Privacy Policy

Effective Date: July 2025

  1. Introduction. This Privacy Policy (the “Policy”) of Tonix Pharmaceuticals Holding Corp. and its corporate affiliates, including Tonix Pharmaceuticals, Inc. and Tonix Medicines, Inc., (“Tonix”), explains how Tonix collects, uses, and discloses personal information in connection with our websites, services, products, and customer relations and patient support systems (collectively, “Services”). Tonix takes individual privacy seriously and we endeavor to inform you of the uses that we have for personal information that we obtain from you (collectively, “Personal Information”). We will take reasonable steps to protect your privacy consistent with the guidelines set forth in this Policy and applicable laws. In this Policy, “user,” “your,” or “you” generally refers to any individual from whom we obtain Personal Information, whether by browsing our websites, utilizing our customer relations or patient support systems, submitting any request or communication to us, creating any account for the use of our services or products, submitting a job application to us, participating in any other activities with us, or accessing information through our Services. As the manners in which we obtain Personal Information and our uses for Personal Information may change, we encourage you to return to and reread this Policy from time to time. By accessing or using our Services, you acknowledge that you have read, understand, and agree to be bound by this Policy. If you do not agree to the terms of this Policy, do not use our Services.This Policy applies to Personal Information that Tonix obtains from job applicants during their application process, but does not apply to employees of Tonix. Tonix has established standards for the protection and use of employees’ data in its Employee Handbook in accordance with applicable law. A copy of the Employee Handbook is generally available to employees upon request.
  2. What Information Do We Collect? We may collect two types of Personal Information from you: (i) Individualized Information, and (ii) Device Information:
    1. Individualized Information. We may collect certain Individualized Information from you when you use our Services; subscribe to any Tonix electronic or non-electronic mailing list; submit any request for information, press or media inquiry, or job application to us; request that we provide any service or product; purchase any service or product from us; or otherwise interact, communicate, or engage with Tonix. Depending on the circumstances and the level of detail that you provide, this “Individualized Information” may include: your first and last name, email address, telephone number, postal address, education or work history or background, demographic data, income, or other information related to your individual interest in or need for Tonix’s services or products or a job with Tonix. If we obtain your Individualized Information from other sources, we may add it to the Individualized Information that we have already collected from you in order to improve our services, products, and/or Services.
    2. Device Information. We may collect certain web tracking information about the device that you use to connect to and browse our Services. Depending on the circumstances, this “Device Information” may include, but is not limited to: information about your web browser (e.g., browser type, domain names, access times, and operating system), Internet protocol address (“IP address”); individual websites that you have reviewed; websites or search terms that referred you to our Services; how you interact with our Services; time zone; or information about the cookies installed on your device. As described in Section 3, we may use cookies and navigational data like Uniform Resource Locators (“URLs”) to gather information regarding the date and time of your visit and the information for which you searched and viewed.
  3. Cookies.
    1. What are Cookies? A cookie is a small file containing a string of characters that is sent to your browser when you visit a website. When you visit the website again, the cookie allows the website to recognize your browser. Cookies also may store user preferences and other information. Cookies offer a form of convenience in that they save the user time by allowing the website to identify preferences that the user has displayed or selected in the past.
    2. Does Tonix Use Cookies? Tonix may use cookies from time to time for several reasons. Some cookies are required for technical reasons for our Services to operate. Other cookies enable us to track and target the interests of users to enhance their experience on our Services. For example, depending on the circumstances, we may use cookies to collect data regarding the specific pages you visit on our websites. This data is used to determine which pages are most helpful to you or popular to our users in general, and to deliver customized content on or in our Services to users whose behavior indicates that they are interested in a particular subject area.
    3. How Can You Control Cookies? You should visit your browser’s help menu for instructions on how to manage cookies and additional information. Tonix is not responsible for making this selection for you. If you choose to reject cookies, your access to some functionality and areas of our Services may be restricted. For more information on how cookies work and how to control them, you may visit allaboutcookies.org.
