Privacy Policy

Effective / Last Updated: March 11, 2026

Tenax Therapeutics, Inc. (“Tenax,” “we,” “us,” or “our”) is committed to protecting the privacy of information we collect from or about you that identifies you or could reasonably be used to identify you, directly or indirectly (“Personal Data”). This Privacy Policy describes how we process Personal Data collected through the websites we operate that link to this Policy (collectively, the “Websites”), and through certain other online and offline interactions with our business partners that occur as part of our business operations.

1.     Scope

This Policy applies to:

• Information we collect about individual consumers who interact with our Websites; and
• Information we collect online and offline about the personnel of our business partners (including vendors, healthcare professionals, and business customers) in business-to-business interactions between those personnel and Tenax.

This Policy does not apply to:

• Information about our current or former employees, job applicants, and other individuals who interact with us for employment-related purposes; or
• Personal Data collected as part of clinical trials or other biomedical research studies that we sponsor or otherwise participate in.

Our collection of Personal Data in those situations may be subject to different privacy notices that are provided at or before the point of collection and is not governed by this Policy.

2.     The Personal Data We Collect and How We Collect It

The Personal Data we collect, and how we collect it, depends on how you interact with us.

A.    Information you provide directly

We collect Personal Data you provide directly when you interact with us.

When you use or access our Websites, this may include:

• Personal Data you provide when you subscribe to our email alerts (e.g., your name and email address)
• Personal Data you provide through our “Contact Us” form or other contact methods
• Any other Personal Data you provide when you communicate with us through the Websites

If you interact with us as a representative of one of our business partners, this may include:

• Your name and contact information (e.g., telephone number, email address, and mailing address)
• Your employment details (e.g., employer, title, role)
• We will also collect any personal information relating to other individuals that you provide to us through the Websites—for example, when you complete forms or provide contact details for others. If you choose to provide personal information about someone else, you represent and warrant that you have the authority to do so and that you have obtained all necessary permissions, consents, and authorizations required under applicable law. You are solely responsible for ensuring that any such disclosure is lawful, accurate, and appropriate.

B.    Information we collect automatically

We may collect certain information automatically when you visit our Websites, including:

• Browser and device information. We may collect information that is automatically collected by most websites, such as device identifiers (e.g., IP address and MAC address), operating system type and version, and browser type and version.
• Search engine and other referrals. If a third party refers you to our Websites (for example, when you click a link to our page from a search result), we may receive information about your device and your interaction with the referring site, content, or link.
• Cookies, web beacons, and similar technologies. We and third parties we work with (including advertising networks and analytics providers) use cookies, web beacons, and similar technologies to collect information about you and your use of our Websites.
  • A cookie is a unique numeric code transferred to your device to track interests and preferences and to recognize you as a return visitor.
  • A web beacon is a transparent graphic image placed on a website, email, or advertisement that enables monitoring of user activity and site traffic.

These technologies may collect information such as your IP address, browser type, transactions and interactions, time spent on the Websites, pages visited, referring URL, and other traffic and usage data. We may use this information to determine what features interest users, revise our Websites, and for other purposes described in this Policy. These technologies may also collect information about your online activities over time and across third-party websites or other online services. For more information, see Section 5 (Our Use of Cookies and Similar Tracking Technologies) and Section 7 (Your Choices).

• Analytics technologies. We may use third-party analytics technologies (such as Google Analytics) to understand how visitors use our Websites. Google Analytics uses cookies to help analyze use of the Websites; the information generated may include your IP address. You may be able to opt out by disabling cookies in your browser settings. For more information about Google Analytics, including how it collects, uses, and discloses information, see: http://www.google.com/policies/privacy/partners/. We may also use other technologies to monitor and analyze activity on our Websites.

C.    Information we collect from third parties

We may collect Personal Data from third parties, such as service providers, affiliated companies and subsidiaries, business partners, investors and shareholders, healthcare professionals, and social media companies or others who interact with us. This may include your name and contact details and, for business partner representatives, your employment details.

3.     Purposes for Processing Personal Data

We may use, disclose, transmit, transfer, store, and otherwise process Personal Data for purposes including:

• Communicating with you (e.g., responding to inquiries, fulfilling requests, and promoting the Websites and our products, services, and offerings)
• Administering our relationships with business partners (including vendors, healthcare professionals, and business customers)
• Operating, developing, and improving the Websites
• Securing the Websites, including protecting against and responding to fraud, illegal activity (such as hacking or misuse), and claims and other liabilities, including by enforcing our Terms of Use
• Complying with legal or regulatory requirements, judicial process, and company policies (including due diligence and contracting activities)
• Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business, assets, or stock
• Any other purpose you authorize or direct at the time we collect your information

4.     Parties to Which We May Disclose Personal Data

To accomplish the purposes described in Section 3 (Purposes for Processing Personal Data), we may disclose Personal Data to third parties, including:

