Privacy Policy

C4T Therapeutics, Inc. (“C4T,” “we,” “us,” or “our”) recognizes and respects the privacy rights of individuals with regard to their personal data. This Privacy Policy explains what types of personal data and other information C4T may collect from you and how we use it.  It also explains the policies and practices that we have developed to safeguard personal data and to comply with applicable data protection laws. This Privacy Policy applies to information we collect on our website(s) and from other sources, including information collected offline. Please read this Privacy Policy carefully to understand what personal data we collect, how we collect it, how we use it, how we protect it, who we may disclose it to, and how you can manage your personal data.

Personal data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

If you have any questions concerning C4T’s privacy practices or wish to access or correct personal data that C4T has collected from you, please contact us as described in Section A below (“How to Contact Us”). To keep your personal data accurate, current, and complete, we will take reasonable steps to update or correct personal data in our possession.

Your access to and use of our website(s) is also subject to our Terms of Use.


Mailing address Email address Phone number
C4 Therapeutics, Inc.
490 Arsenal Way, Suite 120
Watertown, MA 02472 (617) 231-0700

For questions specifically related to our data collection or processing activities:

Mailing address Email address
C4 Therapeutics, Inc.
Attention: Legal Department
490 Arsenal Way, Suite 120
Watertown, MA 02472


We may collect, use, store and transfer different categories of personal data and non-personal data about you, which includes:

  • Identity Data such as first name, maiden name, last name, username or similar identifier, marital status, title, social security number, date of birth and gender;
  • Contact Data such as billing address, delivery address, email address and telephone number(s);
  • Financial/Transaction Data such as bank account, payment card details, insurance information, payment information (or other details regarding your transactions with us) and payroll data;
  • Professional or Employment-related Data such as employer and employment history;
  • Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s) or intranet;
  • Profile/Usage Data such as information regarding your communication preferences, feedback and survey responses, and details on how you use our website(s) and other services;
  • Marketing and Communications Data such as your preferences in receiving materials regarding our products and services from us and our third parties; and
  • Special Categories of Data such as details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.


Direct interactions. You may voluntarily give us your personal data, such as Identity Data, Contact Data and Financial/Transaction Data, by filling in forms or by corresponding with us by mail, phone, and email or otherwise. This includes personal data you provide when you, for example:

  • Contact us by email, phone or mail, either using addresses or numbers posted on our website(s) or when you contact our employees directly;
  • Sign up/register on our website(s) to receive additional information;
  • Give us feedback;
  • Provide information to us as our business partner;
  • Apply for employment or consulting opportunities with us or when you become an employee or a consultant; or
  • Express interest in participating in our clinical trials or other studies and research programs.

Automated interactions. As you interact with our website(s) or use our intranet, and in some emails we may send each other, we may automatically collect Technical Data. This can include your preferences (e.g., language and the location you are in). We may also collect information about your visits to the C4T website(s), such as the length of visits to certain pages and page interaction information. Automatic technologies we use may include web server logs, cookies, pixels and web beacons that are described in Section F below (“Cookies and Other Tracking Mechanisms”).

Third parties (or publicly available sources). We may receive categories of personal data about you from various third parties and public sources as set out below, such as:

  • Technical Data from analytics providers such as Google, advertising networks and search information providers;
  • Contact Data and Financial/Transaction Data from providers of technical, payment and delivery services;
  • Identity Data and Contact Data from recruitment agencies or publicly available sources; and
  • Special Categories of Data including health data from contract research organizations (“CROs”) managing clinical research on our behalf.


C4T and/or the service providers, vendors and other third parties we hire to perform services on our behalf may use your personal data to contact you to obtain more information, provide you with information that you have requested (e.g., information about a particular disease state, product, or clinical trial), use data analytics to help us evaluate and modify our existing products and services, provide additional information that we believe may be of interest to you, or comply with our regulatory and legal obligations, including but not limited to responding to legal process and other government or law enforcement agency requests.

We will only retain your personal data (which includes Personal Information for purposes of the California Consumer Privacy Act (“CCPA”) for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for personal data (including Personal Information), we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.

