Curi Bio, Inc. GDPR Privacy Notice

Effective Date: 5/22/2026

Curi Bio, Inc. (“Company,” “we,” or “us”) values your privacy.  This GDPR Privacy Notice (“Notice”) applies to people located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland. If you are in the EEA, we will process your personal data in accordance with the European Union’s General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”). If you are in the UK, we will process your personal data in accordance with the UK General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 (“UK GDPR”). If you are in Switzerland, we will process your personal data in accordance with the Swiss Federal Act on Data Protection (“Swiss FADP”). We refer to these laws collectively as (“GDPR”)

In this Notice, we describe how we process your personal data, including when you register to attend and attend one of our webinars, request or respond to marketing communications, visit our website, or otherwise interact with us.

Please read this Notice carefully. This Notice is for informational purposes and is not a contract between us.

1. Data Controller

Curi Bio, Inc. is the Data Controller with respect to the operation of our website and the processing of personal data we collect from or about you as described in this Notice.

2. Purposes For Which We Process Personal Data

3. Lawful Basis for Processing. We use the following lawful basis for processing your personal data

  • Legitimate Interest: We have a legitimate interest in operating our business and promoting our products and services, such as to administer webinars, responding to questions, maintain business relationships, and promote relevant products and services to business contacts.

  • Consent: When we ask for your consent, you are free to accept or reject that request. You will be provided with options when we seek your consent. You can revoke your consent at any time by contacting us using the contact information below.

  • Legal Obligations: We may also process personal data for other lawful bases permitted under GDPR, such as when the processing is necessary for us to comply with our legal obligations.

4. Categories of Personal Data We Process

We may process the following categories of personal data:

  • Identity Information – first name, last name, username or similar identifier

  • Contact Information – country or location, business email address, and business phone number (if you provide it)

  • Technical Data: data we collect when you visit our website, such as IP address, browser type, and device identifiers

  • Employment Information – your job title and employer

5. Categories of Recipients of your Personal Data

We may disclose or share your personal data with the following categories of recipients:

  • Service Providers: We may disclose your personal data to service providers that perform services on our behalf, such as webinar hosting, customer relationship management, email hosting, internal company communications, analytics, and cloud hosting or storage. We require such service providers to process personal data on our behalf pursuant to appropriate contractual restrictions and to protect it as required by applicable law. If you would like additional information about relevant categories of service providers, please contact us using the information below.

  • Third Parties:  We may share your personal data with third party marketing and analytics partners who serve targeted advertising or collect data analytics when you visit our website.

  • Professional Advisors: We may share personal data with our professional advisors, such as accountants, auditors, financial advisors, business advisors, and attorneys, where reasonably necessary for our business operations, legal compliance, or the establishment, exercise, or defense of legal claims.

  • Courts and Law Enforcement: Where required by applicable law.

  • Parties to a Business Transaction: We may share your personal data with persons or entities who express a bona fide interest in purchasing some or all of our assets or equity, parties to a due diligence process, successors in the case of a merger or other change of control, or if we are subject to a bankruptcy, liquidation, or similar transaction. If we complete such a transaction, we will transfer your personal data to the successor, and your personal data will be subject to that party’s privacy policy.

6. Sources of Personal Data

We may collect personal data from the following sources: (a) directly from you, such as when you register for or participate in a webinar, communicate with us, request information, or otherwise interact with us; (b) automatically through technologies used when you visit our website; and (c) from third parties, such as service providers, marketing partners, platform providers, event partners, and business networking partners, where permitted by applicable law.

7. Cookies and Other Tracking Technologies

We use cookies and similar technologies on our website to operate the website, remember your preferences, understand how visitors use the website, and support analytics and advertising activities. Where required by applicable law, including in the EEA, we will obtain your consent before using cookies or similar technologies that are not strictly necessary for the operation of the website. You may withdraw your consent or manage your preferences at any time through the cookie settings tools made available on our website or through your browser settings.

We use the following categories of cookies on our website:

Necessary Cookies. Cookies that are necessary for the website to function properly and support the functionality and security of the website.

  • HubSpot Consent Management Platform. We use HubSpot’s consent management tools to help present cookie choices, record and manage consent preferences, and, where required by applicable law, obtain consent before using cookies and similar technologies that are not strictly necessary for the operation of the website.

You may withdraw your consent or modify your preferences at any time through the cookie settings tools made available on our website.

Preference Cookies. We use cookies to help remember your preferences, such as language and similar website settings.

Analytical Cookies. We use analytics cookies to understand how visitors use our website, evaluate website performance, and improve website functionality and user experience.

  • Google Analytics. We may use Google Analytics to help us understand how visitors use our website, including by collecting information about pages visited, time spent on pages, links clicked, browser type, device information, and similar usage data. We use this information to analyze and improve website performance and functionality. Google Analytics uses cookies and similar technologies that may collect and transmit data to Google servers in the United States. You can learn more about Google’s privacy practices at https://policies.google.com/privacy and opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

  • HubSpot. We may use HubSpot tools and services to support website functionality, forms, communications, analytics, customer relationship management, and related marketing activities. HubSpot may use cookies and similar technologies to collect information regarding your interactions with our website, submissions through forms, preferences, and communications with us. We use this information to operate and improve our website, manage communications, and support our business and marketing activities. For more information about HubSpot’s data practices, please visit https://legal.hubspot.com/privacy-policy.

