PRIVACY STATEMENT

Cessation Therapeutics, Inc. (“Cessation Therapeutics, Inc.” or “us” or “we”) is a company developing a novel antibody therapy to prevent overdose related to fentanyl and fentanyl analogs.

We understand that your privacy is important to you and that you care about how information relating to you (“Personal Data”) is used. Cessation Therapeutics is committed to ensuring the privacy and security of the Personal Data it processes relating to website visitors, and to protecting their rights in accordance with applicable privacy and data protection laws. This privacy statement describes how we collect, process, store, use, transfer and delete personal data.

Please note that if you are enrolled in any of our clinical trials, this Privacy Statement does not apply to the processing of your Personal Data in connection with your participation in such trials. In that case, please refer to the applicable Informed Consent provided to you.

This privacy statement describes how we collect, process, store, use, transfer and delete personal data.

CESSATION THERAPEUTICS’ ROLE UNDER THE GDPR FOR EU-BASED VISITORS

Cessation Therapeutics is the data controller for the purposes of the personal data we collect via the website is:

Cessation Therapeutics, Inc.
3031 Tisch Way Ste 110
San Jose, CA 95128
California
United States of America

PERSONAL DATA WE COLLECT

Personal information you provide us directly

Personal Data is collected when you contact us through any of our available communication channels. Personal Data may include:

• Your first and last name
• E-mail address
• Telephone number

Please note that you do not have to provide personal information, but in such a case we may not be able to address your request.

Personal information we collect automatically

Technical information is collected from recording and collecting information of your interaction with our website, web pages you accessed. For further information about the use of cookies or to manage your preferences, please refer to our cookie policy.

Purposes and legal grounds for processing your Personal Data

We use the information that you provide when you contact us in order to respond to you.

We also use the technical data we receive to optimize how the website is displayed to you.

We may compile statistical information across a variety of users in order to help us understand trends and customer needs. Statistical information is anonymized and does not, in and of itself, contain any Personal Information.

We process your personal data based on your consent where required, or on our legitimate interest.

SHARING OF PERSONAL DATA WITH THIRD PARTIES

We will not share your information with third parties, except in the situations listed below:

• Share with our affiliated companies, who help us process the data for the purpose set out above.
• Share with our service providers who assist us with the internal operations of our website and our business.
• Share with authorities and with third parties for the purpose of handling of any breach of the terms of use of the Website or any breach of applicable law.
• Share with a judicial, governmental, or regulatory authority when required or requested to do so under applicable law.
• Share to enable a structural change, such as a merger or acquisition.

RETENTION OF YOUR PERSONAL INFORMATION

We will retain your personal data for as long as is necessary in order to fulfill the purposes for which we have collected your personal information, including any legal requirements. When the personal information is no longer needed for its original processing goal, and there are no further legal requirements, we will delete or anonymize your personal information.

INTERNATIONAL TRANSFER OF INFORMATION

Information we collect from you may be processed in the United States of America. When transferring Personal Data from Europe, we rely on appropriate safeguards and transfer mechanisms, such as the EU Standard Contractual Clauses, in accordance with the GDPR.

HOW TO EXERCISE YOUR PRIVACY RIGHTS

Under the General Data Protection Regulation (GDPR) you have rights with regard to the processing of your personal data. Not all of these rights will apply in all cases. You may have the right to request from us:

• Information about the collection and use of your personal data;
• Access to the personal data that we process about you;
• Erasure of the personal data that hold about you;

• Rectification of errors in the personal data we hold about you;
• To object to the processing of your personal data;
• To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or will significantly affect you;
• To restrict further processing of data about you;
• To have a machine-readable copy of your personal data (portability); and/or
• Withdrawal your consent for the processing of personal data (where applicable).

Where you make a request, if a particular right does not apply, we will explain why for your particular case.

In all cases, requests should be sent by email to the privacy contact listed in the “Our Data Protection Representative for the EEA” section. To process your request, we will need some personal data (such as your name and contact details) and may ask for additional information to confirm your identity before responding.

We will respond to your request within 30 days.

OUR DATA PROTECTION REPRESENTATIVE FOR THE EEA

We have appointed a Data Protection Representative (DPR) for the EEA. Our DPR is DPO Consultancy. If you have any questions about our privacy statement, if you wish to exercise your rights or if you wish to lodge a complaint, please contact us via dpr@dpoconsultancy.nl or by sending mail to the following address:

DPO Consultancy (EEA)
Europalaan 28b
5232 BC ‘s-Hertogenbosch
The Netherlands

If you are a resident of the EEA and feel that your privacy has been infringed by our service or practices, you have the right to lodge a complaint directly with a supervisory authority in your member state of residence, place of work or place of the alleged infringement. Our lead supervisory authority in the EEA is the Autoriteit Persoonsgegevens (The Netherlands): https://autoriteitpersoonsgegevens.nl/en.

CHANGES TO THIS PRIVACY STATEMENT

We may update this privacy statement from time to time, and we encourage you to review it periodically.

LAST UPDATED

December 19, 2025