• Our subsidiaries and affiliates
• Our business partners (including vendors, healthcare professionals, and business customers)
• Contractors, service providers, and other third parties that support our organization, including providers of technologies and services used to automatically collect or otherwise process device, usage, and other data
• An actual or potential investor, buyer, successor, or other person or organization in connection with an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business, assets, or stock (including in connection with bankruptcy, liquidation, or similar proceedings)
• Third parties when necessary to comply with any court order, law, or legal process; to respond to government or regulatory requests; and to enforce or apply our policies and other agreements
• Any other parties disclosed by us at the time you provide the information or authorized or directed by you

5.     Our Use of Cookies and Similar Tracking Technologies

We use cookies and other tracking technologies to track activity on our Websites and store certain information. Other tracking technologies may include web beacons, tags, and scripts. We use these technologies for purposes such as:

• Necessary cookies
  • Administered by: Tenax and Third Parties
• Purpose: Required to enable basic features of the Websites, such as secure log-in and adjusting your consent preferences.
• Analytics cookies
  • Administered by: Third Parties
• Purpose: Collect information about traffic to the Websites and how users use the Websites (e.g., number of visitors, bounce rates, and traffic sources). The information gathered may directly or indirectly identify you because it is typically linked to a pseudonymous identifier associated with the device used to access the Websites. We may use these cookies to analyze use of the Websites and to test new pages, features, or functionality.

For information about how to control cookies, see Section 7 (Your Choices).

6.     Additional Information for Residents of the European Economic Area (EEA) and the United Kingdom

If you are located in the EEA or the United Kingdom, this Section provides additional information in accordance with applicable data protection laws, including, in the European Union, the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and corresponding local implementing laws and regulations; and in the United Kingdom, the UK Data Protection Act 2018 (“DPA 2018”), the United Kingdom General Data Protection Regulation (“UK GDPR”), the Data (Use and Access) Act, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), and any legislation implemented in connection with the foregoing (collectively, “Data Protection Legislation”).

Tenax Therapeutics, Inc., 101 Glen Lennox Drive, Suite 300, Chapel Hill, North Carolina 27517, United States, is the controller of your Personal Data under the Data Protection Legislation.

A.    Lawful bases for processing Personal Data

Under the Data Protection Legislation, the lawful bases we may rely on for processing include:

• Consent (GDPR Article 6(1)(a))
• Contract (GDPR Article 6(1)(b))
• Legal obligation (GDPR Article 6(1)(c))
• Legitimate interests (GDPR Article 6(1)(f))

The table below provides examples of processing activities and their corresponding lawful bases:

Processing activity	Lawful basis
Where you are a healthcare professional (HCP) involved in the planning, delivery, or oversight of Tenax-sponsored clinical trials, to collect information from you (including employment information) to conduct a clinical trial	Legitimate interests in conducting clinical research
Where you are an employee of Tenax’s service providers, to collect information from you or your employer to receive services from your employer	Legitimate interests in managing Tenax’s affairs
Where you are a sole trader or partnership acting as a service provider to Tenax, to make payments to you and administer the contractual relationship	Contract (contractual necessity)
Where you are an employee of Tenax’s service providers, to liaise with your employer about your contact details and/or the nature and performance of your work, as required	Legitimate interests in managing Tenax’s affairs
To collect information from you and monitor, provide, and maintain our Websites	Legitimate interests in providing and maintaining the Websites
To contact you following your inquiry (where you have provided contact information) and respond to questions, suggestions, issues, complaints, and data subject requests	Legitimate interests in responding to inquiries and operating the Websites
To collect usage data to support security measures and services so you can safely access our Websites	Legitimate interests in providing a secure platform
To contact you (where you have provided contact information) with news and information relating to our services through service messages	Legitimate interests in communicating about our services
B2B direct marketing where you are classified as a corporate subscriber and/or the “soft opt-in” applies under UK PECR	Legitimate interests in marketing our products and services
B2B direct marketing where you are a sole trader, partnership, or otherwise classified as an individual subscriber and/or the “soft opt-in” does not apply under UK PECR	Consent
To retain accounting information for statutory retention periods	Legal obligation
To respond to and defend against legal claims	Legal obligation
To facilitate an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business, assets, or stock (including bankruptcy, liquidation, or similar proceedings)	Legitimate interests in managing corporate affairs and conducting corporate transactions

 

B.    International transfers of your Personal Data

We may transfer your Personal Data out of the UK or EEA. In some cases, these transfers are to countries that are deemed by the European Commission or UK government (as applicable) to provide an adequate level of protection. In other cases, we may transfer your Personal Data to countries that do not benefit from an adequacy decision (such as the United States); when we do so, we rely on appropriate safeguards permitted under the Data Protection Legislation, such as standard contractual clauses approved by the European Commission or UK government (as applicable). You may request a copy of relevant transfer safeguards by contacting us as described in Section 10 (Contacting Us).

