Login to LiveSLR
Login to MyCytel
Login to CytelStore
Solutions
Drug Development Cycle
Discovery
Phase I-III Clinical Trials
Commercialization
Real-World Evidence Solutions
Strategic Data Science and Analytical Methods
Clinical Trial Design
Trial Delivery
Advanced Analytics
Specialty Areas
Discovery

Our innovative preclinical solutions empower your drug development journey with cutting-edge analytics and insights from inception to preclinical stages.

Find out more
Phase I-III Clinical Trials

We help you navigate complex trial phases efficiently with data-driven methods & strategies tailored to Phase I-III trials for accelerated drug development.

Learn more
Commercialization

Maximize your market potential and optimize your commercial strategies with our advanced analytical methods, data science, and tailored commercialization solutions for data-driven commercial success.

Learn more
Real-World Evidence Solutions

Harness the power of real-world data and real-world evidence to gather insights and shape future drug development cycles for enhanced efficacy and regulatory compliance.

Find out more
Clinical Trial Design

Craft optimal trial designs with our advanced analytical methods to enhance efficiency and increase the probability of success throughout your drug’s lifecycle.

Learn more
Trial Delivery

Empower your trial delivery by transforming trial designs into actionable strategies with our data-driven approach to ensure seamless delivery and successful outcomes.

Find out more
Advanced Analytics

Unlock the power of data with our methods for actionable insights to drive informed decisions and optimize clinical trial outcomes.

Learn more
Specialty Areas

We offer tailored analytics solutions for your specialized or niche projects enabling you to optimize both efficiency and precision in drug development.

Learn more
Quick Links
Data Strategy Model-lnformed Drug Development Chemistry, Manufacturing and Controls (CMC) Toxicology Solutions Clinical Pharmacology, Drug Metabolism and Pharmacokinetics
Adaptive Trial Designs Complex and Innovative Trial Design Model-lnformed Drug Development Clinical Development Strategy and Planning End-to-End Biometrics Axio® Data Monitoring Committee Data Strategy Regulatory Strategy Market Access Real-World Evidence Software for Trial Design
Health Economics and Outcomes Research (HEOR) Market Access Regulatory Strategy Real-World Evidence Health and Technology Assessments stève consultants
Real-World Evidence Real-World Data Real-World Data Software Post-Authorization Safety Studies stève consultants
Adaptive Trial Design Complex and Innovative Trial design Model-lnformed Drug Development Software for Trial Design
End-to-End Biometrics Data Management Early Phase Solutions Late Phase Solutions Axio® Data Monitoring Committee Safety & Regulatory Compliance FSP Outsourcing Outsourcing per Project Software for Trial Implementation
Systematic Literature Reviews Complex and Innovative Trial Design Market Access Health Economics & Outcomes Research Real-World Evidence Real-World Data Health and Technology Assessments
Synthetic Controls External Controls Rare Diseases Oncology Post-Authorization Safety Studies Decentralized Trials Pediatrics
Delivery Models
Strategic Consulting
Beyond Functional Service Provider
Project-Based Analytical Solutions
Software Solutions
Trial Design Software
Trial Implementation and Decision Support Software
LiveSLR® Software for Systematic Literature Reviews
Strategic Consulting

Enhance your clinical trial design with our strategic consulting services, featuring adaptive trial models and comprehensive regulatory guidance to ensure innovative, compliant, and successful trial outcomes.

Learn more
Beyond Functional Service Provider

Experience the future of flexible strategic partnerships with Analytics on Demand, providing adaptive and innovative solutions that transcend traditional models to achieve unparalleled operational excellence.

Learn more
Project-Based Analytical Solutions

Maximize efficiency and outcomes with our project-based services, delivering specialized expertise, end-to-end biometrics, and focused solutions for unique projects, ensuring timely completion and exceptional results.

Project-Based Analytical Solutions
Trial Design Software

Cytel's software platform enables precise trial design and simulation, utilizing adaptive and Bayesian tools to optimize protocols and accelerate drug development with confidence and efficiency.

