General Privacy Policy

Version 1.1 — Updated September 16th, 2025.

Axcela Bio AB (“Axcela Bio”) develops software products and services (collectively referred to as the “Services”) to enable faster development and launch of new treatments. We provide access to our Services to our customers, which nominate their employees and/or representatives to access the Services on the customers’ behalf (“Registered Users”). Axcela Bio offers its Services to companies and does not provide Services directly to consumers.

1. Scope of this Privacy Policy

This general privacy policy explains how Axcela Bio collects, uses, processes, and shares your personal data where:

You are a Registered User of Axcela Bio’s Services.
We meet at a conference, tradeshow, or similar event.
You sign up for or participate in a webinar presented by Axcela Bio (either alone or together with a collaboration partner).
You sign up to receive our newsletter or other e-mail communication from us.
You contact us by telephone, email, or chat for the purposes of customer support, training, and customer success.

This Privacy Policy does not apply to:

Information on personal data relating to representatives for patient organizations. Such personal data are processed in accordance with a separate Privacy Policy for Patient Organization Representatives.
Employees (existing or prospective).

2. Additional information about GDPR and US State Notices

If you are resident of a country where the General Data Protection Regulation 2016/679 and the UK GDPR (collectively, the “GDPR”) applies, Axcela Bio is the data controller in respect of the processing of your personal data. You can find out more specific information about your rights and how to exercise them in the GDPR Privacy Policy Supplement at Section 7 below.

For residents of any U.S. state where a state privacy law applies, please review our U.S. Supplemental Privacy Policy at Section 13 below.

3. Which Personal Data do we Collect, and How?

For the purposes of this privacy policy, references to personal data includes any information relating to an identifiable, living, natural person.

We collect the following information about you, in the following ways:

a) If you are a Registered User.
If you are a Registered User, the Customer may provide us with information such as your name, title, location, and e-mail address in order to create a log-in for access to our Services. Then, we will also collect certain information directly from you, such as your password information in order for you to access your user account.

After receiving login information, you may choose to use our Services for the purposes for which the license was granted. During your time using our Service as a Registered User, we may collect the following additional data:

Usage data, including logins, IP address, and user behaviour;
Information you submit to us, such as e.g. your name, telephone number, and e-mail address when you subscribe to our newsletter (or other communication from us), request a product demonstration or communicate with our customer support;
Aggregated support data;
Cookies – for further details, please see our Cookie Policy;
Log files, which include data such as user IP addresses, browser types, and other statistical data resulting from the use of the Services. This information may be used to analyse trends, to administer the Services, to monitor the use of the Services and to gather general demographic information. We may link this information to personal data for these and other purposes such as personalizing your experience and evaluating and improving the Services in general.
Under your organization’s license agreement, some individuals at your organization (or nominated by your organization) may have the right to access information for all Users at your organization for purposes of tracking usage patterns across the organization. If you have questions about who at your organization can see your data, please contact your organization’s point of contact for Axcela Bio. If you do not know your company’s point of contact, contact us and we will provide you with such information.

b) If you are a representative of a prospective customer or collaboration partner.

We may collect contact information such as e.g. your name, e-mail address, and telephone number in connection with an event, webinar etc. Such personal data may be collected from you directly, from one of our collaboration partners, or from publicly available information.

c) If you are a visitor to our website.

We may collect information by the means of cookies. For further details, please see our Cookie Policy.

4. For which purposes do we use your personal data?

We use your personal data collected for the following purposes:

a) If you are a Registered User:

To provide the Services to you. This includes providing Registered Users access to the Axcela Bio’s products through a user account.
To enhance, provide support and maintain our Services. We use your information to support delivery of the Services, address service errors, or technical issues, to contact you for customer service and for support purposes.
For analytics purposes to improve your experience to help us understand who uses the Services (and how), and in order to improve your user experience.
To perform statistical analysis of user behaviour or to evaluate and improve the Services.
To inform you about changes to this privacy policy and any other applicable legal terms and policies.
To provide you with technical or other important updates, such as important changes to, and/or availability of our Services, security notices.
To ask you about your user experience and to improve our products.

b) If you are a representative of a prospective customer or collaboration partner.

To provide you access to particular features, such as a webinar that you sign up for or participate in.
To send you newsletters or otherwise communicate with you about our Services for marketing purposes. If you want to opt-out from such communication, please send an e-mail to privacy@axcela.bio.

5. In Which Cases Do we Share your Personal Data?

If required by applicable law. We may disclose your information (including personal data) if we believe in good faith that we are required to do so in order to comply with any applicable law.

