PRIVACY POLICY

Last Updated: August 4, 2025

BBOT (“we,” “us,” or “our”) shares your concerns about maintaining the integrity and privacy of personal information collected on the internet.  We are committed to protecting your privacy, and this privacy policy (“Privacy Policy”) is intended to describe our information collection and dissemination practices in connection with our website located at www.bbotx.com, or any website or service that links to or refers to this Privacy Policy (collectively, the “Site”).

Note that when we say “Personal Information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

“Personal Data” in this Privacy Policy means any information relating to an identified or identifiable natural person of the European Union or the United Kingdom (a “European Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For purposes of the General Data Protection Regulation and the United Kingdom General Data Protection Regulation (collectively, “GDPR”), we are the controller data processing.

INFORMATION WE COLLECT AND HOW WE USE IT

We collect Personal Information when you:

• make requests on the Site;
• use the Site; and
• communicate with us.

We also collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Site. For European Data Subjects, the legal bases for Data Subject processing are legitimate interest and contractual necessity.

Registration and Requests for Information. You may use the Site without providing us with Personal Information. However, if you choose to contact us or request more information, you may provide Personal Information, such as your name and email address. You may also provide other optional information.

Cookies, Automatic Data Collection, and Related Technologies. The Site collects and stores information that is generated automatically as you use it, including your preferences and anonymous usage statistics. When we associate such information with Personal Information, we will treat the combination as Personal Information.

When you use the Site, we and our third-party partners, such as advertising networks, social media widgets, and analytics providers, use “cookies” and other similar technologies to collect information about how the Site is used. A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server. We also use other forms of technology (such as web beacons and, in apps, software development kits (usually referred to as SDKs)) which serve a similar purpose to cookies, and which allow us to monitor and improve our Site. Our partners also may collect information about your online activities over time and on other websites or apps. When they provide such services, they are governed by their own privacy policies. You may be able to change browser settings to block and delete cookies when you access the Site through a web browser. However, if you do that, the Site may not work properly. You can also use the Site’s cookie settings function to amend preferences at any time.

By using the Site, you are authorizing us to gather, parse, and retain data related to the provision of the Site as described in this Privacy Policy.

Internal and Service-Related Usage. We use information, including Personal Information, for internal and product and service-related purposes and may provide it to third parties to allow us to facilitate the Site. We may use and retain any data we collect to provide and improve any of our products and services.

Communications.  We may send email to the email address you provide to us to respond to your inquiries and for informational and operational purposes, such as management, customer service, or system maintenance.

Marketing. We may use information, including Personal Information, to provide online advertising on the Site and to email information we think may be useful or relevant to you.

Aggregate Data. We may anonymize or aggregate data collected through the Site and use it for any purpose.

We may share your Personal Information:

• with our third-party vendors and service providers;
• to comply with legal obligations;
• to protect and defend our rights and property; and
• with your permission.

We do not rent, sell, or share Personal Information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission.

We use vendors and service providers, and we may share any information we receive with vendors and service providers retained in connection with the provision of the Site.

We do not rent, sell, or share Personal Information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. With your permission, we may provide Personal Information to third parties for their direct marketing purposes. We may display website and applications advertising to you from third parties. We may display targeted advertising to you on third party-websites, provided that such targeted advertising for European Data Subjects shall only be carried out with prior consent. With your permission, we may contact a physician of your choice on your behalf. We use the data collected by the Site to enable the delivery of online advertising on this website or other websites or applications, or otherwise send you information we think may be useful or relevant to you.

You may be able to opt out of receiving personalized advertisements from advertisers or advertising networks who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations.

Links to those sites are here:

• Network Advertising Initiative: http://www.networkadvertising.org/choices/
• Digital Advertising Alliance: http://www.aboutads.info/choices/

When you opt out of personalized advertising, you may continue to see non-personalized online advertising on the Site.

Legal and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect your, our, or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership or sale of our assets, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information, however, Personal Data will be transferred or disclosed only to entities that have agreed to comply with the GDPR requirements.

With Your Permission. We may also disclose your Personal Information with your permission.

How Long We Keep Your Personal Information. We will retain your Personal Information for as long as is necessary to fulfill the purpose for which we obtained your Personal Information and any other permitted purposes permitted by law, and in compliance with our data retention policies.  For example, we will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

INFORMATION SECURITY

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure, unless otherwise subject under the GDPR or other applicable privacy laws.

For visitors outside of the European Union or the United Kingdom, by using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. For European Data Subjects, the processing activity of your Personal Data is for the legitimate interest. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at contact@BBOTx.com. This opt-out is not applicable to European Data Subjects

UNITED STATES PRIVACY DISCLOSURE

Please note that we do not currently meet the threshold applicability requirements of U.S. state privacy laws, including the California Consumer Privacy Act (“CCPA”). If we meet those thresholds in the future, we will update this Notice to include applicable disclosures related thereto.

INTERNATIONAL USERS

We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction.  By using the Site, you will transfer data to the United States.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that the transfer of your information to the United States and processing globally is subject to a legitimate interest legal basis and contractual necessity.

ADDITIONAL RIGHTS UNDER GDPR

• Access your Personal Data
• Correct inaccurate Personal Data
• Erase your Personal Data
• Restrict or object to process of Personal Data
• Port your Personal Data to another services
• Withdraw consent to processing of Personal Data at any time
• Lodge a complaint with your local supervisory authority.

CHILDREN

We do not knowingly collect any Personal Information from children under the age of 13 without parental consent, unless permitted by law.  If we learn that a child under the age of 13 has provided us with Personal Information, we will delete it in accordance with applicable law.

CHANGES TO OUR PRIVACY POLICY AND PRACTICES

We may revise this Privacy Policy, so review it periodically.
Posting of Revised Privacy Policy.  We will post any adjustments to the Privacy Policy on this web page, and the revised version will be effective when it is posted. If you are concerned about how your information is used, bookmark this page and read this Privacy Policy periodically.

New Uses of Personal Information. From time to time, we may desire to use Personal Information for uses not previously disclosed in our Privacy Policy. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law. For European Data Subjects, the processing of Personal Data for purposes other than originally anticipated will only be allowed where the processing is compatible with the purposes for which the Personal Data were initially collected. You will be informed if additional processing in a manner incompatible with the original intent will occur.

Contact Information

BBOT
256 E. Grand Avenue, Suite 104
South San Francisco, CA 94080
You may also contact us via email at contact@BBOTx.com

Per the GDPR, our Data Privacy Officer is:

Bird & Bird DPO Services SRL
Avenue Louise 235
1050 Brussels
Belgium
dpo.therasinc@twobirds.com