Graticule will collect information through its websites that can identify you (if provided by you), such as your name, address, phone number, e-mail address, company name and position. Graticule may use this information to respond to your requests for information, products, or services. Graticule may also collect information that will usually not allow us to directly identify you, for example, IP address and information gathered through “cookies.”

When you contact Graticule via its websites to request or to access information, you are asked to provide your personal information. By providing your personal information to Graticule via its websites, you agree to the terms of this Privacy Policy and to receive communications from Graticule.

The information you allow this website to collect will be available to Graticule and shared with third parties working with or on behalf of Graticule (e.g., information technology and related infrastructure, vendor due diligence). Access to your information and the equipment processing it, is at all times restricted to appropriate staff. Except as outlined in this Privacy Policy, Graticule will not trade, sell, release, share, or transfer your personal information for use by any business outside the Graticule organization without your consent, or in a form other than what was disclosed to you at the time the information was collected unless permitted or required by law.

Graticule reserves the right to disclose all information collected to the extent required by law or to respond to judicial process. Graticule may also provide any or all collected information to a third party in connection with the sale, assignment, or other transfer of the business of the particular website to which the information relates if such third party agrees to treat all such information substantially in accordance with this Privacy Policy.

Graticule takes reasonable measures to maintain the confidentiality of your personal information regardless of the country where such information is stored or transferred to. In jurisdictions with data protection and privacy laws, and where contractual commitments require, Graticule ensures that individuals can exercise all relevant informational rights with respect to their personal information collected by Graticule via its websites, including, but not limited to, the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, and request transmission of provided personal information in a common digital format (e.g., pdf) to themselves or another organization.

Notice for study participants

Please keep in mind that Clinical trial/study participants must contact their investigator at their study site, who will be able to make the necessary link to subject identity as outside of Graticule`s own early phase clinical units, Graticule does not hold information that would allow Graticule to directly identify clinical trial/study participants. Following the International Committee on Harmonization of Good Clinical Practice (ICH GCP) confidentiality guidelines, neither Graticule nor the study sponsor is able to identify trial/study participants without the involvement of study centers or Investigators.

Vendor Due Diligence

In addition to information collected through our website, during our vendor due diligence process, we may obtain from vendors or other third parties personal information such as (but not limited to) the names and contact details of individuals connected with existing or prospective vendors, and other information to complete background checks and other assessments relevant to vendor compliance.  We have a legitimate business interest in obtaining and processing such information, including personal information, to verify and evaluate the business practices, compliance records, and membership of our vendors.

Graticule may share such information with its third-party service providers in connection with this vendor’s due diligence process.

International Data Transfer

Graticule as global company is committed to the confidentiality, integrity and availability of personal information we process and has in place mechanisms to ensure a compliant transfer of personal information. For example, Graticule has executed Standard Contractual Clauses (“SCC”), or Standard Data Protection Clauses (“SDPC”) adopted by the European Commission (or by a supervisory authority and approved by the European Commission) for the purpose of transferring personal information from the European Economic Area. EU residents whose personal information is transferred by Graticule as controller under SCC or SDPC may request a copy of such SCC or SDPC from Graticule through the contact details listed below.

Graticule under EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the United Kingdome (UK) Extension to the EU-U.S. DPF to transfer personal data, human resource data, from the EEA, the UK (including Gibraltar) to the United States. Graticule would be acting as the data processor when transferring study data, including key-coded data. Please click here for Graticule’s Notice of Certification Under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF.

Canadian residents, including residents of Quebec, personal information collected from this website may be accessed, processed, and/or disclosed outside of Quebec and outside of Canada. When data is transferred out of Quebec and outside of Canada it is done so with the use of appropriate safeguards, including contractual safeguards.

Information Security

Graticule maintains a reasonable level of physical, electronic, and managerial procedures in order to protect the information that it collects from its website. This includes maintaining computer equipment, networks, programs, and documentation to a common standard and restricting access to equipment and information to appropriate staff.

Children’s Privacy

Graticule does not collect or maintain information at its websites from those it knows are under 13 years of age, and no parts of its websites are structured to attract anyone under the age of 13.

