Privacy Policy

Effective as of January 8, 2026.

This Privacy Policy describes the privacy practices of Lyell Immunopharma, Inc., and our subsidiaries or affiliates (collectively, “Lyell,” “we”, “us” or “our”), and how we handle personal information that we collect through our digital properties that link to this Privacy Policy, including our website (the “Service”), as well as through other activities described in this Privacy Policy.

Lyell may provide additional or supplemental privacy notices to individuals for specific products or services that we offer at the time we collect personal information. For example, in relation to our clinical trials, we will provide privacy notices to trial participants or candidates to participate in our clinical trials. These additional or supplemental privacy notices will govern how we may process the information in the context of the specific product or service.

Personal information we collect

Information you provide to us. Personal information you may provide to us includes:

  • Contact data, such as your first and last name, salutation, email address, mailing address, professional title and company name, and phone number.
  • Communications data that we exchange with you, including when you contact us with questions or feedback, through the Service or otherwise.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Job application data, such as professional credentials and skills, educational and work history, LinkedIn profile page, personal website, authorization to work in the U.S., immigration status, criminal history, and other information that may be included on a resume or curriculum vitae as well as in a cover letter. This may also include diversity information that you voluntarily provide.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

We collect the personal information described above from one or more of the below sources:

  • Directly from you throughout our relationship, including when you sign up for, and/or use, our products, services, and websites;
  • From our parent entities, affiliates, subsidiaries, and business partners;
  • From third parties that are authorized to share your information with us; and
  • From publicly available sources of information.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our marketing emails or clicked links within them.

Cookies and similar technologies. Like many online services, we and our service providers use the following technologies on our sites:

  • Cookies (including analytics and tag management cookies) are small text files that websites store on a visitor’s device to uniquely identify the visitor’s browser and/or store information or settings in the browser. We use cookies to help you navigate between pages efficiently, remember preferences, enable site functionality, understand user activity and patterns, and support analytics and marketing/advertising measurement. We use cookies in connection with tools such as Google Analytics and Google Tag Manager and may use other browser-based tracking technologies from our service providers and business partners. Our sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them or they expire). Some cookies are served by third party service providers or business partners and can be used by these parties to recognize your device when it visits the Service and other online services.
  • Local storage and similar technologies that provide cookie-equivalent functionality and can store information on your device (including outside of your browser in some cases). These technologies may be used to enable site functionality, remember preferences, maintain sessions, and support analytics.
  • Web beacons / pixels (including advertising and social media pixels), also known as pixel tags or clear GIFs, may be used on our sites and in emails to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked. They may also be used to measure and improve marketing campaigns, including paid and social advertising.

These cookies and other technologies may be employed for the following purposes:

  • Analytics. Analytic cookies help us understand how our Service performs and is being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients. For example, we use Google Analytics to help us understand user activity on the Service. You can prevent the use of Google Analytics relating to your use of our sites by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
  • Essential. Essential cookies are necessary to allow the technical operation of our Service (e.g., remember preferences you set or information you entered on a previous page).

Data about others. Service visitors may have the opportunity to refer other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have someone’s permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal information to:

  • provide, operate and improve the Service and our business;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing. We may use your personal information to understand your preferences better and to appropriately personalize our marketing.

To manage our recruiting and process employment applications. We may use personal information, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

We also use the information in other ways for which we provide specific notice at the time of collection and obtain your consent to the extent required by applicable law. We may aggregate or de-identify any information collected about you and we may use that aggregated or de-identified information for any purpose. If we de-identify personal information, we maintain and use that information in de-identified form and will not attempt to re-identify the data, except as otherwise permitted under applicable law.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection.

Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Third parties (such as companies and individuals) that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics).

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations and due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Lyell or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Your choices

You have the following choices with respect to your personal information.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Additional Disclosures for Residents of Texas

This section applies to the personal information of residents of Texas and supplements the other sections of this Policy.

Subject to certain exceptions, you may have the following rights with respect to your personal information:

  • Access: You may have the right to request that we confirm whether we process your personal information and that we provide you access to such personal information.
  • Data Portability: You may have the right to request that we provide a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
  • Correction: You may have the right to request that we correct inaccuracies in the personal information that we process.
  • Deletion: You may have the right to request deletion of your personal information.

You may submit requests to exercise your other rights by emailing us at privacy@lyell.com or submit a request through our online webform.

You may also have the right to appeal a refusal to take action on your request by emailing us at privacy@lyell.com with the subject line “Appeal of Rights Request Decision.”

Other sites and services

The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Retention

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Perform internal research to assess and improve our business;
  • Comply with record retention requirements under the law or other relevant legal or regulatory requirements or internal document retention policy;
  • Defend or bring any existing or potential legal claims; and
  • Deal with any complaints regarding the services.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Service from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it. We encourage parents or guardians with concerns to contact us.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting).

How to contact us