Learn more
Trial Implementation and Decision Support Software

Our unique software package streamlines trial implementation with intuitive solutions for protocol development, randomization, and patient management, optimizing operational efficiency and ensuring study success.

Learn more
LiveSLR® Software for Systematic Literature Reviews

Learn more
Quick Links
Adaptive Trial Designs Advanced Analytics Regulatory Strategy Clinical Development Strategy & Planning Discovery and Pre-clinical Clinical Pharmacology, drug metabolism and pharmacokinetics
Staff Augmentation Strategic Capacity Management Functional Service Provider Hybrid FSP Model
Data Management End-to-End Biometrics Data Submission support Axio® Data Monitoring Committee Medical Writing
East Horizon™ Platform for Trial Design Xact software suite, StatXact®
Enforesys
About Us
About Us

Learn about our rich history, visionary leadership, and core values. Our mission and vision drive us to deliver excellence in drug development globally.

Learn more
Quick Links
Our Experts Leadership Team Innovation Advisory Board
 
Board of Directors Sustainability
Insights
Insights

Explore Cytel’s Insights hub - your source for the latest news, event updates, and expert insights on advanced data analytics and data science.

Explore now
Quick Links
Perspectives News and Events Resource Library Publications
 
Careers
Careers

Join our innovative team at Cytel! Explore exciting career opportunities in data science and statistics, analytical methods, and regulatory strategy. Advance the future of human health with us.

Learn more
Quick Links
Connect with Us Join our Talent Network Find our Latest Opportunities
 
Contact Us
Contact us
Contact Us
Customer Support
Customer Support
Login to LiveSLR
Login to MyCytel
Login to CytelStore
Contact us
Contact Us
Customer Support
Customer Support

California Residents/CCPA Privacy Policy

Last Updated: January 2026

1. Introduction

The following additional California resident’s privacy disclosures (the “CA Disclosures”) supplement our Privacy Policy. These CA Disclosures apply only to how we collect, use and share the personal information of individuals located in California that we gather through our Online Platforms and that are within the scope of the California Consumer Privacy Act (“CCPA”). The “Online Platforms” include the U.S. websites, U.S. mobile apps and other digital properties like U.S. social media sites or pages, e-mail, U.S. cloud platforms, our proprietary hosted software, etc. that are owned and operated by Cytel and that link to Cytel’s Privacy Policy, including these CA Disclosures as well as certain third-party databases. This privacy statement also applies to the personal data we collect through other means e.g. hardcopy. “We” or “Cytel” mean Cytel Inc. and our family of companies, including our affiliates and subsidiaries.

Important note to keep in mind related to this Privacy Policy:

  • These CA Disclosures do not apply to our collection and use of personal information from residents outside of California. Consumers residing in other locations should see our general privacy notice at Privacy Policy.
  • Our Online Platforms are not intended for children under 13 years of age. We do not knowingly solicit information from, or market to, children under 13 years of age.
  • Our Online Platforms (such as our mobile, social media, or other services, sites, pages or materials) may have additional terms about the privacy or use of your information. Please review the privacy notice for the specific Online Platform you are using.
  • Wireless service providers, Internet service providers, device manufacturers and/or social media platforms may have their own privacy notices that are different from this one for the information they may access through your use of our Online Platforms. We encourage you to read their privacy notices as the collection, uses and disclosure of information by those third parties may be different than Cytel.

2. Definitions

Any terms defined in the CCPA have the same meaning when used in this policy. In particular:

Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include:

  • “publicly available information”, which means any of the following: (1) information that is lawfully made available from federal, state or local government records, (2) information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, and (3) information made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge;
  • lawfully obtained, truthful information that is a matter of public concern;
  • de-identified or aggregate consumer information; and
  • information excluded from the CCPA’s scope, like:
  • (1) health or medical information covered by the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or (2) other qualifying research data; or
  • (2) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act.

Sell,” “selling,” “sale,” or “sold,’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by a business to a third party for monetary or other valuable consideration.

Share,” “shared,” or “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by a business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

Please note a “sell/share” does not include when
(1) we disclose your personal information at your direction,
(2) we alert a third party that you have opted out of selling your personal information or have limited the use of your sensitive personal information, or
(3) we transfer personal information of a consumer as an asset to a third party as part of a merger, acquisition, bankruptcy or other transaction as described in the CCPA.