To analytics service providers. When you use our Services, third-party providers of analytics products, such as for example analytics cookies, which are deployed as part of the Services may directly collect information about your activities over time. See more about this in our Cookie Policy.

To our service providers. We may employ third party independent contractors, vendors, and suppliers (collectively, “Service Providers”) to provide specific services and products, such as hosting and maintaining the Services, providing fraud screening, and developing applications for the Services. In the course of providing products or services to us, these third-party Service Providers may have access to information we collect about you. We will seek to minimize the personal data transferred to such Service Providers (to the extent possible), and will require Service Providers to follow appropriate privacy policies and will not authorize them to use your personal data except for the express purpose for which it is provided, but we cannot control the actions of such third parties.

To our marketing service providers. We may share your personal data with our marketing vendors and partners to send emails on our behalf, and/or for co-branded and/or co-sponsored marketing and promotional events (such as conference events) offered in conjunction with another company or companies. If you register for or participate in such marketing and promotional events, we and the relevant partner companies may receive information collected in conjunction with the co-branded and/or co-sponsored marketing and promotional events.

In case of a sale of business. If applicable, we reserve the right to transfer information to a third party in connection with a sale, merger, or other transfer of all or substantially all of the assets of Axcela Bio, or in case of bankruptcy.

If you consent. To any other party, if you consent to the disclosure.

6. How do we Keep your Personal Data Secure?

Axcela Bio takes the security of your personal data very seriously. We invest considerable resources in implementing technical and organizational measures to ensure the safety of your personal data. However, no method of electronic transmission or electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

7. GDPR Privacy Policy Supplement

If you are located in the EU, the European Economic Area or the United Kingdom (UK), the following additional information applies:

Data Controller. If processing of your personal data is subject to the GDPR, Axcela Bio AB is the data controller (as defined in the GDPR) in respect of the processing of your personal data to which this Privacy Policy applies.

Special categories of personal data. We do not request or collect any special categories of personal data.

Legal Grounds for processing. Pursuant to the GDPR, our legal bases for our processing your personal data may include (without limitation):

If you have provided your consent to the processing. Such consent may be withdrawn at any time, but without affecting the lawfulness of processing based on consent prior to withdrawal.
If it is necessary to perform our obligations in accordance with an agreement we have entered into or are about to enter into with you.
If it is necessary for the purposes of pursuing our legitimate interests, for example in providing or marketing our Services, and your fundamental rights and freedoms do not override those legitimate interests.

Your rights under the GDPR. Please see Section 10, “Your Privacy Rights”. If you want to contact the data controller to exercise any of your rights under the GDPR or need further information concerning the lawful basis on which we collect and use your personal data, please contact us at privacy@axcela.bio.

8. Transfers of Personal Data to Third Countries

In certain circumstances personal data collected under this Privacy Policy may be transferred from time to time to our offices, personnel, and/or to Service Providers who may be located in various places throughout the world. In addition, the Services may be viewed and hosted anywhere in the world, including in countries that may not have laws of general applicability regulating the use and transfer of such information or which may not provide the same degree of protection as the country in which you are resident.

If you are located in the EEA, UK or if the GDPR applies to you, should it be necessary for us to transfer your personal data to a third country, we will rely on legally provided mechanisms designed to ensure a similar degree of protection is afforded to your personal data including (but not limited to) where applicable implementation or use of European Commission-approved Standard Contractual Clauses or other legally approved mechanisms. If you require further information on the specific mechanisms used by us or have any concerns in this regard, please contact us at privacy@axcela.bio.

9. How Long do we Retain your Personal Data?

We endeavour to retain your personal data only for as long as necessary to fulfil the purposes for which we collected it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you have any questions about our data retention processes, please contact us at privacy@axcela.bio.

10. Your Privacy Rights

We generally use personal data as described in this privacy policy as authorized by you or as otherwise disclosed at the time, we request such information from you. In certain other circumstances, you may “opt in” and/or give us permission to use your personal data. You may in such case exercise your opt-out rights, as for example in the case of marketing communications, by contacting us at privacy@axcela.bio.

You may have certain rights related to your personal data, subject to local applicable data protection laws in your country. Please note your rights and choices may vary depending upon your location. Certain personal data may be exempt from such requests under applicable law.

United States: If you are a resident of any U.S. state with a Comprehensive State Privacy Law, please review our U.S. Supplemental Privacy Policy at Section 13 below, including information about how to exercise available rights under state law.

EEA/EU/UK/: If the GDPR applies to you, you may have the following rights:

To request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

To request correction of the personal data that we process about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

To request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no lawful basis for us to continue processing it. You also have the right to ask us to delete or remove all of your personal data in certain circumstances.