C.    Our retention of your Personal Data

We retain Personal Data for as long as necessary to carry out the processing described in this Policy, including to operate and improve the Websites, administer our relationships with business partners, comply with applicable laws and requests from law enforcement or other governmental agencies, and protect the rights, property, and safety of Tenax, our business partners and customers, our users, and other third parties. Data retention periods are determined by, and recorded within, our Retention Policy and Schedule. For more information on retention period, please contact us as described in Section 10 (Contacting Us).

D.    Your rights with respect to your Personal Data

Depending on your jurisdiction, you may be entitled to exercise the following rights. To exercise these rights, please contact us as described in Section 10 (Contacting Us).

• Right to be informed. You have the right to be informed about our collection and use of your Personal Data. We provide this information through our privacy notices (including this Policy), which we review and update as appropriate.
• Right of access. You may have the right to access the Personal Data we hold about you by making a request (sometimes called a “data subject access request”). If we are required to provide Personal Data to you (or someone else on your behalf), we will provide it free of charge and aim to respond within one month after your identity is verified. We may request proof of identity and sufficient information to help us locate your Personal Data.
• Right to rectification. You may have the right to request correction of inaccurate, incomplete, or out-of-date Personal Data.
• Right to erasure. You may have the right to request deletion of your Personal Data (the “right to be forgotten”), subject to exceptions (for example, where we have a legal obligation to retain the data).
• Right to restriction of processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances (for example, if you dispute accuracy).
• Right to data portability. You may have the right to receive Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller where technically feasible.
• Right to object. You may have the right to object to certain processing. This is an absolute right where we use your Personal Data for direct marketing. In other cases, we may continue processing where we have compelling legitimate grounds or a legal obligation.
• Rights related to automated decision-making. You may have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. Tenax does not intend to conduct automated decision-making using your Personal Data.
• Right to withdraw consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

If you have concerns about our processing of your Personal Data, you may also have the right to lodge a complaint with the supervisory authority in the relevant jurisdiction. We encourage you to contact us first so we can try to resolve your concern. If you are in the UK, you may have a right to lodge a complaint directly with us.

7.     Your Choices

When you use the Websites, you may choose not to provide requested Personal Data. However, if you do not provide requested information, your ability to use certain features may be limited (for example, you will not receive email alerts if you do not submit your email address).

You may be able to restrict automatic collection of Personal Data through your device’s operating system settings or by disabling cookies, but doing so may prevent you from using some functionality of the Websites.

Some internet browsers include a “do-not-track” feature that lets you tell websites you do not want your online activities tracked. Our Websites do not respond to browser “do-not-track” signals. Other parties may collect Personal Data about your online activities over time and across different websites, applications, and other online products or services when you use our Websites.

When you visit our Websites, a cookie preferences banner may allow you to customize your cookie settings. You may change your cookie settings and preferences for our Websites at any time by visiting our cookie preferences center. You can also control cookies through your browser settings. To change cookie settings, follow the instructions in your browser’s help section or visit https://allaboutcookies.org/.

You can also opt out of Google Analytics by downloading and enabling the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/. Please note that disabling cookies may limit your use of certain features or functions on the Websites.

You may opt out of receiving our email alerts or other promotional email communications by using the opt-out link or unsubscribe instructions included in the emails we send, by contacting us through the details provided below, or (where available) through the Websites.

8.     Third-Party Links

Our Websites may include links to websites, applications, information, and services provided by third parties. We are not responsible for the privacy policies or practices of those third parties. We encourage you to review the applicable privacy policies of third parties if you choose to follow the links provided.

9.     Changes to This Policy

We may update this Policy at any time to reflect changes in our privacy practices. When we do, we will update the “Effective / Last Updated” date above. We encourage you to review this Policy periodically for the latest information on our privacy practices.

10.  Contacting Us

If you have any questions or comments about this Policy or our privacy practices, please contact us at: info@tenaxthera.com

If you are located in the EEA or the United Kingdom, you may also contact our local data protection representative or data protection officer:

Contact	Details
EU GDPR Representative	FAO Tenax Therapeutics EU GDPR Representative The DPO Centre Europe Limited Calle Méndez Álvaro 20 Madrid 28045, Spain +34 919 053 074 eurep@tenaxthera.com
UK GDPR Representative	FAO Tenax Therapeutics UK GDPR Representative The DPO Centre Limited 50 Liverpool Street London EC2M 7PY, United Kingdom +44 203 797 1289 ukrep@tenaxthera.com
Data Protection Officer	FAO Tenax Therapeutics DPO The DPO Centre Netherlands B.V. Vijzelstraat 68 Amsterdam 1017HL, Netherlands +44 203 797 1289 dpo@tenaxthera.com