3. How We Collect, Use and Retain Personal Data

We collect and use personal information when you use our Online Platforms, including data provided by you, data we automatically collect, and data we obtain from third parties.

Personal Information Categories Chart

The chart below identifies which categories of personal information we collected from our consumers within the last twelve (12) months.

Category of Personal Information   Examples of Personal Information Collected
A. Identifiers

 

 

 Real name, alias, home address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES

 

 

 
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (“California Customer Records”). A name, signature, Social Security number, physical characteristics or description, photograph, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, membership in professional organizations, professional licenses and certifications, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

 YES

 

 
C. Protected classification characteristics under California or federal law (“Protected Classes“).

 

 Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision making, military and veteran status, or genetic information (including familial genetic information). NO

 

 
D. Commercial information

 

 Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES

 

 
E. Biometric information

 

 Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO

 
F. Internet or other similar network activity

 

 Activity on our websites, mobile apps, or other digital systems, such as internet browsing history, search history, system usage, electronic communications with us, postings on our social media sites.

 

 YES

 

 
G. Geolocation data

 

 Physical location or movements, such as the time and physical location related to use of our internet website, application, or device, and GPS location data from mobile devices of consumers who visit our websites or use our mobile apps.

 

 NO

 

 
H. Sensory data

 

 Audio, electronic, visual, thermal, olfactory, or similar information, including photographs, audio/video recordings, customer service call monitoring and store video surveillance. NO
I. Professional or employment-related information.

 

 Current or past job history or performance evaluations, information from resumes/cover letters, background screening information, and professional licenses.

 

 YES

 

 
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) (“FERPA Information“).

 

 Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO

 

 
K. Inferences drawn from other personal information.

 

 Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

 NO

 

 
L. Sensitive personal information. Further identified in the chart below

 

Sensitive Personal Information Categories Chart

If indicated in the table below, we may collect or disclose certain personal information that qualifies as “sensitive information” under CCPA.

Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.

The chart below identifies which sensitive personal information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months.

Sensitive Personal Information Category Collected to infer Characteristics?
L.1. Government identifiers, such as your Social Security number (SSN), driver’s license, state identification card, or passport number. NO

 
L.2. Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password. NO

 
L.3. Precise geolocation, such as physical store visits or physical locations when visiting websites or using mobile apps. NO

 
L.4. Racial or ethnic origin. NO

 
L.5. Citizenship or immigration status. NO

 
L.6. Religious or philosophical beliefs. NO

 
L.7. Union membership. NO

 
L.8. Mail, email, or text messages not directed to us. NO

 
L.9. Genetic data. NO

 
L.10. Neural Data, such as information generated by measuring a consumer’s central or peripheral nervous system’s activity that is not inferred from nonneural information. NO

 
L.11. Unique identifying biometric information. NO

 
L.12. Health information. NO

 
L.13. Sex life or sexual orientation information. NO

 

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you, such as from the forms or other information you provide to Cytel or its affiliates.
  • Indirectly from you, such as from your interactions with our Online Platforms or other online communications with us.
  • From our third-party vendors and service providers, such as order fulfillment, customer service support providers, data analytics providers, advertising networks, IT providers, and internet service providers.

How We Use Personal Information

Personal Information Collection, Use, and Disclosure Purposes

We may use and disclose the personal information, including sensitive personal information (if any) we collect to advance our business and commercial purposes, specifically to:

  • Process and complete your transactions including, as applicable, order confirmation, enrollment in our programs or events, product selection assistance, and delivering products, events, or services, including without limitation, providing white papers and case studies, processing payments for event registrations or software licenses (where applicable).
  • Authenticate you so that you can access our Online Platforms and conduct transactions on our Online Platforms.
  • Performing research and business analytics, and identifying usage trends;
  • Protecting our business and our customers against illegal activity;
  • Performing audits;
  • Operate our business, including without limitation, providing customer service, developing, offering, and delivering to you our products and services.
  • Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or to comply with legal requirements.
  • Fulfil the purposes for which you provided your personal information or that were described to you at collection, and as the CCPA otherwise permits.
  • Providing you with newsletters, articles, product or service alerts or announcements, discount codes, event invitations and other information that we believe may be of interest to you.
  • Notify you about changes to our products or services.
  • Administer our systems and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
  • Responding to your inquiries, fulfilling requests and requesting your feedback;
  • Tailoring and sending marketing communications from our affiliates and for selected third parties;
  • Servicing your account and marketing to you, including advertisements and other communications tailored to you, on our Online Platforms and third-party sites, as well as offline;
  • Recognizing you, your device or your browser when you use the Online Platforms so that we can facilitate navigation, display information more effectively, store your preferences and otherwise personalize your experience and enhance the use of the Online Platforms;
  • Developing new products and services;
  • Operating, maintaining, and protecting our Online Platforms;
  • Tracking responses to our e-mails and advertisements and measuring the success of our marketing campaigns;
  • Understanding your interests and preferences;
  • Expanding our business activities.
  • Enable your participation in our Online Platforms’ interactive, social media, or other similar features.
  • Make suggestions and recommendations to you and other consumers about our goods or services that may interest you or them, including developing profiles.
  • Manage your software licenses with us, including for:
    • account creation, maintenance, support, and security; and
    • reaching you, when needed, about your software account;
  • Administer and maintain Cytel’s systems and operations, including for safety purposes.
  • Engage in corporate transactions requiring review of consumer records, such as for evaluating potential mergers and acquisitions.
  • Comply with all applicable laws and regulations, which may include laws outside your country of residence, and to protect our companies, employees, or operations.
  • Exercise or defend the legal rights of Cytel and its worldwide employees, affiliates, customers, contractors, and agents.
  • Respond to law enforcement requests and as required by applicable law or court order, which may include laws outside your country of residence.

Sensitive Personal Information Collection, Use and Disclosure Purposes

We may use or disclose sensitive personal information (“SPI”) for the following statutorily approved reasons (“Permitted SPI Purposes”):

  • Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect.
  • Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
  • Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at Cytel.
  • Ensuring physical safety.
  • Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
    • disclose the sensitive personal information to another third party; or
    • use it to build a profile about you or otherwise alter your experience outside your current interaction with us.
  • Services performed for us, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for us.
  • Activities required to:
    • verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
    • improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.
  • Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.
  • Administer and maintain Cytel’s systems and operations, including for safety purposes.
  • Engage in corporate transactions requiring review of consumer records, such as for evaluating potential mergers and acquisitions.
  • Comply with all applicable laws and regulations and protect our companies, employees, or operations.
  • Exercise or defend the legal rights of Cytel and its employees, affiliates, customers, contractors, and agents.
  • Respond to law enforcement requests and as required by applicable law or court order.

We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes. For more on your right to limit this additional sensitive personal information use purposes, see Section Your Rights and Choices.

Additional Categories or Other Purposes

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.

We may collect, process, and disclose aggregated or de-identified consumer information for any purpose, without restriction. When we collect, process, or disclose aggregated or de-identified consumer information, we will maintain and use it in de-identified form and will not attempt to reidentify the information, except to determine whether our deidentification process satisfies any applicable legal requirements. 

Retention

We retain each category of personal information and sensitive personal information for only as long as is reasonably necessary to fulfill the purposes for which it was collected. To determine the appropriate retention period, we consider:

  • The duration of our relationship with you or your organization and the provision of our Online Platforms.
  • Legal requirements under applicable laws (such as statute of limitations, tax laws, or regulatory record-keeping obligations).
  • Whether retention is advisable in light of our legal position (such as for litigation, audits, or internal investigations).
  • Technical necessity and the sensitivity of the data, ensuring that sensitive personal information is retained for the minimum period necessary for its Permitted SPI Purposes.

4. Disclosing Personal Information

Business Purpose Disclosures

We may disclose the personal information we collect, including sensitive personal information, to third parties for the business purposes described in the Personal Information Collection, Use, and Disclosure Purposes section, such as to engage third parties to support our business functions. For example, we may disclose information from your visits to our Online Platforms to a cybersecurity consultant to help secure our Online Platforms.