Links to Other Websites

Our websites may contain links to other websites. Please keep in mind when you access websites operated by other parties, whether through links on our websites or otherwise, that we do not control what happens on those websites. We are not responsible for, and this Notice does not apply to, the privacy practices of any Linked Site. Linked Sites may collect information in addition to that which we collect on the websites. You should always check the privacy policy of the website you are visiting in order to be sure you know how the operator of that website will collect information from you and what the operator of that website will do with the information.

Change Notification and Specific Privacy Terms

As we provide more services on our websites and as privacy laws and regulations evolve, it may be necessary to revise or update our Privacy Policy without notice. You can determine if this Privacy Policy has been revised since your last visit by referring to the “last updated” legend at the top of this page.  Your use of our website constitutes your acceptance of the terms of the revised Privacy Policy, and you should therefore review the Privacy Policy regularly to ensure that you are aware of its terms.  Please print, save, and retain a copy of the Privacy Policy (and of any revised version) for your records.

Data Retention

Graticule stores your Personal Information for different time periods depending on the applicable regulations. Some information may be deleted automatically based on specific schedules. Other information may be retained for a longer period of time based on the relationship you have with us or regulatory requirements.

Inquiries, Complaints and Information Corrections

To be removed from our contact lists, or to make a complaint or submit an inquiry, please write to Graticule at the following address:

Graticule, Inc.
Attn: Privacy Officer
199 Pleasant Street
Newton, MA 02459

Communications, queries, or requests to exercise informational rights (e.g., access to or deletion of personal information) or complaints can be addressed to the attention of Graticule´s Privacy Officer at privacy@graticule.life.

Additional Information for inhabitants of the European Economic Area or the United Kingdom

Please note that in many circumstances, we cannot effectively do business with you without processing some Personal Data (as defined under Article 4 (1) of the European Union / United Kingdom General Data Protection Regulation or GDPR) about you.

• You may have the following rights with respect to some or all of your Personal
  Data:
• To request access to your Personal Data (Article 15 GDPR).
• To request that we rectify or erase your Personal Data (Articles 16 and 17 GDPR).
• To request that we restrict or block the processing of your Personal Data (Articles 18, 21 and 22 GDPR) and to object to the sale or sharing of your Personal Data under other relevant laws.
• To request that we provide your Personal Data directly to another organization, i.e., a right to data portability (Article 20 GDPR); and When we previously obtained your consent, to withdraw consent to processing (Article 21 GDPR)

Communications, queries or requests to exercise your rights or complaints under the GDPR can also be addressed to the attention of Graticule`s Data Protection Officer, via mail to privacy@graticule.life.

Within the European Economic Area or the United Kingdom, individuals have the right in law to complain about how their Personal Data is handled to a supervisory authority that is responsible for regulating compliance with the GDPR. A list of all supervisory authorities of the European Economic Area is available on the website of the European Data Protection Board (EDPB) https://www.edpb.europa.eu/edpb_en

Additional Information for California Consumers

This section applies solely to California consumers (California residents) and explains your rights under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act of 2020 (CPRA). As of 1 January 2023, the CPRA included personal information of employees and business contact information for residents of California into the list of rights regarding personal information listed below.

Children’s Privacy

Graticule does not collect or maintain information at its websites from those it knows are under 16 years of age, and no parts of its websites are structured to attract anyone under the age of 16.

Sale of Personal Information

In the preceding twelve (12) months, Graticule has not shared for purposes of cross-context behavioral advertising as defined in the CPRA or sold personal information to third parties.

Access to Specific Information and Data Portability Rights

You have the right to request that Graticule disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and confirm your identity, we will disclose to you the information requested, including:

• The categories of personal information we collected about you.
• The categories of sources of the personal information we collected about you.
• Our business purpose for collecting that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected.
• Information about any sales of your personal information.

In addition, upon request we will provide you with a copy of all of your personal information (Data Portability).

Correction and Deletion Request Rights

You have the right to request that Graticule correct or delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will correct or delete your personal information from our records, unless an exception applies.  If an exception applies, you will be notified that the data will not be corrected or deleted, along with specific information about the basis for the exception.

Exercising Access, Data Portability, Correction and Deletion Rights

To exercise the access, data portability, correction and deletion rights described above, please submit a request to us by either:

• Sending an email to privacy@graticule.life, Attn: Privacy Officer
• Sending a written request to Graticule, Inc. Attention: Privacy Officer, 199 Pleasant Street, Newton, MA 02459

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.