  4. How Do We Use Your Information?
    1. Use of Personal Information. We may use Personal Information for a variety of purposes including, but not limited to: providing or communicating with you regarding our services and products; establishing and maintaining user accounts; providing updates on our services and products; processing orders and transactions (including payments); verifying user information; evaluating, processing, tracking, and communicating with you regarding job applications that you have submitted to us; detecting security incidents that may compromise the confidentiality of Personal Information in our possession; maintaining or improving the effectiveness, quality, or safety of our services and products; or enforcing our legal rights or as required by applicable law or requested by any judicial process or government agency. Depending on the circumstances and in accordance with applicable law, we may also generally use your Personal Information for any other legitimate business interest of ours so long as the use is fair, proportionate, and does not unduly impact any of your privacy rights.
    2. Use of Device Information. We may also specifically use Device Information for a variety of purposes including, but not limited to: helping us screen for and prevent potential risk and fraud (in particular, through any IP address we collect from you); diagnosing and mitigating errors on or within our Services; administering and optimizing our Services; making our services and products more useful and effective; generating analytics about how users browse and interact with our Services; assessing the success of any marketing or advertising campaigns; or storing user preferences. Using Device Information for these purposes allows us to determine which features of our Services users like best and generally helps us improve and secure the Services and personalize each user’s experience.
    3. Consent. In addition to the uses described in Section 4.1 and Section 4.2, we may further use your Personal Information for any legal purpose to which you expressly consent.
    4. Minimum Amount Necessary. Tonix (including our individual staff members) will not use your Personal Information beyond the minimum amount and scope necessary to achieve the above purposes without first obtaining your consent.
    5. License to Use Your Content. Please note that by sending us messages or inquiries, uploading files, inputting data, or engaging in any other form of communication through our Services, you are granting us a license to use, reproduce, disclose, publish, distribute, and otherwise exploit in any manner the content of any such message, inquiry, file, data, or communication. This license is granted to us without restriction and without the requirement that we compensate you in any way. We are under no obligation to maintain any such message, inquiry, file, data, or communication in confidence, or to provide you with any response or confirmation of receipt.
    6. Aggregated Data. To the extent permitted under applicable law, we may also create statistical, de-identified, anonymized, or aggregated data (collectively, “Aggregated Data”) relating to our users and our Services to use for analytical, research, or any other legal purposes. Aggregated Data includes data derived from Personal Information and data collected by Tonix from other sources that has been anonymized so that it does not relate to and could not reasonably be used to identify any individual.
    7. Email Communications. If you provide us with your email address, we may in the future begin to send you administrative, informational, or promotional emails, including newsletters. If you wish to opt out of these emails or newsletters, you may do so by following the “unsubscribe” instructions in the email.
  5. What Information Do We Share or Disclose?
    1. Disclosure of Personal Information. We generally will not share or disclose Personal Information with any third-parties, except in accordance with applicable law under the following circumstances:
      1. When you have consented to us sharing or disclosing your Personal Information.
      2. When the Personal Information is shared with or disclosed to a parent company, subsidiary, joint venture, or other entity under common control with us in order to achieve any of the purposes described in Section 4.
      3. Subject to the terms of a confidentiality agreement, in connection with, and for the purposes of, a business deal (or negotiation of a business deal) involving the sale or transfer of all or a part of our business or assets. These deals may include any merger, financing, acquisition, or bankruptcy proceeding.
      4. With a third-party contractor engaged to provide management, administrative, human resources (including job application), or other support services on our behalf (each, a “Contractor”), which require the Contractor to have access to Personal Information. In this instance, we will generally enter an agreement with the Contractor limiting their use of the Personal Information to the minimum amount necessary to perform the services for which we have engaged them; requiring the Contractor to report any suspected or actual breach of security or other incident related to the Personal Information to us; and requiring the Contractor to adhere to the same level of privacy requirements that are required of us by all applicable law. By accessing or using our Services, you consent to our sharing your Personal Information with any Contractors and to the Contractors’ use of your Personal Information in accordance with all applicable law, this Policy, and the other terms and conditions applicable to our Services.
