SpyGlass Pharma Website Privacy Policy

Effective Date: January 16, 2026

Last Updated: December 19, 2025

SpyGlass Pharma, Inc. (“SpyGlass,” “we,” “our,” or “us”) is committed to protecting the privacy of individuals who visit our website at www.spyglasspharma.com or otherwise interact with us online. This Privacy Policy describes the types of personal information we may collect, how we use it, and the privacy rights available to you. SpyGlass is the controller when processing your personal information as described in this Privacy Policy.

This Privacy Policy applies only to personal information collected through our website and related online services (“Services”). It does not apply to personal information collected through clinical studies, patient programs, employment applications, or other business operations subject to separate agreements or legal requirements. As used in this Privacy Policy, “personal information” means any information relating to an identified or identifiable individual. Where applicable, we indicate whether and why you must provide us with your personal information, as well as the consequences of failing to do so. If you do not provide your personal information when requested, you may not be able to use the full extent of the Services if that personal information is necessary to provide you with the Services or if we are legally required to collect it.

1. Personal Information We Collect

We may collect or receive limited categories of personal information through our Services, such as:

• Identifiers: name, email address, phone number, company affiliation, or other contact details you choose to provide.
• Internet or network activity: IP address, browser type, and limited analytics data such as page views or time spent on the site.
• Professional or employment information: job title, organization, or business contact information if you communicate with us in a professional capacity.
• Communication content: messages or inquiries submitted through web forms or contact pages.

We do not collect or store sensitive personal information, medical data, or financial details through our Services.

2. How We Use Personal Information

We may use the personal information described above for:

• Responding to inquiries or requests.
• Managing, improving, and securing our website.
• Communicating about our research, technologies, or corporate updates.
• Complying with applicable legal or regulatory obligations.
• Protecting against unauthorized access, fraud, or misuse of our systems.

We do not sell or share personal information for marketing purposes.

4. Disclosure of Personal Information

SpyGlass may disclose limited personal information to:

• Vendors and service providers that support our website operations, analytics, or communications.
• Legal or regulatory authorities when required by law or to protect our rights or those of others.
• Corporate transaction participants (e.g., merger or acquisition) where necessary for due diligence or transition.

We do not disclose personal information to unrelated third parties for independent use.

5. Cookies and Online Tracking

We use cookies and similar technologies to understand how visitors use our site and to improve its performance.
Examples include:

• Session cookies for site functionality and security.
• Analytics cookies through services like Google Analytics to analyze aggregated site traffic.

You may adjust your browser settings to refuse or delete cookies. For more information about Google’s data practices and to opt out, visit https://policies.google.com/technologies/partner-sites or https://tools.google.com/dlpage/gaoptout.

For more information, please see the full SpyGlass Pharma cookie policy.

6. Clinical and Research Data Disclaimer

Our website is not intended to collect, process, or store clinical trial data, patient health information, or medical records. Any personal or health information processed by SpyGlass Pharma in connection with research, development, or clinical studies is handled under separate regulatory, contractual, and ethical requirements in accordance with applicable law.

7. Links to Other Websites

This website may contain links to third-party websites. SpyGlass is not responsible for the content, privacy practices, or data collection policies of those sites. We encourage visitors to review the privacy policies of any external site they access.

8. Data Security

SpyGlass maintains reasonable technical, administrative, and organizational safeguards to protect personal information from unauthorized access, loss, or misuse. However, no online system is completely secure, and we cannot guarantee absolute protection of transmitted data.

9. Retention

We retain personal information about you for as long as reasonably necessary to provide you with our Services or otherwise in support of our business or commercial purposes. When you request that we do so, we take measures to delete your personal information or keep it in a form that does not permit identifying you when this personal information is no longer reasonably necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When we process personal information for our own purposes, we determine the retention period taking into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrollment with our services, the impact on the services we provide to you if we delete some personal information from or about you, and mandatory retention periods provided by law and the statute of limitations.

10. Children’s Privacy

Our website is not directed to, or intended for, individuals under the age of 18. We do not knowingly collect any information from minors. If we learn that we have inadvertently received such information, it will be promptly deleted.

11. Your Privacy Rights

California residents have the following rights regarding their personal information under the California Consumer Privacy Act (CCPA/CPRA):

• The right to know the categories of personal information we collect and how it is used.
• The right to request deletion of personal information, subject to legal exceptions.
• The right to correct inaccurate personal information.
• The right not to be discriminated against for exercising these rights.

Based on your location, you may have additional rights described below:

• You may request access to the personal information we maintain about you, update, and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, request not to be subject to a decision based solely on automated processing including profiling, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
• You may withdraw any consent you previously provided to us regarding the processing of your personal information at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

To exercise these rights, you may contact us using the information below. We will verify your identity before processing any request. Please note that there are exceptions and limitations to each of these rights.

12. International Visitors

Our Services are hosted in the United States (“U.S.”) and intended for visitors located within the U.S. If you choose to use our Service from the European Economic Area, the UK or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the U.S. for storage and processing. We may transfer personal information from the European Economic Area or the UK to the U.S. and other third countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, with your consent, to perform a contract with you, or otherwise in accordance with applicable data protection laws. For more information about the tools that we use to transfer personal information, or to obtain a copy of the contractual safeguards we use for such transfers (if applicable), you can contact us as described below.

We may also transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services. By providing any information, including personal information, on or to our Services, you consent to such transfer, storage, and processing.

13. Contact Information

If you wish to contact us to exercise your data rights, or ask about our data processing, you may do so using the following methods:

• Email: privacy@spyglasspharma.com
• Mail: SpyGlass Pharma, Inc.
  27061 Aliso Creek Rd., Suite 100
  Aliso Viejo, CA 92656

If you are based in the EU/EEA, UK, or Switzerland, and wish to contact us via our GDPR Representative, DataRep, you may do so at:

• Email: datarequest@datarep.com
• Website: https://www.datarep.com/data-request/
• Click here for a full list of contact location address(es)

14. Updates to This Policy

We may revise this Privacy Policy periodically. Any updates will be posted to this page with a new “Last Updated” date.