You may only make a request for access or data portability twice within a 12-month period. Your request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail to allows us to properly understand, evaluate, and respond to it.
• Provide a means to contact you.

We will only use personal information provided in a CCPA request to verify the requestor’s identity or authority to make the request.

Response Timing

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

Fee

We do not charge a fee to process or respond to your CCPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Contact Information

If you have any questions or comments about this Notice, the ways in which Graticule collects and uses your information described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by either:

• Sending an email to privacy@graticule.life, Attn: Privacy Officer
•  Sending a written request to Graticule, Inc. Attention: Privacy Officer,199 Pleasant Street, Newton, MA 02459

Graticule’s EU-U.S. Data Privacy Framework (EU-U.S. DPF) and United Kingdom (UK) Extension to the EU-U.S. DPF Policy

Effective as of January 2025

This Graticule’s EU-U.S. Data Privacy Framework (EU-U.S. DPF) and United Kingdom (UK) Extension to the EU-U.S. DPF Policy  (“Policy”) applies to Graticule  Inc., (collectively referred to as “Graticule,” “Company,” “we” or “our”) when Personal Information is received from or about individuals in the European Economic Area (EEA)* or United Kingdom (UK) including Gibraltar in any format including electronic, paper, or verbal. Graticule values the confidence of its customers and respects individual privacy, including the Personal Information of business partners/customers, investors, patients, clinical research participants, Investigators and Health Care Professionals, and clinical research site staff.

Graticule complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  Graticule has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF and UK Extension to the EU-U.S. DPF Principles (DPF Principles) with regard to the processing of personal data received from the EEA in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US. DPF.  If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

This Policy supplements Graticule’s Privacy Policy  (collectively, they comprise Graticule’s “Privacy Policies”).

Any references in this policy to the DPF, DPF Principles, EU-U.S. DPF, and/or EU-U.S. Data Privacy Framework is meant to be inclusive of both the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.

Graticule may continue to rely on alternative data transfer mechanisms deemed appropriate by the relevant authorities to transfer data collected from the EEA and UK to the U.S., such as EU Standard Contractual Clauses. This means Graticule currently relies on alternative data transfer mechanisms, such as Standard Contractual Clauses, for such data transfers. When Graticule is acting as an agent/data processor, Graticule will follow the instructions of the data controller on the mechanism relied upon for data transfers.

Scope 

This Policy applies to all Personal Information (see Definitions), whether in electronic or paper format, received by Graticule in the United States from the EEA and UK, including Personal Information of Healthcare Professionals / clinical investigators, clinical researcher site staff, potential and active trial participants/patients, business partners, customers, vendors/suppliers, consumers, businesses contacts, investors, and government officials. This Policy outlines our general policy for the implementation of the DPF Principles.

Adherence to the DPF Principles may be limited to (i) the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of an individual. Also, this Policy may not apply or may be limited when personal information is collected or processed by the following:

• Graticule, under an agreement that contains the requisite standard contractual clauses approved by the European Commission with respect to the personal information.
• Graticule , when necessary for the performance of a contract (e.g., external learner contract for training course) between an individual and Graticule ; or
• Any Graticule  affiliate, successor, business division or group that makes a separate certification to DPF, whether or not such certification covers only part or all types of personal information in scope of this policy.

Definitions

For the purposes of this Policy, the following definitions shall apply:

• “Agent” means any third-party processing personal information on behalf of and under the instruction of Graticule .
• “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• “Individual” means any natural person located in the EEA or UK.
• “Personal Information” and “personal data” means data about an identified or identifiable individual received by Graticule  in the US from the EEA or UK and recorded in any form.
• “Processing” of Personal Information means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use disclosure or dissemination, and erasure or destruction.
• “DPF Principles” collectively mean the seven (7) privacy principles in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and UK Extension to the EU-U.S. DPF, as well as the supplemental privacy principles and the associated guidance, details of which can be found at https://www.dataprivacyframework.gov/EU-US-Framework. 
• “Sensitive Personal Information” means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the Individual. In addition, Graticule  will treat as sensitive, any information received from a third-party where that third-party treats and identifies the information as sensitive.

Privacy Principles

The privacy principles in this Policy are in accordance with the DPF Principles set out in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Notice

Where Graticule collects Personal Information directly from Individuals in the EEA or UK, it will inform them about the purposes for which it collects and uses Personal Information about them, the types of third parties to which Graticule discloses that information, and the choices and means, if any, Graticule offers Individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Graticule, or as soon as practicable thereafter, and in any event before Graticule uses the information for a purpose other than for which it was originally collected.