We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the CCPA’s other contract requirements for engaging service providers or contractors.

The chart below identifies the categories of entities to whom we have disclosed our consumers’ personal information for a business purpose over the preceding 12 months, along with the personal information categories disclosed and recipient description.

Business Purposes Disclosure Recipient Category, Personal Information Category, and Purposes Chart

Category of Business Purpose Disclosure Recipients Personal Information Categories Disclosed Sensitive Personal Information Categories Disclosed Recipient Description
Affiliates, Subsidiaries, and Successors in Interest

 

 

 A. Identifiers.

B. California Customer Records.

C. Protected Classes

D. Commercial Information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients include parent entities, affiliates, subsidiaries, any other entity directly or indirectly controlling, controlled by, or under common control of Cytel, and entities who have acquired some or all of the business or assets, including through a merger, sale of assets, sale of stock or otherwise.
Professional Consultants or Advisors A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients include third party financial advisors, lawyers, accountants, and other professional consultants.
Customer Service Support Providers A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients include web hosting providers, IT providers, internet service providers, data analytic providers, and companies that provide business support services, financial administration, or event organization.
Business Partners A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients include companies that operate cookies and other tracking technologies, social media companies, data brokers, and other business partners who may use the data for their own marketing, research, or analytics purposes.
Transaction Vendors A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients are necessary to fulfill transactions and deliver products as requested by you such as third-party payment processors.
Service Providers A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients are used by us to conduct our business operations, including providing products and services to you such as web hosting providers, IT providers, internet service providers, data analytic providers, and companies that provide business support services, financial administration, or event organization.
Government/Legal Agencies A. Identifiers.

B. California Customer Records.

D. Commercial Information.

E. Biometric information.

F. Internet or other similar network activity.

G. Geolocation data.

K. Inferences.

 These recipients may require us to disclose information as required by law or regulations, such as law enforcement, and other recipients for legal, security, or safety purposes
We may also share personal information with any other third party to which you have consented to such disclosure.

Selling or Sharing Personal InformationWe Do Not Sell Your Personal Information

You have the right to know whether your personal information is being sold. Your personal information is “sold” when it is provided with a third party for monetary or other valuable consideration for a purpose that is not a “business partner” as set forth in the CCPA or other U.S. state data privacy laws. Please note a “sale” does not include when we disclose your personal information at your direction, or when otherwise permitted under law.

Cytel does not sell your personal information, so we do not offer an opt-out.

However, Cytel shares Personal Data in connection with its use of personalized advertising-related tracking technologies.

You have the right to opt-out of these tracking with third parties who are not our service providers (as those terms are defined by applicable laws) and/or to opt out of cross-context behavioral advertising and targeted advertising. Please select the “Customize Consent Preference” and select the appropriate Consent Preference to automatically opt-out of the sale or sharing of your Personal Data.

Finally, if your browser supports it, you can turn on the Global Privacy Control – https://globalprivacycontrol.org – to automatically opt-out of the sale or sharing of your Personal Data.

We do not knowingly “sell” (as defined in Cal. Civ. Code § 1798.140(ad)) your personal information, including sensitive personal information, to third parties, and have not sold it in the preceding 12 months.

We do not knowingly “share” (as defined in Cal. Civ. Code § 1798.140(ah)) your personal information with third parties for cross-context behavioral advertising purposes, and have not shared it in the preceding 12 months.

 

Your Rights and Choices

If you are a California resident, the CCPA grants you the following rights regarding your personal information:

Right to Know and Data Portability Requests

You have the right to request that we disclose certain information to you about our collection and use of your personal information (the “right to know“), including the specific pieces of personal information we have collected about you (a “data portability request“). Our response will cover the 12-month period preceding the request. You may exercise your right to know twice within any 12-month period. Once we receive your request and confirm your identity (see Section How to Exercise Your Rights), we will disclose to you:

  • The categories of:
    • personal information we collected about you; and
    • sources from which we collected your personal information.
  • The business or commercial purpose for collecting your personal information and, if applicable, selling or sharing your personal information.
  • If applicable, the categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of your personal information that we:
    • disclosed for a business purpose to each category of persons; and
    • sold or shared to each category of third parties.
  • When your right to know submission includes a data portability request, a copy of your personal information is subject to any permitted redactions.

