Privacy Policy
Crinetics Pharmaceuticals, Inc. and its affiliates (“Crinetics,” “we,” “us,” or “our”) are committed to protecting personal data and to being transparent about how we collect, use, disclose, and otherwise process it. This Notice explains our privacy practices when you visit our websites, use our mobile applications or digital services, communicate with us, or otherwise interact with Crinetics in a non-employment context.
Crinetics is a global pharmaceutical company, and our websites, digital channels, and mobile applications may be accessed by individuals in different locations. This Notice provides a general description of our privacy practices across those jurisdictions. We may provide separate notices at the point of collection (for example, for patient support programs, clinical trials, adverse-event reporting, or job applicants); where a more specific notice applies, it governs.
1. SCOPE OF THIS NOTICE
This Notice applies to personal data Crinetics collects, receives, and processes in connection with our public websites, mobile applications, and digital properties, our email and similar communications linked to this Notice, general communications and inquiries submitted to us, and our interactions with patients, caregivers, healthcare professionals, researchers, investigators, vendors, investors, business contacts, and other members of the public.
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
Crinetics Pharmaceuticals, Inc. is generally the controller of personal data covered by this Notice, meaning Crinetics determines the purposes and means of the processing described here.
You may contact us at:
Crinetics Pharmaceuticals, Inc.
6055 Lusk Blvd
San Diego, California 92121 USA
dataprivacy@crinetics.com
3. THE PERSONAL DATA WE COLLECT, HOW WE COLLECT IT, AND WHY
We aim to collect and use personal data responsibly, in ways that are intended to be transparent, proportionate, and appropriate to your interactions with Crinetics.
The categories of personal data we collect, how we collect them, and why depend on how you interact with us. We may collect personal data directly from you, automatically through your use of our websites, mobile applications, emails, and other digital services, and from third parties that support our activities. Third-party sources include healthcare professionals, healthcare data providers, research organizations, business partners, publicly available sources, and other lawful data sources, including de-identified or aggregated datasets.
We use this personal data, alone or in combination, for various purposes, including:
- Operating and improving our websites and services
- Supporting communications, responding to requests and inquiries
- Managing relationships
- Administering programs
- Performing analytics and audience measurement
- Marketing and advertising
- Complying with legal and regulatory obligations, such as supporting pharmacovigilance and product safety activities
- Protecting our systems, rights, and operations
In some cases, we may also use personal data to develop audience insights, segment communications, and improve the relevance and effectiveness of our content, services, programs, products, and outreach. We do not use automated decision-making that produces legal or similarly significant effects on individuals. Where additional or more specific uses apply, they are described in the applicable notice or consent.
| Category | Example(s) | How We May Collect It | Purpose |
|---|---|---|---|
| Contact and Identity Information | Name, mailing address, email, phone number, online identifiers, IP address, and similar contact details | Directly from you; through forms, subscriptions, inquiries, and digital interactions | To communicate with you, respond to requests, manage relationships, operate our websites, and support security and administration |
| Professional and Business Information | Employer, title, credentials, specialty, institutional affiliation, professional background, publications, consulting status, and similar information | Directly from you, from publicly available sources, and from third parties supporting professional engagement activities | To manage professional relationships, support scientific and business engagement, and administer our operations |
| Communications and Interaction Data | Contents of forms you submit, inquiries you make, emails you send, event registrations, surveys, preferences, and records of your interactions with us | When you contact us, attend events, participate in surveys, register, or otherwise engage with Crinetics | To respond to inquiries, provide requested information, administer events and communications, improve our services, and support internal planning and operations |
| Internet, Device, and Network Activity Information | Browser type, operating system, device identifiers, advertising IDs, pages viewed, date and time of visits, referring URLs, clickstream information, and geolocation inferred from IP address | Automatically through websites, digital properties, emails, cookies, pixels, and similar technologies | To operate and improve our websites and digital activities, understand engagement, support analytics, maintain security, and support audience development |
| Audio, Electronic, or Similar Records | Recordings, transcripts, notes, or similar records of your interaction with Crinetics | When interactions are recorded, documented, or transcribed | To support quality, training, safety, compliance, medical information, pharmacovigilance, and operational needs |
| Health-Related Information | Health condition, treatment or disease, medical procedure, medication, health history, assessments; inferences drawn from health and non-health personal data | Directly from you, from healthcare professionals, through patient support interactions, safety reporting channels, or other authorized data sources, depending on the context | To support patient support-related services, pharmacovigilance, product quality and safety, compliance, and internal operations |
