UPSTREAM BIO, INC.

Privacy Policy
Last Updated: June 1, 2022

This Privacy Policy describes the privacy practices of Upstream Bio, Inc. (“Upstream Bio,” “we,” “us,” or “our”) and how we handle personal information that we collect through our website and any other sites that link to this Privacy Policy (collectively, “the Services”).

Personal Information We Collect

Information you provide to us:

  • Contact details,such as your first and last name, email and mailing addresses, and phone number when provided to us in any communications.
  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise. While we do not collect sensitive, health, or medical information, we may receive any information you voluntarily provide to us by email or otherwise. Because the Services are not intended to be used for the transmission of sensitive, health, or medical information, we request that you not share such information with us when you contact us through the Services.

Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Third parties, such as data providers, event co-sponsors, and others.
  • Public sources, such as social media platforms.

Automatic data collection. We, and our service providers, may automatically log information about you, your computer or mobile device, and your interaction over time with our website and the Services, such as:

  • Device data,such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We use your personal information to:

  • Provide, operate and improve the Services and our business;
  • Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
  • Provide support for the Services, and respond to your requests, questions and feedback.

Research and development. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.

Compliance and protection. We may use your personal information to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • Enforce the terms and conditions that govern our website and Services; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How We Share Personal Information

We may share your personal information with:

Business partners. Current and future affiliates, and other companies with whom we partner to provide our Services.

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, website analytics services, and employee recruitment).

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Upstream Bio (including, in connection with a bankruptcy or similar proceedings).

Your Choices

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

We do not knowingly collect Personal Information from children under the age of 13. If you are under the age of 13, you may not submit any Personal Information through the Site or in email. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Information on this Site without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information through this Site or email, please contact us, and we will endeavor to delete that information from our databases.

Job Applicants

When you visit the “Join Us” portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on Upstream Bio; (b) to protect and defend the rights or property of Upstream Bio or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Upstream Bio’s Terms of Use.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at info@upstreambio.com or at the following mailing address:

Upstream Bio, Inc.
460 Totten Pond Rd. Suite 420
Waltham, MA 02451