To object to further processing of your personal data where we are relying on a legitimate interest (or that of a third party).

To request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data.

To request the transfer of your personal data to another party.

Please note:
To protect your privacy and security, we may take reasonable steps to verify your identity before granting you access or making corrections. After having received and verified your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personal data stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

Any updates, corrections, changes, and deletions will have no effect on other information that we process, or information that we have provided to third parties in accordance with this privacy policy prior to such update, correction, change or deletion. Also, please note that it may not be technologically feasible to remove each and every record of your personal data from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personal data may exist in a non-erasable form that will be difficult or impossible for us to locate.

Lodge a complaint with us or the relevant supervisory authority (as defined in the GDPR). If you want to exercise your available rights under these or other privacy laws applicable to you, or if you have any complaints about the way we process your personal data, please do contact us at privacy@axcela.bio.

Alternatively, if the GDPR is applicable, you may lodge a complaint with the supervisory authority which is established in your country. Please note that Axcela Bio’s lead supervisory authority in the EU is:

The Swedish Data Protection Authority (Sw: Integritetsskyddsmyndigheten)
Box 8114
SE-104 20 Stockholm
Sweden Phone number: +46 8 657 61 00
Email: imy@imy.se

Similar rights as above may be afforded to you under other applicable data protection laws and regardless of your location.

11. Changes to this Privacy Policy

We reserve the right to modify or revise this Privacy Policy from time to time. If we make material changes that result in significant additional uses or disclosures of your personal data, we may provide you notice through the Services and/or or by other means including if necessary, communication with you, to provide you the opportunity to review the changes before they become effective. We may also make minor changes to this privacy policy that generally will not significantly affect our use of your personal data, for which such communications/notices are not generally required. The date for the latest updated version of this privacy policy is specified at the top of this privacy policy. If any changes to this privacy policy are unacceptable to you, you should stop using our Services. Your continued use of the Services following the posting of changes to this privacy policy constitutes your full acceptance of those changes.

12. Contact us

We are committed to protecting your privacy and to being transparent about our privacy practices. If you have any questions, comments or want to provide feedback about this privacy policy, please contact our privacy team:

By e-mail: privacy@axcela.bio

By postal mail or courier:
Attn: Legal Counsel
Axcela Bio AB
Poppelgatan 9
SE-42674 Västra Frölunda
Sweden

13. US Supplement

This U.S. Supplemental Privacy Notice (the “Supplement”) provides supplemental information to the general privacy policy above and applies to residents of U.S. states with Comprehensive State Privacy Laws, as defined below. This Supplement describes the types of personal information that Axcela Bio may collect or process from U.S. residents in those states, how we may use and disclose that information, and how you may exercise any rights you may have regarding our processing of your personal information.

This Supplement applies to personal information collected or processed by Axcela Bio from or about U.S. residents in states with comprehensive privacy laws (collectively, hereafter, “Comprehensive State Privacy Laws”), including, for example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”), together referred to as (“CCPA”); the Colorado Privacy Act (“CPA”); the Connecticut Personal Data Privacy and Online Monitoring Act (“CTDPA”); the Virginia Consumer Data Protection Act (“VCDPA”); and similar state privacy and data protection laws. This Supplement only applies to residents in those states with Comprehensive State Privacy Laws unless otherwise noted.

Personal information subject to this Supplement does not include the information covered by certain federal and state laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), clinical trials, or other exemptions as described in Comprehensive State Privacy Laws. In addition, even personal information covered in this Supplement may be collected and processed—including by disclosure to governmental entities or third parties—outside the requirements of this Supplement where applicable Comprehensive State Privacy Laws allow, including where such action is necessary to comply with federal, state, and local laws; to prepare for any law suit; to protect the vital interests of a consumer or other individual; to act in the public interest in areas of public health; to cooperate with government authorities; or to protect against security threats and illegal, fraudulent, or malicious activity and any subsequent investigation of that activity.