| Communications Preferences and Subscription Information | Preferences regarding email, SMS, newsletters, educational materials, and similar outreach; opt-in/out choices; preferred channels and topics of interest | Directly from you when you register, update preferences, respond to communications, or otherwise indicate your choices | To honor your communications preferences, administer consent and suppression choices, provide requested content, and manage communications |
| Patient Support and Program Participation | Enrollment or intake details, support needs, service interactions, and program administration records relating to patient support or related service programs | Directly from you, your caregiver, healthcare provider, authorized representative, or service providers supporting the applicable program | To administer and improve patient support and related programs, respond to service needs, manage operations, perform analytics, and evaluate program effectiveness |
| Marketing and Engagement Information | Responses to campaigns, interaction with educational or promotional content, event participation, email engagement, website engagement, communication history, and similar outreach-related information | From your interactions with emails, websites, forms, events, surveys, campaigns, and other communications; from service providers supporting outreach and engagement activities | To measure the effectiveness of communications, understand audience engagement, improve content and outreach strategies, administer campaigns, and evaluate educational and support-related engagement |
| Audience Segmentation and Derived Insights | Inferences about interests, communication preferences, engagement patterns, support needs, professional relevance, and similar audience characteristics derived from information we collect | Derived from identifiers, communications data, digital activity, professional information, program participation, and third-party data sources | To improve digital experiences, educational materials, support resources, communications, internal analytics, audience measurement, and program effectiveness |
| Third-Party and Publicly Available Information | Information, including de-identified or aggregated datasets, obtained from healthcare professionals, healthcare data providers, research organizations, publicly available sources, analytics providers, business partners, and social media platforms | From third parties and public sources as permitted by law | To supplement our records, support professional and patient engagement, improve data quality, understand disease and treatment-related trends, and support analytics |
| Consent, Authorization, and Preference Records | Records of consent, authorization, opt-in/out status, privacy choices, cookie preferences, and related documentation | From forms, consent tools, preference centers, website banners, patient support interactions, and communications systems | To demonstrate compliance, honor user choices, administer preferences and permissions, and maintain records |
4. HOW WE USE AND COMBINE PERSONAL DATA ACROSS PROGRAMS
We may use and combine personal data across our programs, services, and digital properties to better understand engagement, improve resources, and support the effectiveness of our communication, educational materials, and support activities.
In some cases, Crinetics may combine personal data you provide with personal data collected through other Crinetics programs, websites, services, and communications in order to better understand how individuals engage with available resources, administer and improve programs, enhance user experience, and improve educational materials, support services, and communications.
Crinetics may also use personal data obtained from third-party sources, including healthcare professionals, healthcare data providers, research organizations, business partners, publicly available sources, and other lawful data sources, including de-identified or aggregated datasets, to better understand disease and treatment-related trends, patient and caregiver needs, and the effectiveness of our educational, engagement, and support activities.
We may analyze de-identified or aggregated data derived from internal program data and third-party sources in order to evaluate and improve patient education initiatives, support services, communication, and program effectiveness. When we maintain and use de-identified data, we will not attempt to re-identify the data unless expressly permitted or required by law.
5. LEGAL BASIS FOR PROCESSING
Where privacy laws require a legal basis for processing, we process personal data only where we have recognized an appropriate legal justification for doing so.
In jurisdictions that require a legal basis for processing, including the European Economic Area, the United Kingdom, Switzerland, and Brazil, Crinetics processes personal data only where it has an applicable legal basis. Depending on context, we may process personal data because it is necessary to fulfil a contract with you, to comply with a legal obligation, or where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. Where required, we may rely on your consent. This may be relevant, for example, for certain non-essential cookies or similar technologies, certain marketing communications, or the processing of sensitive personal data. Where we rely on consent, you may withdraw it at any time.
6. DISCLOSURES OF PERSONAL DATA
We aim to disclose personal data carefully and only where necessary to support our business, scientific, operational, legal, or compliance needs, and we require the recipients to protect and handle it appropriately.
For the purposes described in this Notice, we may disclose personal data to:
- Our affiliates
- Vendors and service providers acting on our behalf under confidentiality and security obligations
- Regulators, law enforcement, and health authorities where required or permitted by law
- Third parties in a merger, acquisition, or sale of assets
- Any other party at your direction or with your consent
7. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to support functionality, improve performance, understand engagement, and manage digital experiences and communications.
