Mineralys Therapeutics, Inc. (“we”) respects the privacy of visitors to www.mineralystx.com (“website”). This Privacy Policy (“Policy”) explains our online information practices regarding the collection of information through our website that can personally identify you (“personal information”) and certain other information that we collect from you on our website. This Policy also describes how we use and disclose the information we collect and the choices you can make about the uses of your personal information. Your use of our website is subject to this Policy and our Terms of Use. Please read this Policy carefully to understand how we treat information collected on our website.

Information We Collect Actively
We only collect personal information about you when you voluntarily provide that information to us in connection with your use of our website. For example, we collect personal information that you may provide through the “Contact Us” page on our website. The information that we may collect includes your name, telephone number, email address, and/or certain other information you provide.

Information We Collect Passively
We may passively collect personal information when you visit the website, such as your IP address, browser version, operating system, and the site you passed through to reach our website. In addition, we may collect usage data, such as traffic patterns, number of visits to certain pages, visits from other websites or to third-party websites that link to our website, and use of particular services or features on the website. We may use this information to improve our website and to provide services such as Technical Support.

We may collect this personal information through the use of online tracking technology, including “cookies,” and similar tools. A “cookie” is a small, text-only file that is placed on your hard drive to allow us to recognize you if you return to the website using the same computer and browser.

You can set your browser to notify you when you receive a cookie, giving you a chance to decide whether to accept it or not. Alternatively, you can set your browser to disable cookies, and can remove existing cookies. Each browser is different, so you will need to check your specific browser’s “Help” menu to learn how to change the cookie preferences. While you may decide to not accept cookies, by doing so, you may not be able to experience the full functionality of the website.

Use Of Your Personal Information
We may use or disclose the personal information we collect for our operational purposes and for one or more of the following business purposes:

• To respond to your messages and requests
• To develop, provide and improve our products and services
• For advertising and marketing of our products and services
• To analyze and better understand consumers’ needs, preferences, and interests
• To administer the website
• For internal operations including troubleshooting, data analysis, testing, research, and statistical analysis
• For analytical purposes and to research, develop, and improve programs, products, services and content
• To detect and protect against security incidents and deceptive, malicious, or fraudulent activity
• For activities to monitor and maintain the quality or safety of our products and services
• To maintain the safety and security of the website and our services
• To communicate with you about security, privacy or administrative related matters
• To personalize our website and services to provide content effectively for you and the device on which you are accessing the website
• To carry out any other purposes that are disclosed to you through the website or required by law, regulation, court order or other legal process

We may also aggregate and/or anonymize personal information and analyze the data for statistical or any other purposes permitted by law.

Disclosure Of Your Personal Information
To the extent permitted by applicable data protection laws, we may disclose your personal information in the following ways:

• We may share the personal information we collect with our business partners and vendors that perform services on our behalf and other third parties for our legitimate business purposes.
• We may disclose your personal information to others if you have given us permission or directed us to do so or through your selected user preferences.
• We may disclose your personal information without your permission when we believe in good faith that such disclosure is required by law or is necessary to investigate and protect against harmful activity to us, our customers, our employees and others, or our property.
• In addition, to the extent permitted by law, any information collected over our website or concerning its use, may be disclosed to government authorities or third parties pursuant to a legal request, subpoena, or other legal process, or to comply with government reporting obligations applicable to us. We may also use or disclose your personal information as permitted by law to collect debts, fight fraud, or protect the rights or property of Mineralys Therapeutics, Inc., our clients, our donors, our website, and its users, or third parties, or when we otherwise believe in good faith that the law requires it.
• In the event of a corporate change in control resulting from, for example, a change in our corporate structure, a sale to, or merger with, another entity, or in the event of a sale of assets or a bankruptcy, we reserve the right to transfer your personal information to the new party assuming our functions or in control, or the party acquiring assets.
• We may also disclose aggregated and/or anonymized information with non-affiliated parties for research, education or marketing purposes.

Children’s Privacy
We do not knowingly collect or maintain personal information from children under the age of 13. If we learn that we have personal information about a child under the age of 13, we will delete that information.

Security
We maintain reasonable physical, electronic, and procedural safeguards designed to help us protect your nonpublic personal information against: (a) accidental or unlawful destruction; (b) accidental loss; and (c) unauthorized alteration, disclosure, or access. However, no security systems are impenetrable. We cannot guarantee the security of our database, website, or services, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet. We are not responsible for the actions of third parties.

Links To Other Websites
The website may contain links to other websites, including websites operated by other entities. When you click on these links you are taken to a website that is operated by another entity. Please be aware that these websites may collect information about you and may place cookies on your Internet browser if your browser is set to accept them. We urge you to review the privacy policies posted on any websites you visit before using those sites and providing personal information. We are not responsible for the privacy practices or the content of such websites.

Data Retention
We have a data retention policy which dictates how long we retain your personal information collected through or on our website, with the intent that we will retain your personal information only for so long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, resolving disputes, collecting fees, providing you products and services, or maintaining our staffing relationships and needs, unless we have deidentified or deleted your personal information in response to a request to delete. To the extent permitted by applicable data protection laws, we may also retain your personal information in a deidentified or aggregated form so that it can no longer be associated with you. To determine the appropriate retention period for your personal information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we process your personal information; and applicable legal requirements.

Changes To This Privacy Policy
We reserve the right, in our sole discretion, to modify, alter, or otherwise update this Policy at any time, and you agree to be bound by such modifications, alterations, or updates. We will notify you of material changes to this Policy by posting the revised policy with the date it was revised on this page. We will not materially alter the use of personal information about you that we have already collected without contacting you directly and seeking your affirmative consent. Your continued use of the website constitutes your agreement to this Policy and any updates. We encourage you to periodically review this Policy to stay informed about how we are protecting the personal information we collect.

Users Outside the United States
This section of the Policy contains additional information about our processing of your personal information for individuals who are located outside the United States. Your rights under this section may vary depending on your location. Please read carefully.

Capitalized terms used in this section of the Policy shall have the meaning given to them by the applicable data protection law, including European Union’s General Data Protection Regulation (EU) 2016/679 (“GDPR”), the United Kingdom’s General Data Protection Regulation as implemented by the Data Protection Act of 2018 (“UK GDPR”), or the Swiss Federal Act on Data Protection (“FADP”).

1. Special Categories of Personal Information
We do not knowingly collect any Special Categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data). Nor do we knowingly collect any information about criminal convictions and offenses.

2. Purposes and Lawful Bases for Which We Will Use Your Personal Information
We will only process your personal information as permitted under applicable law. We have set out, in the table below, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please note, the below table only applies to residents of the European Economic Area (“EEA”), the United Kingdom and any other regions that require us to disclose our legal bases for processing.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Generally, we do not rely on consent as a legal basis for processing your personal information. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.