1 Introduction

Pillar Biosciences (“we,” “us,” or “our”) is committed to protecting the privacy of personal information we collect in connection with the development, manufacturing, and provision of Next-Generation Sequencing (NGS)-based assays. This Privacy Policy describes how we collect, use, share, and safeguard personal and health information provided by individuals, healthcare providers, and other stakeholders.

2 Scope

This Privacy Policy applies to all information collected by Pillar Biosciences through our websites, applications, services, and interactions with customers and business partners in relation to our NGS-based assays. It also applies to information collected during clinical trials, research studies, or other activities involving the use of our diagnostic products.

3 Information We Collect

We may collect the following types of information:

• Personal Information: Information that can identify an individual, such as name, contact details (phone number, email address, postal address), date of birth, and other identifying information.
• Health Information: Information related to an individual’s health or medical conditions, such as genetic data, test results, medical history, and other health-related information.
• Device and Technical Information: Information collected through the use of our websites or applications, such as IP address, browser type, operating system, and cookies.

4 How We Collect Information

We collect information in the following ways:

• Directly from Individuals: When individuals use our services, participate in clinical trials, or contact us for support or inquiries.
• From Healthcare Providers: When healthcare providers use our assays as part of their clinical services, they may provide us with information about their patients.
• Through Research and Clinical Trials: As part of our research and development activities, including clinical trials and studies involving our NGS-based assays.
• Automatically: Through the use of cookies and other tracking technologies when individuals visit our websites or use our online services.

5 Use of Information

We use the information we collect for the following purposes:

• To Provide and Improve Services: To develop, manufacture, and improve our NGS-based assays, and to deliver results to healthcare providers and patients.
• Research and Development: To conduct research, validate our products, and support clinical trials to improve our diagnostic offerings.
• Compliance with Legal Obligations: To comply with applicable laws and regulations, including those related to medical device quality, safety, and reporting obligations.
• Communication: To communicate with healthcare providers, patients, and other stakeholders about our products, services, and updates.
• Data Analysis and Quality Control: To analyze data and maintain the quality and safety of our diagnostic products.

6 Disclosure of Information

We may share personal and health information with third parties under the following circumstances:

• With Healthcare Providers: To share test results and other relevant information as part of diagnostic services.
• With Business Partners: For collaboration in research, clinical trials, or co-development of products, provided that these partners agree to maintain the confidentiality of the information.
• With Regulatory Authorities: To comply with reporting requirements or regulatory submissions to agencies such as the U.S. Food and Drug Administration (FDA) or the European Medicines Agency (EMA).
• With Service Providers: For processing data on our behalf, such as cloud storage providers, IT service providers, or laboratories, subject to agreements that ensure the protection of the data.
• In the Event of a Business Transaction: If we are involved in a merger, acquisition, or sale of assets, personal and health information may be transferred as part of that transaction.

We do not sell personal information to third parties.

7 Data Security

We take appropriate technical and organizational measures to protect the security and confidentiality of the information we collect, including:

• Encryption: Data encryption at rest and in transit to safeguard against unauthorized access.
• Access Controls: Limiting access to personal and health information to authorized personnel only.
• Regular Security Audits: Conducting regular audits of our data protection measures and systems.
• Training: Providing privacy and security training to all employees handling personal and health information.

8 Data Retention

We retain personal and health information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable laws and regulations. After the retention period expires, information will be securely deleted or anonymized.

9 Individual Rights

Individuals whose personal information we process have the following rights, subject to applicable laws:

• Right to Access: The right to request access to the personal information we hold about them.
• Right to Correct: The right to request corrections to any inaccurate or incomplete information.
• Right to Deletion: The right to request deletion of personal information, subject to certain conditions.
• Right to Restrict Processing: The right to request that we limit the processing of their personal information.
• Right to Data Portability: The right to request a copy of their personal information in a commonly used format.

Individuals wishing to exercise these rights can contact us using the details provided in Section 12 of this Privacy Policy.

10 International Data Transfers

Pillar may transfer personal information to countries outside the individual’s country of residence, including the United States, for processing and storage. When doing so, we will ensure that appropriate safeguards are in place to protect the information, such as standard contractual clauses or other mechanisms recognized under applicable data protection laws.

11 Cookies and Tracking Technologies

Our websites and online services use cookies and similar tracking technologies to enhance user experience, analyze website performance, and provide targeted advertising. Users can control cookie preferences through their browser settings. For more information, please refer to our Cookie Policy.

12 Contact Information

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Sean Snyder – Privacy Officer / Director of QA/RA
9 Strathmore Road, Natick MA 01760
(508) 655-3027
snyders@pillarbio.com

13 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Any updates will be posted on our website with the updated effective date. We encourage you to review this Privacy Policy periodically for any changes.