  • Microsoft Clarity. We may use Microsoft Clarity to better understand how users interact with our website through behavioral metrics, heatmaps, and session replays. This means that your interactions with our website, including mouse movements, clicks, and scrolling behavior, may be recorded and analyzed to help us improve website functionality, site optimization, and user experience. Microsoft Clarity does not collect personal information such as passwords or payment details from form fields. For more information about Microsoft’s data practices, please visit https://privacy.microsoft.com/privacystatement. You can learn more about Microsoft Clarity at https://clarity.microsoft.com.

Targeted Advertising Cookies. We use certain cookies and similar technologies to measure the effectiveness of our advertising and to display advertising that may be more relevant to your interests.

  • Google Remarketing. We may use Google remarketing technologies to support our advertising activities. These technologies may use cookies and similar technologies to help us measure the effectiveness of our advertising and display advertisements to users who have previously visited our website or interacted with our content. Google may collect information about your browsing activity across websites to deliver personalized advertising. You can opt out of Google’s use of cookies for advertising by visiting Google’s Ads Settings at https://adssettings.google.com or by visiting the Network Advertising Initiative opt-out page at https://optout.networkadvertising.org. For more information about Google’s privacy practices, please visit https://policies.google.com/privacy.

  • Microsoft Advertising. We may use Microsoft Advertising technologies to support our advertising and marketing activities, including to measure the effectiveness of advertising campaigns, understand user interactions with our website, and support the delivery of advertising content. These technologies may use cookies and similar technologies to collect information about your device, browser, and interactions with our website and advertisements. You can opt out of personalized advertising from Microsoft by visiting https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads or by adjusting your privacy settings at https://account.microsoft.com/privacy. For more information about Microsoft’s privacy practices, please visit https://privacy.microsoft.com/privacystatement. Where required by applicable law, we will obtain consent before using such technologies.

  • LinkedIn Ads. We may use LinkedIn advertising technologies to support our advertising and marketing activities, including to measure the effectiveness of advertising campaigns, understand user engagement with our website and content, and support the delivery of advertising content. LinkedIn may use cookies and similar technologies to collect information about your interactions with our website and related online services. You can manage your LinkedIn advertising preferences by visiting https://www.linkedin.com/psettings/advertising. For more information about LinkedIn’s privacy practices, please visit https://www.linkedin.com/legal/privacy-policy.

8. Sensitive Data

We do not intentionally collect special categories of personal data in connection with the activities described in this Notice. Please do not provide special categories of personal data to us unless we specifically request it.

9. Security

We implement reasonable technical and organizational measures designed to protect personal data, taking into account the nature of the personal data and the risks associated with the processing.

10. International Transfers of Personal Data

We are located in the United States, and your personal data will be transferred to and processed in the United States. The United States may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we will implement appropriate safeguards for such transfers, which may include the Standard Contractual Clauses adopted by the European Commission or other valid transfer mechanisms. You may request additional information about applicable transfer safeguards by contacting us at privacy@curibio.com.

11. How Long We Keep Your Personal Data

We retain personal data for as long as reasonably necessary for the purposes described in this Notice, including to maintain business records, comply with legal obligations, resolve disputes, and enforce our agreements. In general, we expect to retain personal data associated with marketing and similar interactions for up to 24 months after your last meaningful engagement with us, unless a longer retention period is required or permitted by law.

12. Automated Decision-Making

We do not use solely automated decision-making, including profiling, in a manner that produces legal or similarly significant effects in connection with the activities described in this Notice.

13. Your GDPR Rights

You have certain rights under the GDPR with respect to our processing of your personal data. Subject to applicable law, these rights may include the following:

  • Right to request  access to your personal data.

  • Right to rectification.

  • Right to erasure, sometimes referred to as the right to be forgotten

  • Right to restriction of processing

  • Right to data portability.

  • Right to object to the processing of your personal data.

  • Where we rely on your consent, the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

14. How to Exercise Your GDPR Rights

To exercise your GDPR rights, please submit a request to privacy@curibio.com or contact us using the information below. We may need to verify your identity before responding to your request, as permitted by applicable law.

15. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with the supervisory authority in the EEA member state of your residence, place of work, or the place of the alleged infringement.

16. Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other operational needs. When we do, we will update the Effective Date at the top of this Notice. If required by applicable law, we will provide additional notice of material changes. We encourage you to review this Notice periodically.

17. Contact Information

To contact us to exercise your data subject rights or request additional information about how we process personal data, please contact us using the information below:

Curi Bio, Inc.

201 Elliott Avenue West, Ste 210

Seattle, WA 98119

Phone: 1 (800) 913-4403

Email: privacy@curibio.com