Contact
Find a Physician

Consumer Health Data Privacy Policy

Effective as of March 1, 2026

This Consumer Health Data Privacy Policy (this “Policy”) describes how Calyxo, Inc. (“Calyxo,” “we”, “us” or “our”) processes consumer health data that we collect through our digital or online properties or services that link to this Policy (including as applicable, our websites and social media pages) as well as associated marketing activities and any other activities described in this Policy (collectively, the “Services”).
This Policy applies only to “consumer health data” as that term is defined under applicable U.S. state laws that require us to maintain this Policy, such as Washington’s My Health My Data Act and Nevada’s Consumer Health Data Privacy Law (“Consumer Health Data”). This Policy does not govern health-related data that we or our partners collect or use in connection with clinical trials or other research, or any other health information that is not governed by applicable consumer health data privacy laws.
This Policy supplements our general Privacy Policy and only applies to individuals from Washington, Nevada, or other states which may in the future require us to provide disclosures specific to Consumer Health Data. In the event of a conflict between our Privacy Policy and this Policy, this Policy applies to the extent that it is consistent with applicable U.S. state law.

Consumer Health Data We Collect.

Depending on how you interact with us, including whether your healthcare provider contacts us related to our patient assistance program or for other purposes, we may collect different types of Consumer Health Data about you. Consumer Health Data you may provide to us through the Services or otherwise includes:
  • Contact information, such as your first and last name, salutation (e.g., Mr., Mrs., Ms.), email address, billing and mailing addresses, professional title and company name, and phone number, to the extent related to health status, diagnosis, disease or treatment.
  • Demographic data, such as your city, state, country of residence, postal code, and age, to the extent related to health status, diagnosis, disease or treatment.
  • Communications data, such as records of your communications with us, including when you fill out a form or contact us through the Services, social media, or otherwise.
  • Transaction data, such as records relating to your use or purchase of medications and information relating to or needed to complete your prescription orders on or through the Services or to determine eligibility for patient assistance programs and services, including insurance, billing and payment information.
  • Marketing data, such as information that could identify your attempt to seek health care services, products or information.

Consumer Health Data We Collect Automatically.

When you use our Services, we collect some information through certain technical tracking technologies that may be considered Consumer Health Data, including when such information could reasonably indicate your attempt to seek or receive health care services, products or information. For example:
  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
  • Communication interaction data, such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Consumer Health Data We May Create, Infer or Generate.

We may create, infer or generate Consumer Health Data from other data we collect, including using automated means to generate information about your likely preferences or other characteristics.

Sources of Consumer Health Data.

We may obtain the types of Consumer Health Data described above from the following sources:
  • You, such as when you access or use our Services, complete a contact form, communicate with us or otherwise interact with us.
  • Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
  • Data providers, such as information services and data licensors.
  • Caregivers, such as family members, health care professionals and medical institutions.
  • Service providers that provide services on our behalf or help us operate the Services or our business.
  • Business transaction partners. We may receive personal information in connection with an actual or prospective business transaction. For example, we may receive your personal information from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.

How We Use Your Consumer Health Data

We use Consumer Health Data for purposes described in this Policy or as otherwise disclosed to you. For example, we use Consumer Health Data for the following purposes:
Purpose of Use
Categories of Consumer Health Data
Service operations: To provide, operate, and secure the Services.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Service personalization: Understanding your needs and interests, personalizing your experience with the Services and our Service-related communications, remembering your selections and preferences as you navigate webpages
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Business administration: Administration and operation of our business and business planning activities, including to analyze, adapt and improve our business.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Personalization: To personalize your experience with the Services (including remembering your selections and preferences as you navigate).
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Marketing: As permitted under applicable law, to provide you with information about our services.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Communications: To address any contact you might have with us, including by using the ‘Contact us’ or similar function on the Services or via any other method of communication (e.g., by email or social media), to address any issues arising from such contacts (including replying to you), to respond to your requests (for instance if you send us an email), and to provide important notices and updates.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Compliance and protection. To comply with applicable laws, regulatory requirements, lawful requests, and legal process (such as to respond to disclosure orders, as well as demands, investigations or requests made by regulators, governments, courts and law enforcement authorities; to record, report on and monitor the safety and quality of our products in compliance with our regulatory obligations; to protect our, your or others’ rights, privacy, safety or property, including by making and defending legal claims); to audit our internal processes for compliance with legal and contractual requirements or our internal policies; to enforce the terms of agreements that govern access to the Services; and to prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Improvement and analytics. To improve our day-to-day operations, including for internal purposes such as auditing, data analysis and research to help us deliver and improve our Services; to monitor and analyse trends, including your usage and activities on the Services in connection with our products and services; to understand which parts of our Services are of the most interest and to improve them; to improve our products and services and our communications to you.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you and will not reidentify such data except as otherwise permitted by applicable law. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data
Corporate events. To facilitate or carry out any corporate events, such as investments in or financings of Calyxo, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares (including providing Consumer Health Data to allow third parties to conduct diligence into – and, where relevant, to continue to operate – all or relevant part(s) of our operations).
Contact information, communications data, marketing data, user-generated content data, technical data, analytics data

How We Share Your Consumer Health Data

We may “share” (as applicable U.S. state laws define that term) Consumer Health Data with your consent or as we determine necessary to provide the Services to you, or as otherwise permitted or required by law. For example, we may share your Consumer Health Data with:

Authorities and others.

We will access, share, and preserve Consumer Health Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. We will also share Consumer Health Data if we believe it is necessary to protect our customers and/or the rights or property of ourselves or others.

Your Consumer Health Data Choices

You may have certain rights to your Consumer Health Data under applicable laws. Any of the rights discussed below may be subject to certain limitations (for example, a monetary charge).
Withdraw consent. To the extent we rely upon your consent for either our collection or sharing of your Consumer Health Data, you have the right to withdraw such consent from any future collection or sharing.
Access and confirm. You have the right to ask us to confirm whether we have collected, shared or sold your Consumer Health Data. Further, you have the right to access (in other words, request a copy of) the Consumer Health Data that we have collected, shared or sold. You also have a right to access a list of all “third parties” (as applicable U.S. state laws define that term) and affiliates with whom we have shared or sold your Consumer Health Data and receive certain corresponding information.
Correction. You have the right to ask us to correct inaccuracies in your Consumer Health Data.
Deletion. You have the right to ask us to delete your Consumer Health Data.
Appeal. You have the right to appeal our denying a right you have attempted to exercise. We will provide details on how to appeal our denial in connection with such action.
To exercise your rights above and make a Consumer Health Data rights request, please email us at marketing@calyxoinc.com. We may need to verify your identity in order to process your request. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you (such as government identification), which we will only use to verify your identity, and for security or fraud-prevention purposes.
Declining to provide information. We need to collect Consumer Health Data to provide certain services. If you do not provide the information we identify as required or mandatory, or if you request that any required Consumer Health Data be deleted or withdraw your consent for future collection or sharing of any required Consumer Health Data, we may not be able to provide those services.

Changes to this Policy

We reserve the right to modify this Policy at any time. If we make material changes to this Policy, we will notify you by updating the date of this Policy and posting it on the Services or other appropriate means. Any modifications to this Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Policy indicates your acknowledging that the modified Policy applies to your interactions with the Services and our business.

How to contact us

Email: marketing@calyxoinc.com

MA00171-07.A

Contact Us for More Information About the CVAC System Procedure

This field is for validation purposes and should be left unchanged.
Checkboxes(Required)

MA00171-01.A