Privacy Policy

Effective as of September 30, 2025. 

This Privacy Policy (“Privacy Policy”) describes the privacy practices of Marrow Therapeutics, Inc., and our subsidiaries or affiliates (collectively, “Marrow,” “we”, “us” or “our”), and how we handle personal information that we collect through our digital properties that link to this Privacy Policy, including our website (the “Service”), as well as through other activities described in this Privacy Policy. 

Marrow may provide additional or supplemental privacy notices to individuals for specific products or services that we offer at the time we collect personal information. For example, in relation to our clinical trials, we will provide privacy notices to trial participants or candidates to participate in our clinical trials. These additional or supplemental privacy notices will govern how we may process the information in the context of the specific product or service.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, salutation, email address, mailing address, professional title and company name, and phone number.

  • Communications data that we exchange with you, including when you contact us with questions or feedback, through the Service or otherwise.

  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.

  • Job application data, such as professional credentials and skills, educational and work history, LinkedIn profile page, personal website, authorization to work in the U.S., immigration status, criminal history, and other information that may be included on a resume or curriculum vitae as well as in a cover letter. This may also include diversity information that you voluntarily provide.

  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.

  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our marketing emails or clicked links within them.

Cookies and similar technologies. Like many online services, we use the following technologies:

  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating analytics and online advertising. Our sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them). Some of these cookies are served by third party service providers or business partners and can be used by these parties to recognize your computer or mobile device when it visits the Service and other online services.

  • Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.

These cookies and other technologies may be employed for the following purposes:

  • Analytics. Analytic cookies help us understand how our Service performs and is being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients. For example, we use Google Analytics to help us understand user activity on the Service. You can learn more about Google Analytics cookies at https://developers.google.com/analytics/resources/concepts/gaConceptsCookies and about how Google protects your data at http://www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our sites by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en. 

  • Essential. Essential cookies are necessary to allow the technical operation of our Service (e.g., remember preferences you set or information you entered on a previous page).

Data about others. Service visitors may have the opportunity to refer other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have someone’s permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal information to:

  • provide, operate and improve the Service and our business;

  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;

  • understand your needs and interests, and personalize your experience with the Service and our communications; and

  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Direct marketing. We may send you Marrow-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the Opt-out of marketing section below. 

Interest-Based Advertising. We may work with third-party advertising companies and social media companies to help us advertise our business. These companies may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other sites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.

 To manage our recruiting and process employment applications. We may use personal information, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;

  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);

  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;

  • enforce the terms and conditions that govern the Service; and

  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft. 

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law. 

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection. 

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Third parties (such as companies and individuals) that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics).

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business and Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, surveys, special offers, or other events or activities in connection with our Service. We may also share or permit the collection of your personal information by advertising companies that we work with, such as companies that collect activity on the Service and other online services to help us advertise our products and service and/or that use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations and due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Marrow or our affiliates (including, in connection with a bankruptcy or similar proceedings). 

Your choices

You have the following choices with respect to your personal information.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. 

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Advertising Choices. You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites below:

Many of the opt-out preferences described here must be set on each device and/or browser for which you want them to apply. Please note that we also may work with companies that offer their own opt-out mechanisms or do not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Other sites and services

The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

Internation data transfer

Marrow is headquartered in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any applicable terms of service.

Notice to California Residents

Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with Marrow are entitled to ask us once a year for information regarding the personal information we have shared, if any, with third parties for their direct marketing purposes. If you are a California resident and would like to submit such a request, please submit your request in writing to the email address listed in the section titled “How to contact us” below with “Shine the Light” in the subject line. The request must include your name, street address, city, state, and ZIP code and an attestation that you are a California resident. We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.

Notice to Nevada Residents

Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, please submit your request to the email address listed at the end of this Privacy Policy with “Nevada Opt-Out” in the subject line.

Notice to European Residents

The information provided in this section applies only to individuals in the European Economic Area and the United Kingdom (collectively, “Europe”). Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. The controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is Marrow Therapeutics, Inc.

Legal Bases for Processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us as provided at the end of this Privacy Policy.

  • Legal Basis

  • Processing is necessary to perform the contract governing our operation of the Service, or to take steps that you request prior to engaging our services. Where we cannot process your personal information as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interests as further described in this Privacy Policy. 

  • Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy.

  • Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented or via the relevant portion of the Service.

  • Where such consent is not required by applicable law, we process your personal information for this purpose based on our legitimate interests in promoting our business and providing you with tailored, relevant content.

  • Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.

  • Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or via the relevant portion of the Service. 

Use for New Purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Your Rights. European data protection laws may give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.

  • Correct. Update or correct inaccuracies in your personal information.

  • Delete. Delete your personal information.

  • Port. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

  • Restrict. Restrict the processing of your personal information.

  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by emailing info@marrowtx.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here.

Cross-Border Data Transfer. If we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us at info@marrowtx.com for further information about any such transfers or the specific safeguards applied.

Children

The Service is not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Service from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it as soon as possible. If you believe we have any personal information collected online from a minor under 18, please contact us as set forth at the bottom of this Privacy Policy.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the effective date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

If you have any questions or concerns about our Privacy Policy or any other privacy or security issue, please contact us at info@marrowtx.com.