Crinetics uses cookies and similar technologies on our websites, mobile applications, and digital properties in service of the purposes described in this Notice. These technologies help us provide functionality, understand user behavior, improve website design and content, tailor information resources, manage campaigns, and develop audience insights.
Cookies are small text files placed on your device. Pixels, web beacons, tags, embedded scripts, software development kits, and similar tools collect information about your interactions with our websites, mobile applications, emails, advertisements, or other technologies. These technologies may collect information such as IP address, browser and device attributes, operating system, device identifiers, network information, language preferences, timestamps, page views, session information, click paths, content engagement, links clicked, referring URLs, approximate geolocation derived from IP address, and email interaction data such as opens and clicks.
The technologies we use may fall into several categories:
- Strictly necessary technologies: Required for basic site functionality, security, fraud prevention, and systems administration.
- Performance technologies: Remember settings, improve usability, and help us understand traffic, user behavior, and site performance.
- Targeting technologies: Advertising, social media, or communications-related technologies that support audience development, campaign measurement, content personalization, retargeting, cross-device recognition, or related functions.
8. YOUR CHOICES REGARDING COOKIES AND DIGITAL TECHNOLOGIES
Where required by applicable law, Crinetics will request your consent before using non-essential cookies and similar technologies. Strictly necessary technologies may be used without consent where permitted because they are required for basic website functionality, security, or fraud prevention. Analytics, personalization, social media, and advertising-related technologies will be used in accordance with legal requirements.
You may manage your preferences through our cookie banner or consent management platform where available, and you may also adjust your browser settings to refuse or delete cookies, although doing so may affect website functionality. Some analytics and advertising providers may offer separate opt-out tools, and depending on applicable law, you may have additional rights to opt out of sale, sharing, targeted advertising, or certain profiling through a privacy request mechanism or other available controls. Where required, Crinetics will recognize browser-based opt-out signals; however, our websites may not respond to “Do Not Track” signals because there is no universally accepted standard for those signals.
9. INTERNATIONAL TRANSFERS
Because Crinetics operates globally, personal data may move across borders, and where it does, we use appropriate safeguards designed to protect that information.
Crinetics is headquartered in San Diego, California in the United States, and personal data we collect may be processed in the United States or other countries where Crinetics, its affiliates, or its service providers operate. If you are located outside the United States, your personal data may be transferred to a jurisdiction that does not provide the same level of legal protection as your home jurisdiction. In such cases, Crinetics will implement appropriate mechanisms and safeguards for cross-border transfers, such as the recognized model clauses for international transfers, adequacy decisions where available, or other lawful mechanisms recognized in the applicable jurisdiction.
10. DATA RETENTION
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected and to meet our legal, regulatory, and operational requirements.
Retention periods vary depending on the nature of the information, the purpose for which it was collected, and the legal, regulatory, and operational requirements that apply. For example, information relating to product safety, pharmacovigilance, or legal compliance may be retained for longer periods than routine website interaction data. Where permitted, we may de-identify or aggregate information so that it no longer identifies an individual, and we may retain and use this information.
11. SECURITY
We use administrative, technical, and physical safeguards designed to protect personal data in a manner appropriate to its sensitivity and the nature of the processing.
Crinetics uses reasonable and appropriate safeguards designed to protect personal data against unauthorized access, destruction, loss, alteration, disclosure, or misuse. These measures are designed to account for the sensitivity of the data and the nature of the processing and may include encryption in transit and at rest, access controls, and monitoring. No security measure is perfect, and Crinetics cannot guarantee absolute security. You should also take steps to protect your information, including using secure networks and safeguarding your credentials.
12. ADDITIONAL STATE DISCLOSURES
If you live within the United States, you may have certain rights regarding our processing of your personal data under applicable local state law, including, for example, if you are a consumer in California. If our processing of your personal data is governed by such laws, the following provisions apply to our processing of your personal data, whether collected online or offline. These provisions supplement the information provided in Sections 1–11. If you are a resident of Connecticut, Nevada, or Washington, please refer to our Consumer Health Privacy Policy regarding the processing of data that may relate to your health.
As may be required under applicable local law, the information below describes, for the 12 months preceding the date last updated above: (a) the categories of personal data we have collected about you, (b) the sources of that personal data, (c) the business and commercial purposes for use, and (d) the categories of third-party recipients of your personal data.
