delete users’ personal information may impact users’ ability to use our websites and online features.

Finally, you can ask that we stop selling users’ personal information or disclosing it for a business purpose. We share or sell users’ personal information as described in the “How Collected Information is Shared by Us” section of this policy.

We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act. This generally means we will not deny you goods or services, charge different prices or rates, provide a different level of service or quality of goods, or suggest that you might receive a different price or level of quality for goods.

You can make these requests by calling e-mailing privacy@databiologics.com, or using our Website’s contact us form at www.databiologics.com.

XI. Nevada Residents

Certain consumers residing in Nevada are afforded certain additional rights with respect to their personal information. You may have the right to opt-out of the sale of users’ personal information, and you may also have the right to review and request changes to the personal information that we have collected. To exercise these rights, please contact us using the information provided below. To submit an opt-out request, please contact us at privacy@databiologics.com.

XIV. Contact Information

If you have any questions about this Privacy Policy, please contact us at: privacy@databiologics.com. If you are located in the European Union or United Kingdom, you may also contact our EU or UK representative (see Section XV below) with any privacy-related inquiries. You may also request that we help you access, modify or delete users’ data, or ask that we not sell or share users’ data, by contacting us using the information provided above.

XV. Contact Information for EU/UK Representatives

We have appointed Euverify Ltd to act as our GDPR Representative in both the EU and the UK under Article 27 of the General Data Protection Regulation (GDPR).

If you wish to exercise your rights or have any questions regarding your personal data, you may contact our representatives at:

EU Representative
Euverify Ltd
Unit 3D, North Point House
North Point Business Park
New Mallow Road, Cork, T23 AT2P
Ireland
gdpr@euverify.com

UK Representative
Euverify Ltd
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
United Kingdom
gdpr@euverify.com

Please mention DataBiologics when contacting our representative.

VXI. Users’ Rights Under the GDPR and Other International Privacy Laws

If you are located outside of the United States, including in the European Economic Area (EEA), United Kingdom, Switzerland, Canada, Australia, or New Zealand, you may have certain rights regarding users’ personal information under the EU or UK General Data Protection Regulation (GDPR) and other applicable data protection laws. These rights may include (each as defined and subject to applicable law):

Right of Access: You may request access to the personal information we hold about you, including obtaining a copy of users’ personal data and information about how we process it.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Right to Erasure (Deletion): You have the right to request that we delete users’ personal information when, for example, it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where we rely on consent), or when deletion is required by law. Please note we may retain certain information as required by law or for legitimate business purposes.

Right to Restrict Processing: You can request that we restrict the processing of users’ personal information under certain circumstances (such as while we verify or investigate users’ concerns about users’ data).

Right to Data Portability: You have the right to request a copy of users’ personal information in a structured, commonly used, and machine-readable format, and to have that information transmitted to another data controller where technically feasible and when allowed by law.

Right to Object: You may object to our processing of users’ personal information in certain situations, including when we process it based on our legitimate interests. You always have the right to object to the processing of users’ personal information for direct marketing purposes.

Right to Withdraw Consent: If we are processing users’ personal information based on users’ consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to users’ withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority or privacy regulator in the jurisdiction where you reside. For example, individuals in the EEA can contact their local Data Protection Authority; in the UK, the Information Commissioner’s Office (ICO); in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); in Canada, the Office of the Privacy Commissioner (OPC); in Australia, the Office of the Australian Information Commissioner (OAIC); and in New Zealand, the Office of the Privacy Commissioner.

You may exercise users’ rights by contacting us using the information in the Contact Information section below (Section XV). We will respond to users’ request in accordance with applicable law. Please note that we may request proof of users’ identity before acting on any such request, and certain rights may be limited or subject to exceptions under the law (for example, we may retain data if required by law or to establish or defend legal claims).

XVII. International Data Transfers

DataBiologics is headquartered in the United States, and users’ personal information will be processed in the United States. If you are located in a country outside the U.S., users’ personal information may be transferred to, stored, and processed in the United States or other countries in which we or our service providers maintain facilities. These countries may have data protection laws that are different from the laws of users’ country of residence. We comply with applicable legal requirements for the transfer of personal information internationally. In particular, when we transfer personal information from the EEA, the UK, or Switzerland to the United States (or any other country that is not recognized as providing an adequate level of data protection), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (“SCCs”). For UK personal data, we implement the UK International Data Transfer Addendum in conjunction with the SCCs, and for Swiss personal data, we implement the necessary Swiss Addendum or equivalent measures to ensure that an equivalent level of data protection is afforded to users’ personal information. We may also rely on other lawful transfer mechanisms or exceptions permitted by applicable data protection laws, such as users’ explicit consent or where the transfer is necessary for the performance of a contract with you. Please be aware that personal information transferred to the United States or other jurisdictions may be accessible by the courts, law enforcement, and national security authorities of those jurisdictions. However, we will take appropriate measures to ensure that users’ personal information remains protected in accordance with this Privacy Policy and applicable law. By using our Services or providing us with users’ information, you acknowledge the transfer of users’ personal information to the United States and other jurisdictions as described above.