Last Updated: 22 June 2026

This notice explains how QuartzBio handles personal data. We provide it for transparency, and it is not legal advice. We may update it from time to time, and the “Last Updated” date above shows when it last changed.

1. Who we are and what this notice covers

QuartzBio provides sample and biomarker intelligence software and services to life-sciences sponsors. We help our clients organize, understand, and act on the sample and biomarker data generated across their clinical programs.
This notice describes how we handle personal data in connection with our website (www.quartz.bio) and our everyday business interactions, such as responding to inquiries, managing client and vendor relationships, and recruiting. It also briefly explains, in §2.4, the different role we play when we process clinical and biomarker data on our platform on behalf of our sponsor-clients.

2. The personal data we process

We group the personal data we process by the type of person it relates to, so you can quickly find the information most relevant to you.

2.1 Website visitors

What we collect. If you contact us or submit an inquiry through the website, we collect the details you provide, such as your name, email address, company, and the content of your message. We also collect technical log data automatically when you visit, including your IP address, browser type and version, the pages you visit, and the date and time of your visit. We use cookies and similar technologies as described in §3.

Why we use it. We use this data to respond to your inquiries, provide you with information you have requested, and maintain the security and quality of our website.

Legal basis. We rely on your consent and on our legitimate interests in operating, securing, and improving our website and responding to people who contact us.

Retention. We keep this data only for as long as necessary for the purposes described above.

2.2 Business contacts and clients

What we collect. We process business contact and signatory details for representatives of our clients, prospective clients, vendors, and partners, such as names, job titles, business email addresses, business phone numbers, and the information needed to enter into and manage agreements.

Why we use it. We use this data to manage and develop our business relationships, communicate about our services, and administer and perform our contracts.

Legal basis. We rely on our legitimate interests in managing and growing our business relationships and, where we have or are entering into an agreement, on the need to perform that contract.

Retention. We keep this data for the duration of the relationship and for as long afterward as necessary to meet our business, accounting, and legal obligations.

2.3 Job applicants

What we collect. If you apply for a role with us, we collect the application data you provide, including your contact details, CV or resume, qualifications, and work history.

Why we use it. We use this data to assess your application and to manage our recruitment process.

Legal basis. We rely on your consent and on the need to take steps at your request prior to entering into an employment contract.

Retention. We keep application data only for as long as necessary to evaluate your application and administer our recruitment process, and for any period afterward permitted or required by law.

2.4 Platform and patient data (our role as a processor)

When we process clinical and biomarker data on our platform, QuartzBio acts as a processor on the documented instructions of our sponsor-clients, who are the controllers of that data. The patients whose data appears on the platform are data subjects of the relevant sponsor, not of this notice. Patient requests relating to that data should be directed to the relevant sponsor, who is responsible for responding. We support our clients in meeting their obligations to data subjects in accordance with our agreements with them.

3. Cookies and analytics

We use cookies and similar technologies to operate our website, remember your preferences, and understand how our site is used so we can improve it. You can control cookies through your browser settings and, where it is shown, through our cookie banner. Blocking or deleting some cookies may affect how the website functions.

4. How we share personal data

We share personal data only where appropriate, including: internally on a need-to-know basis; with vetted service providers (processors) who handle data on our behalf under contract; with authorities, advisors, or others where necessary for legal or compliance reasons; and in connection with a business transfer, such as a merger, acquisition, or sale of assets. We do not sell personal data.

5. International transfers

Where we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we put appropriate safeguards in place, such as Standard Contractual Clauses, to help ensure the data continues to receive an adequate level of protection. Additionally, we are in the process of self-certifying to the EU-U.S. Data Privacy Framework (DPF).

6. Data security and retention

We use technical and organizational measures designed to protect personal data, including encryption in transit and at rest and access controls that limit who can access data. We retain personal data only for as long as necessary to fulfill the purposes for which we collected it or as required by law.

7. Your rights

If you are in the EEA or the United Kingdom, you have rights under the GDPR and UK GDPR, including the right to: access your personal data; have it rectified; have it erased; restrict its processing; object to its processing; receive it in a portable format; withdraw your consent at any time where processing is based on consent; and lodge a complaint with a supervisory authority.

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you have rights under your state’s privacy laws, which may include the right to: know about and access the personal data we hold about you; delete it; correct it; opt out of certain processing; and appeal a decision we make about your request. We will not discriminate against you for exercising any of these rights. We do not sell or “share” personal data as those terms are defined under these laws.

To exercise any of these rights, contact us at privacy@quartz.bio. We may need to verify your identity before we can respond to your request.

8. Children’s privacy

Our website is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

9. How to contact us

If you have any questions about this notice or how we handle personal data, contact us at privacy@quartz.bio. You can reach our Data Protection Officer at dpo@quartz.bio. You also have the right to complain to your local data protection authority.

10. Changes to this notice

We may update this notice from time to time. When we make material changes, we will reflect them by updating the “Last Updated” date at the top of this notice.