      5. To detect, prevent, or otherwise address security, fraud, or technical issues.
      6. To ensure the personal safety of any individual, including our staff members or job applicants, users of our Services, or members of the public.
      7. To the extent required to comply with legal obligations, processes, or requests; enforce our policies, contracts, and agreements (including this Policy); or protect or defend our legal rights.
    2. Aggregated Data. To the extent permitted by applicable law, we may in our sole discretion disclose any Aggregated Data that does not contain Personal Information to any third-parties for any legal purpose.
    3. Network Operators. Use of our Services may involve the use of third-party search engine operators or telecommunications carriers. These operators are not our Contractors, and any information that these operators collect in connection with your use of our Services is not a part of our collected Personal Information and is not subject to this Policy. We are not responsible for the acts or omissions of these operators.
  6. Your Rights Regarding Your Information.
    1. Privacy Settings / Right to Remove. If you would like Tonix to permanently remove your Personal Information from our database, please call us at 862-799-8599 or email us at privacy@tonixpharma.com. We may ask you to provide a copy of your driver’s license or other identifying documents to assist us in processing your request. Tonix may still contact users who have requested that their Personal Information be permanently removed for administrative purposes. The removal of your Personal Information may take some time to complete and may be subject to certain restrictions, consistent with applicable law. Please also note that the removal of any Personal Information will not necessarily result in the removal of records of past transactions or the deletion of information stored in our data archives. Aggregated Data is not subject to requests for removal.
    2. Access / Updates. Tonix will, to the best of our ability and in accordance with applicable law, allow you to access, review, correct, or add to your Personal Information held in our database. You may also request additional details regarding the business or commercial purpose(s) for which we have collected your Personal Information. To make any such request, please call us at 862-799-8599 or email us at privacy@tonixpharma.com. We will make our best efforts to process your request promptly once we receive it. In any event, we will confirm receipt of your request within 10 days and will respond to your request within 45 days. If a response requires additional time, we will notify you of the basis for the delay and may extend our response period up to an additional 45 days. Please note that we may ask you certain follow-up questions prior to processing your request to confirm your identity and the specific Personal Information that is the subject of your request, in accordance with applicable law.
  7. Additional Policies.
    1. Security. To the extent required by applicable law, Tonix will utilize appropriate, commercially reasonable administrative, technical, and physical safeguards to protect Personal Information against unauthorized access, deletion, loss, alteration, or misuse. However, no Internet transmission is completely secure, and we cannot guarantee that security breaches will not occur. We are not responsible for the actions of hackers and other unauthorized third-parties that breach our appropriate, commercially reasonable safeguards. Additionally, to the extent that your use of our Services requires you to create an account and password, you are solely responsible for maintaining the secrecy of this login information. This Policy is not intended to confer, nor does it confer, any rights or remedies to users.
    2. Third-Party Activity. Our Services may contain links to other websites, cookies, or other materials from, or which may be operated by, third-party entities. The information practices and privacy policies of these third-party entities may be different than those of Tonix. We are not responsible for any actions or omissions by any such third-party entities. This Policy applies only to Personal Information collected by Tonix.
    3. Data Retention. Unless you ask us to delete your Personal Information sooner, we will maintain it until such time that we determine, in our sole discretion, that (i) it is no longer necessary for any purpose for which we may use it in accordance with this Policy; and (ii) it may be destroyed or deleted in accordance with applicable law.
    4. Do Not Track. We do not respond to Do Not Track (DNT) signals or requests. DNT is a web browser setting that informs a website that you do not want to be tracked.
    5. Accessibility. Any person with a disability that prevents or restricts them from accessing this Policy through our Services may request a copy in an alternative format by calling us at 862-799-8599 or emailing us at privacy@tonixpharma.com.