Individuals located in the European Economic Area (“EEA“) or United Kingdom (“UK“), please see the “Supplemental Notice to EEA/UK Data Subjects” for additional information.


We strive to provide you with choices regarding certain personal data uses, particularly around marketing communications. We may use your Identity Data, Contact Data, Technical Data and Profile/Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and materials may be relevant for you (we call this marketing). We have established the following personal data control mechanisms:

  • Opting in. You will receive marketing communications from us if you have requested information from us and opted-in to receive that marketing material.
  • Consent to third-party marketing. We will get your express opt-in consent before we share your personal data with any company outside C4T for marketing purposes.
  • Opting out. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Remember, however, that even if you opt-out of receiving these marketing communications, C4T may still email you in order to provide a product or service that you request. If you decide to opt-out from any of our services/communications, we will work to remove your information promptly, although we may require additional information before we can process your request.
  • Cookies. Most web browsers allow some control of most cookies through the browser settings. For additional information about how C4T uses cookies and similar technologies, see Section F below (“Cookies and Other Tracking Mechanisms”).

Online Analytics. We may use third-party web analytics services (such as those of Google Analytics) on our website(s) to collect and analyze the information discussed above, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies described in Section F below (“Cookies and Other Tracking Mechanisms”) may be disclosed to or collected directly by service providers, who evaluate information, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by visiting


We may also collect data about your use of our website(s) through the use of Internet server logs, cookies, tracking pixels, and/or other tracking technologies. As we adopt additional technologies, we may also gather additional information through other methods.

Cookies are small files that are automatically stored on your computer when you visit a website. Cookies are used to (a) recognize your device; (b) store your preferences and settings; (c) understand the web pages of the website you have visited; (d) perform searches and analytics; and (e) assist with security functions. Cookies perform many functions, such as allowing you to navigate between pages efficiently, remembering your preferences, and generally improving the user experience.

A web server log is a file where website activity is stored. An IP address is a number assigned to your device whenever you access the Internet that allows devices and servers to recognize and communicate with each other. C4T may collect IP addresses to conduct system administration and report aggregate information, which may identify you, to affiliates, business partners, service providers and/or vendors to conduct website and application analysis and performance reviews.

Web beacons are small strings of code that are placed on websites and in email messages, and/or online ads. They are sometimes called “clear GIFs” (Graphics Interchange Format), “GIF tags,” “Action tags,” “tracking pixels” or “pixel tags.” Web beacons are most often used in conjunction with cookies to track activity on our website(s). When used in an email, web beacons enable us to know whether you have received or opened the email and may be used for other analytics, personalization, and advertising.

Web beacons, cookies and other tracking technologies do not automatically obtain your personal data. However, if you voluntarily provide personal data, these automatic tracking technologies may, for example, be used to provide further information about your activities.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. For additional information, please consult your browser’s “help” section. If you choose to decline cookies, you may not be able to fully experience the features of our website(s).


We may share your personal data with the parties set out below for the purposes set out in Section D above (“How We Use Your Personal Data”).

  • Internal Parties: Individuals or groups within C4T to operate our business.
  • Our partners: our partners, including other companies and academic institutions, such as those listed or referenced on our website(s).
  • External Third Parties: third parties who perform services on our behalf and help further our business requirements.
  • Parties as part of a business transaction: third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
  • Professional advisers: advisors (e.g., lawyers, bankers, auditors and insurers) who, for example, may provide consultancy, banking, financial, legal, insurance and accounting and payroll services.
  • Government Authorities: The U.S. Federal Communications Commission, U.S. Internal Revenue Service, the U.S. Food and Drug Administration, the U.S. Federal Trade Commission and other government agencies, regulators and authorities (in the U.S. and around the world) as required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of C4T, (iii) act in urgent circumstances to protect the personal safety of users of our website(s) or the public, or (iv) protect against legal liability.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not sell your personal data.


We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed while it is under our control. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

No Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from our website(s) may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any personal data to C4T via the Internet.

We have implemented procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where and when we are legally required to do so.


Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Website(s) linked to this Privacy Policy do not currently respond to these “do-not-track” signals.