For more on exercising this right, see Exercising the Rights to Know, Delete, or Correct.

Right to Delete and Right to Correct

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the “right to delete“). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it.

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct“). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.

For more on exercising these rights, see Exercising the Rights to Know, Delete, or Correct.

Right to Limit Sensitive Personal Information Use and Disclosure to Permitted SPI Purposes

You have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to just the CCPA’s Permitted SPI Purposes (the “right to limit“). For more on exercising this right, see Exercising the Right to Limit or Opt-Out.

For more on the Permitted SPI Purposes and our additional use purposes, see Sensitive Personal Information Use and Disclosure Purposes.

Right to Non-Discrimination

You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.

Personal Information Sales or Sharing Opt-Out and Opt-In Rights

You have the right to request that businesses stop sharing your personal information at any time (the “right to opt-out“), including through a user-enabled opt-out preference signal. Similarly, the CCPA prohibits businesses from selling or sharing the personal information of consumers it actually knows are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer’s parent or guardian for consumers under age 13 (the “right to opt-in“).

We do not knowingly collect personal information from children under the age of 13. If Cytel is made aware of collecting information from a child under 13, we will delete this personal information.

We cannot share your personal information after we receive your request to opt-out unless you later consent to the sharing of your personal information. For more on exercising your opt-out rights, see Exercising the Right to Limit or Opt-Out.

Additional Tracking Opt-Out Information

Like many online companies, we use services provided by Google, Facebook and others companies that use tracking technology. These services rely on online tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, about your interactions with websites, and about the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

Most browsers allow you to remove or reject cookies, including cookies used for interest-based advertising. If you wish to remove or reject cookies, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

How to Exercise Your Rights

Exercising the Rights to Know, Delete, or Correct

To exercise the right to know, data portability, delete, or correct described above, please submit a verifiable request to us by either:

Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including data portability, twice within a 12-month period.

Exercising the Right to Limit or Opt-Out

You can submit your request to limit or opt-out through:

Verification Process and Authorized Agents

Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your personal information.

We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relating to you. We will only use personal information provided in the request to verify the requestor’s identity or authority to make the request.

For requests to limit or opt-out, we ask for the information necessary to complete the request, which may include, for example, the consumer’s name, email address, or account username.

Responding to Your Requests to Know, Delete, or Correct

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the ten-day timeframe, please contact Privacy@cytel.com.

We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.

Any disclosures we provide will cover information for the 12-month period preceding the request’s receipt date.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Response and Timing on Rights to Limit or Opt-Out

In response to your request to limit or opt-out, we will process your request, as soon as feasibly possible, but no later than 15 business days from the date we receive the request. We will only use personal information provided from your request to comply with the request.

We will also notify our service providers, contractors, and certain other downstream recipients of your request to limit or opt-out and instruct them to both:

  • Comply with your request.
  • Forward the request to their own downstream recipients, if applicable.

We may deny opt-out requests if we have a good-faith, reasonable, and documented belief that the request is fraudulent and will clearly explain our denial decision to the requestor.

5. How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with our Online Platforms. In particular, e-mail, texts, and chats sent to or from the Online Platforms may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.

The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.

6. CCPA Rights Request Metrics

Metrics regarding the consumer rights requests we received from [all individuals/California residents] from January 1, [2025] through December 31, [2025] are available as below. We have received NIL requests.

7. Updates to the Disclosures

These Disclosures are subject to occasional revision and will be updated from time to time. Any changes will be made available on this page.

8. Contact Information

If you have any questions or comments about these CA Disclosures, the ways in which we collect and use your information described here please do not hesitate to contact us at:

Cytel Inc.

Att: Privacy

675 Massachusetts Avenue

Cambridge MA 02139

Privacy@cytel.com

DPO@cytel.com

If you need to access these CA Disclosures in an alternative format due to a disability, please contact Privacy@cytel.com and/or + 1 (617) 661-2011.