When Graticule , as a service provider, receives Personal Information from its affiliates or other entities, including when acting as a Contract Research Organization (CRO) processing Personal Information under the direction of a Controller (usually the client, customer, research sponsor, etc.) it will use such information in accordance with the notices provided by the Controller and the choices made by the Individuals to whom such Personal Information relates.

During the conduct of its operations, Graticule  may collect, uses, and process personal information relating to:

• Research Studies-Related Information:For Individuals who are participating in research studies managed by Graticule as a CRO or in other situations where Graticule  is participating in research studies, including trial participants, patients, their spouses / partners, caregivers, and relatives, clinical research or other study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the study sponsor and its corporate affiliates. The collection of Personal Information such as contact information, qualifications, debarment status and account may be used in order to carry out the applicable studies and other study-related services and/or pharmacovigilance. Information collected may be transferred to the sponsor of a study, business partners, Graticule  affiliates and third-party service providers performing study related duties and may furthermore be transferred to regulatory authorities.
• Customers and Program Participant Information:Prospective trial participants, prospective learners, prospective investigators and users of Graticule  applications and websites who make enquiries regarding Graticule ’s services and may be asked to provide Personal Information in order to provide the requested information, products or services. Personal Information provided may be used for the processing of requested transactions, improving the quality of our services, sending communications about our products or services, enabling our business partners and providers to perform certain activities on our behalf and complying with our legal obligations, policies and procedures.
• Business Contacts: Customers, vendors, and consultants. Graticule keeps contact information, account numbers and information relating to billing, together with other information which may be necessary for the daily operation of Graticule ’s services including conducting customer, product and service surveys, direct marketing or products and services, handling customer complaints and enquiries, making disclosure under the requirements of any law applicable, any other directly related matters.
• Health Care Professionals:Graticule  collects information about health care professional directly from the health care professionals, from public sources and from business partners. We use this information in connection with various healthcare activities, including clinical trials, real-world studies of patient treatment, healthcare outcomes analysis, market research activities, and other situations where primary intelligence from healthcare professionals is applicable.
• Data Analytics Functions:In certain situations, Graticule obtains and processes information about Individuals for various data analytics purposes. In most situations, this data has been anonymized or de-identified and is no longer personal information when it is obtained by Graticule  (or when it is transferred to the United States).

Graticule may use the personal information it collects to comply with our legal obligations, policies and procedures for internal administrative purposes.

Personal Information collected and/or processed may be disclosed to a particular study sponsor, third-party service provider, business partner, and/or where required, regulators. Graticule may not need to furnish notice where processing is necessary to respond to a government inquiry, is required or authorized by applicable laws, court orders or government regulations, or is necessary to protect Graticule’s legal interests and providing notice would interfere with the above requirements.

Choice

Graticule will offer Individuals the opportunity, where practical and appropriate, to choose (opt-out) whether their personal information is (i) to be disclosed to third parties or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the Individuals.

Please contact:
Privacy Officer
Graticule, Inc.
199 Pleasant Street, Newton, MA 02459
privacy@graticule.life

Graticule will not process Sensitive Personal Information about Individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the Individual unless the Individual explicitly consents to the processing (opt-in), or as required or permitted, or where not prohibited by law or regulation.

Graticule also may transfer Personal Information when a material event concerning its business operation(s), assets or shares, such as a purchase, disposal, merger, joint venture or acquisition, is proposed or occurs. In such an event, Graticule will endeavor to direct the transferee to use Personal Information in a manner that is consistent with this Policy.

Accountability for Onward Transfer

In most situations, transfers to third parties are covered by the provisions in this Policy regarding notice and choice.

Graticule does not sell or otherwise disclose Personal Information, except as described in our Privacy Policies or in a notice provided to Individuals at the time of collection, or as Individuals explicitly consent.  In circumstances in which Graticule obtains Personal Information as a service provider for a Controller, the Controller is responsible for protecting individual rights with respect to onward transfers.