California’s Shine the Light Law (California Civil Code Section 1798.83) permits California residents who are individual customers of C4T, once per year, to request certain information regarding its disclosure of “personal information” to third parties for their direct marketing purposes. To make such a request, please contact us using our contact information listed in Section A above (“How to Contact Us”). Be sure to include your name and address and please reference that your request is being made under the California Shine the Light Law. You can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.

For additional information relevant to California residents, including related to their privacy rights under the California Consumer Privacy Act (“CCPA”), please refer to our Supplemental Privacy Policy for California Residents, which is available here: Supplemental Privacy Policy for California Residents.


Section 603A of the Nevada Revised Statutes permits Nevada residents who are C4T “consumers” to at any time, submit a request to an “operator” of a website in Nevada directing the operator not to make any sale of any “covered information” the operator has collected or will collect about the consumer. C4T does not currently “sell” or plan to sell covered information as defined in the Nevada law. If you are a Nevada resident, you may submit a verified request by contacting us by sending an email to to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. We will respond within the time required by law.


While in some instances we may collect personal data about children with the consent of a parent or guardian, such as clinical activities or for patient support programs, we do not otherwise knowingly solicit data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal data, he or she should contact us as described in Section A above (“How to Contact Us”). We will take reasonable steps to delete such data from our database within a reasonable time.

We do not knowingly collect personal data from children under the age of 13 on our website(s). If you have reason to believe that a child under the age of 13 has provided personal data to C4T through our website(s), please contact us as described in Section A above (“How to Contact Us”) and we will take reasonable steps to delete it as soon as practicable.


As a convenience to visitors and users of our website(s), C4T may offer links to other sites that we believe may offer useful information. The inclusion of a link on C4T website(s) does not imply our endorsement of the linked site or service. When you click on one of these links, you will be transferred from the website and be connected to the site of the organization or company that you selected. This Privacy Policy is no longer applicable when you leave our site by way of link. Each of these linked sites maintains its own independent privacy policies and procedures, which you should consult before providing any of your personal data.

Please note that linked third-party websites may also use cookies or other tracking mechanisms. If you have any questions about how third-party websites use cookies, you should contact such third parties directly. For additional information about cookies and other tracking mechanisms, see Section F above (“Cookies and Other Tracking Mechanisms”).


Through our website(s), you may access certain social media websites and services that are owned and/or controlled by third parties (including, without limitation, Facebook and Twitter) (collectively referred to as the “Social Media Services”). When you elect to access and use the Social Media Services, you may be sharing personal data with those Social Media Services. As with other third-party websites, the information that you share with the Social Media Services will be governed by the privacy policies and terms of service of the providers of such Social Media Services and not by the policies and procedures described in this C4T Privacy Policy. You may also be able to modify your privacy settings with these Social Media Services to, for example, control what information the Social Media Services disclose to other entities, including C4T.

When you log into our website(s) using your Social Media Services account, we may collect relevant information necessary to enable our website(s) to access that Social Media Service, however you will provide your login information, like your password, directly to such Social Media Service (and not to C4T). As part of any such integration, the Social Media Service may provide C4T with access to certain information that you have provided to such Social Media Service, and we may use, store and disclose such information in accordance with this Privacy Policy and, if and to the extent applicable, the policies of such Social Media Services. However, the manner in which Social Media Services use, store and disclose your information is governed by the policies of the applicable Social Media Services provider, and, as a result, C4T shall not have any liability or responsibility for the privacy practices or other actions of Social Media Services that may be enabled within and/or otherwise accessible through our website(s).


C4T may have additional privacy notices or terms that are tailored and more specific for the different ways your personal data is collected. For example, clinical trial subjects are provided with separate notices related to their personal data collected for the clinical trial in which they are participating. Employment applicants may also be provided with a separate privacy notice.

If you receive a privacy notice provided to you for a specific purpose, the terms of the more specific notice or contract will control to the extent that other notice differs or conflicts with this Privacy Policy.


Our website(s) and our business may change from time to time. As a result, at times it may be necessary for C4T to make changes to this Privacy Policy.  Please check this Privacy Policy periodically for changes. If we make any changes, the updated Privacy Policy will be posted with a revised effective date, unless another type of notice is required by applicable law. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our website(s) and/or services after any such updates take effect will constitute acceptance of any changes.