13.1 Consumer Information Collected

In the past 12 months we may have collected, processed the following categories of personal information in developing and providing the Axcela Bio Services:

Category	Examples	Business or commercial purposes for which we collect, use, and sell consumer information
A. Identifiers.	Any identifiers that have been manifestly made public, including name, business address, publicly available contact details (such as email address), current or past employer, job title, department and seniority, company location, publishing affiliation, and/or associated institution(s), collaborations and collaborators, LinkedIn and other social media accounts, positions (including on advisory boards and boards of directors). We may also collect any information you share with us, such as if you contact us.	For the purposes of providing our Services and allowing Axcela Bio's customers and their users access to our Services. If you identify yourself to us, including by sending us an e-mail with questions or comments, we may use your information (including consumer information) to respond to your questions or comments, and we may file your questions or comments (with your information) for future reference.
B. Personal information categories listed in the California Customer. Records statute (Cal. Civ. Code § 1798.80(e)).	Any personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) that have been manifestly made public, including name, current or past employer, affiliation, and/or associated institution(s).	For the purposes of providing our Services and allowing Axcela Bio's customers and their users access to our Services.
C. Professional or employment-related information.	Any professional or employment-related information that has been manifestly made public, including current or past employer, affiliation, and/or associated institution(s), compensation, LinkedIn and social media account information, and positions (including on advisory boards and boards of directors).	For the purposes of providing our Services and allowing Axcela Bio's customers and their users access to our Services.
D. Inferences drawn from other personal information.	Profile reflecting your expertise (among other things), as well as your influence and relevance to our customers' initiatives.	For the purposes of providing our Services and allowing our customers and their Registered Users access to our Services.

13.2 Use of Consumer Information; Categories of Sources

We collect and use personal information for the business or commercial purposes described in the table above and in the manner described in Section 1 of this Privacy Policy.

13.3 Disclosures of Consumer Information for a Business or Commercial Purpose:

During the last year, Axcela Bio has disclosed personal information to service providers (e.g., cloud computing and storage vendors; security contractors, and consultants), for our own operational business purposes.

13.4 Your Privacy Rights

As a resident of a state with a Comprehensive State Privacy Law, you may have some of the following privacy rights, subject to some limitations or exemptions as required or allowed by law:

To opt-out of sharing your personal information for cross-context behavioural advertising or, in other states, to opt-out of targeted advertising;
To opt-out of the sale of your personal information;
To request to know and access your personal information which Axcela Bio has collected or processed;
To obtain a copy of your personal information, i.e., a right to data portability;
To request that we correct your personal information;
To request that we delete your personal information;
To request that we limit the use of your Sensitive personal information;
To opt-out of processing of Sensitive personal information (if applicable)
To not be discriminated against for exercising any of the rights above; and
To appeal the denial of a request, including in some states to lodge a complaint with the Attorney General.

If you would like to opt-out of having your personal information provided to our customers (as applicable) or otherwise exercise your privacy rights, please send an e-mail to privacy@axcela.bio.

13.5 Verifiable requests

We will make reasonable efforts to promptly respond to your requests in accordance with applicable laws, but your rights under Comprehensive State Privacy Laws are not absolute. For example, any such request must provide sufficient information that allows us to verify that you are the consumer whose personal information we have collected. We may, after receiving your request, require additional information from you to honour your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

13.6 Requests by Authorized Agents

Where required by applicable Comprehensive State Privacy Laws, we permit residents of certain states to designate an authorized agent to submit certain requests on your behalf, as outlined below.

California residents may designate an authorized agent to submit a request to opt-out of sale or share of personal information, to limit the use of Sensitive personal information, or to access, correct, or delete your personal information. In each case, the agent must provide us with documentation demonstrating that you have provided signed permission to the agent to exercise these rights with us on your behalf. We may deny the request if we do not receive such proof. In addition, for requests to access, correct, or delete your personal information, we may also require you to do either of the following: (1) verify your own identity directly with us; or (2) directly confirm with us that you have provided the authorized agent permission to submit the request on your behalf. These requirements of proof do not apply if the agent has a power of attorney pursuant to California Probate Code.

Colorado, Connecticut, Delaware, Nebraska, New Hampshire, New Jersey, Oregon, Minnesota, Montana, and Texas residents may designate an authorized agent to submit a request to opt-out out of our processing of personal data for the purposes of targeted advertising, sale or profiling in furtherance of decisions that produce legal or similarly significant effects. If you use an authorized agent to submit a request, we will not act on that request unless we are able to authenticate, with commercially reasonable effort, both your identity and the authorized agent’s authority to act on your behalf.

For all requests via authorized agents, we require that your agent provide us with your personal information and provide signed documentation demonstrating that you authorized the agent to submit a request on your behalf. The request must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing.
Authorized agents may submit requests by sending an e-mail to privacy@axcela.bio.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with your state’s law pertaining to powers of attorney.

13.7 Contact us

We are committed to protecting the privacy of Consumers’ personal information and being transparent about our privacy practices. To exercise any rights you might be entitled to under applicable Comprehensive State Privacy Laws, and for any other questions, comments, or feedback on this US Supplement or our privacy policy, please send an e-mail to privacy@axcela.bio.