TRIANA BIOMEDICINES, INC.

PRIVACY POLICY

Effective Date: March 19, 2026

Triana Biomedicines, Inc. (“Triana,” “we,” “us,” or “our”) is committed to respecting the privacy of individuals and safeguarding personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website, business operations, recruitment activities, and clinical research, and describes the rights available to individuals under applicable privacy and data protection laws.  By “personal data” or “personal information” we mean information that identifies or is capable of identifying an individual.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected by Triana in the following contexts:

  • Visitors to our website

  • Job applicants and prospective employees

  • Business contacts, vendors, collaborators, investigators, and advisors

  • Individuals who interact with Triana in the course of our business operations

2. Personal Information We Collect

A. Information You Provide to Us

Depending on your interaction with Triana, we may collect:

  • Contact Information (e.g., name, job title, company, email address, telephone number, mailing address)

  • Career and Recruitment Information (e.g., résumé/CV, education, employment history, references, application materials)

  • Clinical Research Information (for clinical trial participants, as described in the informed consent, such as initials, birth year, gender, race, ethnicity, and health-related information)

  • Other Information you voluntarily provide to us

B. Information Collected Automatically (Website Analytics)

Our website collects basic analytics information only, such as:

  • Internet Protocol (IP) address

  • Browser type and operating system

  • Referring/exit pages

  • Date/time of access

  • Aggregate website usage data

This information is used solely to operate, secure, and improve our website and is analyzed in aggregate.  We do not use this information for cross-context behavioral advertising, profiling, or any purpose that would constitute a “sale” or “sharing” of personal information under the CPRA.

C. Information from Third-Party Sources

We may receive professional or business contact information from third-party sources (such as LinkedIn or similar platforms) to verify or supplement information you provide and to support our recruitment, collaboration, or business development activities.

3. How We Use Personal Information

Triana uses personal information for the following purposes, as permitted by law:

  • Conducting and supporting clinical research and analyzing research results

  • Processing job applications and recruitment activities

  • Communicating about Triana, our research programs, and business operations

  • Operating, maintaining, securing, and improving our website and systems

  • Managing business relationships with vendors, collaborators, investigators, and advisors

  • Complying with legal, regulatory, and ethical obligations

  • Protecting Triana’s rights, property, and safety, and those of others

  • Complying with applicable law or responding to judicial processes or governmental requests

  • Other purposes with your consent or as otherwise permitted by law , including exemptions for clinical research, public health, and regulatory compliance

4. Legal Bases for Processing (EEA/UK/Switzerland)

Where the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) or the Swiss Federal Data Protection Act and its Ordinance (Swiss DPA) applies, Triana processes personal information on the following legal bases, as applicable:

  • Public interest in public health and scientific research, including ensuring the quality and safety of our medicinal products

  • Legitimate interests, such as business communications, recruitment, website security, and compliance (balanced against individual rights)

  • Performance of a contract or steps taken at your request prior to entering into a contract

  • Compliance with legal obligations

  • Consent, where required (which may be withdrawn at any time)

Certain information processed in clinical research constitutes special category data, including health and genetic data, and is processed in accordance with GDPR Articles 9(2)(i) and 9(2)(j) and applicable safeguards.

5. Disclosures of Personal Information

Triana may disclose personal information to:

  • Affiliates and subsidiaries

  • Service providers and vendors (including CROs, IT providers, hosting providers, recruiters, auditors and professional advisors) acting on our behalf and subject to confidentiality and data protection obligations

  • Clinical investigators, research sites, ethics committees, and regulatory authorities, as required for clinical research

  • Public authorities where required by law or lawful process

  • Successors or acquirers in connection with a merger, acquisition, reorganization, bankruptcy or similar transaction, subject to applicable law and confidentiality obligations

Triana does not sell or share personal information for cross-context behavioral advertising.

6. Cross-Border Data Transfers

Personal information may be transferred to countries outside the European Economic Area, the United Kingdom or Switzerland. Where required, Triana relies on appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission or the Swiss Federal Data Protection and Information Commissioner, as applicable, and the UK Addendum

  • Participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, where applicable

7. Data Retention

Triana retains personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including compliance with legal, regulatory, accounting, and reporting requirements.

Clinical trial records may be retained for extended periods as required by FDA, EMA, MHRA, and other regulatory authorities. In some circumstances, Triana may anonymize information so it can no longer be associated with an individual, in which case Triana may use this information indefinitely without further notice to you.

8. Data Security

Triana implements administrative, technical, and organizational safeguards designed to protect personal information, including access controls, appropriate encryption, and incident response procedures.

Health information collected in clinical research is handled in accordance with informed consent, applicable confidentiality obligations, and data protection laws.

9. Individual Rights

A. EU/UK Rights

Individuals in the EU, UK or Switzerland may have certain rights including:

  • Obtain confirmation as to whether or not your personal data are being processed by Triana, the purposes of the processing, the categories of personal data concerned

  • Rectify inaccurate or incomplete personal data

  • Have your personal data erased, pursuant to certain specifications and exemptions

  • Restrict our processing of your personal data

  • Receive your personal data, which you have provided to Triana

  • Object at any time to the processing of your personal data for direct marketing purposes

B. California Privacy Rights

California residents have the right with respect to personal information governed by the CPRA:

  • Know the categories of personal information collected and disclosed

  • Request access to or deletion of personal information

  • Correct inaccurate personal information

  • Limit the use and disclosure of sensitive personal information (where applicable)

  • Not be discriminated against for exercising privacy rights

The CPRA does not apply to information collected and processed for clinical research purposes, information subject to the Health Insurance Portability and Accountability Act (“HIPAA”), employment-related information, and personal information retained to comply with legal, regulatory, or scientific research obligations.

C. Exemptions

 Certain personal information may be retained notwithstanding a deletion request where retention is necessary for clinical research integrity, patient safety, pharmacovigilance, regulatory submissions, inspections, audits, or other legal and regulatory obligations.

10. Cookies and Analytics

Triana uses only essential and basic analytics cookies to operate and improve its website. You may control cookies through your browser settings. Disabling cookies may limit website functionality.

11. Children’s Information

Triana’s website is not directed to children under 13, and Triana does not knowingly collect personal information from children through its website. Information about minors collected in clinical trials is governed exclusively by informed consent, assent, and applicable law.

12. Changes to This Privacy Policy

Triana may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date.

13. How to Contact Us

For questions, requests, or concerns regarding this Privacy Policy or your personal information, please contact:

Email:
privacy@trianabio.com

or

Mailing Address:
Triana Biomedicines, Inc.
Attn: Data Privacy
1050 Waltham Street, Suite 301
Lexington, MA 02421

EU/UK individuals may also contact Triana’s EU or UK representative at the addresses below:

Rickert Rechtsanwaltsgesellschaft mbH

Colmantstraße 15

53115 Bonn

Germany

Art-27-rep-TrianaBio@rickert.law

Rickert Services Ltd UK

PO Box 1487

Peterborough

PE1 9XX

United Kingdom

Art-27-rep-TrianaBio@rickert-services.uk