Graticule  will endeavor to only transfer Personal Information to a third party acting as an Agent, where Graticule  is assured: (i) transfers such data only for limited and specific purposes; (ii) has ascertained that the Agent is obligated to provide at least the same level of privacy protection as is required by the DPF Principles; (iii) takes reasonable and appropriate steps to ensure that the Agent effectively processes the Personal Information transferred in a manner consistent with Graticule ’s obligations under the DPF Principles; (iv) requires the Agent to notify Graticule  if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles; (v) upon notice, including under (iv), Graticule  will take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) will provide a summary or a representative copy of the relevant privacy provisions of its contract with that Agent to the Department of Commerce upon request.

Where Graticule knows that any third party to whom it has provided Personal Information is using or disclosing Personal Information in a manner contrary to this Policy and/or the DPF Principles, Graticule will take reasonable steps to prevent or stop the use or disclosure.

Graticule is potentially liable under the DPF Principles if third-party Agents that it engages to process the Personal Information on its behalf does so in a manner inconsistent with DPF Principles unless Graticule proves that it is not responsible for the event giving rise to the damage.

Security

Graticule takes reasonable technical, administrative, and physical precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Graticule uses Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the Individual. Graticule takes reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete, and current as long as Graticule retains possession of such information.

When acting as a CRO or in other situations where Graticule  acts on behalf of a Controller, Graticule endeavors only to process Personal Information that is relevant to the services it provides, and only for purposes compatible with those for which the Personal Information was collected. Where Graticule  processes Personal Information as a CRO or otherwise acts under the direction of a Controller, Graticule  works with such Controllers so that the Controller can provide a way for Individuals to correct or update their Personal Information.

Access

Upon request Graticule  will grant Individuals reasonable access to the Personal Information it holds about that Individual. In addition, Graticule will take reasonable steps to permit Individuals to correct, amend, or delete information that is demonstrated to be inaccurate or has been processed in violations of the DPF Principles, except where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy, or where the rights of persons other than the Individual would be violated. Graticule reserves the right to charge a reasonable fee to cover costs for providing copies of Personal Information requested by Individuals.

Please contact:
Privacy Officer
Graticule, Inc.
199 Pleasant Street
Newton, MA 02459
privacy@graticule.life

In circumstances in which Graticule maintains Personal Information as a CRO or service provider for Controllers, the Controllers are responsible for providing Individuals with access to their Personal Information and the right to correct, amend or delete the data where it is inaccurate. In these circumstances, Individuals should direct their questions to the appropriate Controller. Graticule personnel have limited ability to access personal data because research site staff and Investigators or our business partners/customers retain the key to the key-coded data. If you believe Graticule has your data and wish to request access, to limit use, or to limit disclosure, please provide the name of the research site staff and Investigators or Graticule business partner/customer who submitted your personal information to our services. Graticule will refer your request to that research site staff and Investigators or business partner/customer and will support them as needed in responding to your request.

Recourse, Enforcement, and Liability

Graticule encourages Individuals covered by this Policy to raise questions about the processing of Personal Information about them by contacting Graticule through the information provided below.

Any complaints or concerns regarding the use or disclosure of Personal Information transferred from the EEA or UK to the U.S. should be in the first instance be directed to the Graticule  Privacy Officer using the contact information provided below. Graticule will investigate and attempt to resolve complaints in accordance with the DPF Principles within 45 days of receiving a complaint.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Graticule commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EEA and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Graticule commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF  and UK Extension to the EU-U.S. DPF. Graticule is committed to following the determination and advice of these authorities. Under certain circumstances, an individual may choose to invoke binding arbitration to resolve any disputes that have not been resolved by other means; for additional information, see https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.  The Federal Trade Commission has jurisdiction over Graticule’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.

In circumstances in which Graticule obtained or maintains Personal Information as a CRO or other Service Provider, Individuals may submit complaints concerning the processing of their Personal Information to the relevant Controller, in accordance with the Controller’s dispute resolution process. Graticule will participate in this process at the request of the Controller or the Individual. Graticule will take steps to remedy any issues arising out of the potential failure to comply with the DPF Principles.

Changes to this Policy

This Policy may be amended from time to time, without advance notice, to ensure an appropriate level of protection for Personal Information and compliance with the requirements of applicable laws and regulations. The revisions will take effect on the date of publication of the amended Policy, as stated.

Contact Information

Privacy Officer
Graticule, Inc.
199 Pleasant Street
Newton, MA 02459
privacy@graticule.life