    6. Children. The Children’s Online Privacy Protection Act imposes certain requirements on certain companies that have actual knowledge that they collect Personal Information from children under 13 years of age. Tonix does not knowingly collect or maintain Personal Information from persons under 13, and no part of our Services are directed at persons under 13. If you are under 13, please do not use our Services. We will delete the Personal Information of persons under 13 if we determine that it has been collected without verifiable parental consent. Additionally, if you are above 13 but under the age of majority in the jurisdiction in which you are located, you should only use the Services and/or send Personal Information to Tonix with the authorization and approval of your parent or guardian.
    7. Users from Outside the United States. Tonix and its servers are located and operate in the United States, subject to the applicable laws of the United States. By using our Services, you consent to our collection of your Personal Information as described in this Policy and the transfer of your Personal Information to the United States. You further consent to our subsequent transfer of your Personal Information outside of the United States to the extent that such transfer is made to a Contractor that is based outside of the United States and the safeguards described in Section 5.1.4 of this Policy are otherwise satisfied. Those who choose to access our Services do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules, and regulations. We may limit our Services’ availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. We do not represent or warrant that our Services, or any part thereof, is appropriate or available for use in any other jurisdiction. If you choose to access or use our Services, you consent to the use and disclosure of information in accordance with this Policy and subject to all applicable laws.
    8. Amendments. Tonix will review this Policy from time to time and may modify or amend it as necessary to comply with applicable law. We may also update the Policy to reflect changes to our practices or for other operational reasons. If we make any material changes to how Personal Information is collected, used, disclosed, or transferred, we will notify you of these changes by modifying the version of this Policy that is available for your review on or in our Services. Accordingly, we encourage you to review this Policy from time to time. Notwithstanding any modifications we may make, all Personal Information will be treated in accordance with the version of the Policy that is/was in effect at the time the Personal Information was collected, unless we obtain your consent otherwise.
  8. Notice for Residents of European Economic Area, United Kingdom, or Switzerland.
    1. No Marketing to Such Residents. We do not market or promote our services and products to residents of Europe, the United Kingdom (UK), or Switzerland, and are not subject to Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and free movement of Personal Information, known as the General Data Protection Regulation (“GDPR”). If you reside in the European Economic Area (“EEA”), UK, or Switzerland, please be aware that if you voluntarily provide us with any Personal Information, that information will be transferred from your location to data centers located in the United States for processing, and this transfer will be deemed to have been made with your consent.
    2. Rights Honored. Although we are not subject to the GDPR, we will generally make commercially reasonable efforts to honor your data privacy rights upon request, subject to certain limitations. If you reside in the EEA, UK, or Switzerland, you have the rights, as applicable under the GDPR, to:
      1. Request an accounting of Personal Information that we possess that pertains to you in an electronically portable format.
      2. Request that we correct or update Personal Information that pertains to you.
      3. Request that we delete Personal Information that pertains to you.
      4. Fully or partially withdraw your consent to the collection, processing, and/or transfer of your Personal Information.
    3. Requests and Complaints. Please call us at 862-799-8599 or email us at privacy@tonixpharma.com to request an accounting of your Personal Information, a correction or update to your Personal Information, deletion of your Personal Information, or to withdraw your consent to the collection, processing, and/or transfer of your Personal Information. We will make our best efforts to process your request promptly once we receive it unless there are legitimate grounds for further processing the Personal Information that override your interests, rights, and freedoms, or unless we further process the Personal Information only for the establishment, exercise, or defense of legal claims. If you believe we are unlawfully possessing, using, or disclosing your Personal Information, you have the right to complain to your local data protection supervisory authority. You can find contact details here: https://edpb.europa.eu/about-edpb/board/members_en.
  9. Contact. Please call us at 862-799-8599 or email us at privacy@tonixpharma.com in the event you have any questions or requests for us, wish to submit a complaint about how we have processed any Personal Information, or would like to contact us for any other reasons. We will deal with any complaints or requests as soon as possible, and without prejudice to you. If you submit a complaint to us, you may of course also file any complaint with a relevant government agency in the state or jurisdiction in which you live or work.