In the past 12 months, Crinetics has collected the Personal Information described above under Section 3 from the sources listed therein. This information falls into the following categories of Personal Information under the CCPA:
- Identifiers
- Categories of Personal Information described in section 1798.80(e) of the California Civil Code
- Characteristics of protected classifications under California or federal law
- Commercial information
- Internet or electronic network activity information
- Professional or employment-related information
- Education information
- Sensitive information, including information that may reveal details about your health
Crinetics has disclosed these categories of information to its service providers/contractors for its business purposes in the preceding 12 months. Crinetics does not “sell” or “share” Personal Information, as those terms are defined under applicable law. We use and disclose sensitive data only for purposes expressly permitted under California law.
To exercise the rights you may have, please contact us at dataprivacy@crinetics.com or call us toll-free at (844) 235-9720. To protect your privacy and security, we will further verify and respond to your request consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request.
We may need to request additional Personal Information from you, such as your date of birth or government identifier, to protect against fraudulent or spoofed requests. If we are unable to verify your identity, we may be unable to respond to your request. Please note that we may need to retain certain Personal Information for recordkeeping purposes or to complete any interactions that you began prior to requesting a change or deletion.
You may also be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a legally valid power of attorney. We may also follow up with you directly to verify your identity before processing the authorized agent’s request, consistent with applicable law.
13. YOUR PRIVACY RIGHTS
We honor the privacy rights afforded to you under applicable laws and are committed to providing individuals with reasonable means to understand, access, correct, or otherwise exercise control over their personal data.
Depending on your location, you may have legal rights regarding your personal data. These rights are not absolute and may be subject to exceptions or limitations.
If you are located in the European Economic Area, the United Kingdom, Switzerland, Brazil, or another jurisdiction with similar rights, you may have the right to request access to your personal data, correction of inaccurate data, deletion, restriction of processing, object to certain processing, or receive a portable copy of certain personal data. Where we rely on consent, you may withdraw that consent at any time. You may also have the right to object to processing for marketing purposes, including profiling, and to lodge a complaint with a supervisory authority.
If you are a resident of California or another U.S. state with an applicable consumer privacy law, you may have the right to know the categories of personal data we collect, the sources of that information, the purposes for which we use it, and the categories of third parties to whom we disclose it. You may also have the right to request access, deletion, correction, and portability, and to opt out from the sale or sharing of your personal data, from targeted advertising, or certain profiling based on your personal data, depending on the law that applies. You may also have rights relating to sensitive personal data or consumer health data under certain laws.
To exercise applicable rights, please contact us using the information in this Notice or use any rights request method made available through our website. We may need to verify your identity before acting on a request. In some jurisdictions, you may designate an authorized agent to act on your behalf, subject to verification requirements.
14. CHILDREN’S PRIVACY
Our digital properties are intended for adult individuals, and we do not knowingly collect personal data directly from children.
Our websites and other digital properties are not directed at, or marketed to, nor intended for children, and Crinetics does not knowingly collect personal data directly from children through those channels.
15. THIRD-PARTY WEBSITES AND FEATURES
Our websites may contain links to third-party websites, applications, plug-ins, embedded content, or social media features. Those third parties may collect information independently and operate under their own privacy notices and terms. Crinetics is not responsible for the privacy, security, or content practices of third-party services that are not owned or controlled by us. We encourage you to review their privacy notices before engaging with them.
16. CHANGES TO THIS NOTICE
We may revise this Notice from time to time to reflect changes in our data practices, technologies, legal obligations, or business operations.
17. CONTACT US
If you have questions about this Notice or our privacy practices, or if you wish to exercise an applicable privacy right, please contact us at:
Crinetics Pharmaceuticals, Inc.
6055 Lusk Blvd
San Diego, California 92121 USA
dataprivacy@crinetics.com
You can contact Crinetics’ Data Protection Officer by emailing: crinetics.dpo@mydata-trust.info
If you are dissatisfied with our response or believe we are not processing your personal data in accordance with the law, you may file a complaint with a relevant regulatory authority (e.g., a Supervisory Authority or your state’s Attorney General).
Latest update: May, 2026
Transforming Endocrine Disease Treatment
Be the first to know about the advances we're making in endocrine-rooted care.
Email Signup
Please click CONTINUE below to learn more about a new treatment option. This website contains information about a prescription medicine.
