Privacy Policy

Effective date: June 8, 2023

At TScan Therapeutics, Inc. (“TScan”) we know you care about how your Personal Data is used and shared, and we take your privacy seriously.  This “Privacy Policy” describes how TScan collects, uses, discloses and otherwise processes Personal Data in connection with TScan’s website (“Site”).

By using or accessing our Site, you acknowledge that you accept the practices detailed in this Privacy Policy.  If you do not agree to the terms of this Policy, please do not use our Site. This Policy governs your access to and use of the Site.

Changes to this Privacy Policy

TScan may make changes to this Privacy Policy from time to time. Generally, our most updated Privacy Policy will be available on this Site with no specific notice to you. However, when material changes are made to this Policy that significantly impact your privacy rights, we will specifically notify you of such changes and indicate such on this Site.

Personal Data Collected by TScan

We may collect Personal Data directly from you when you voluntarily provide it to us through our Site or otherwise share it with us. This includes:

  • Personal and Business Contact Information, such as your first name, last name, postal address, email address, telephone number, job title, and employer name;
  • Professional Credentials, such as educational and work history, institutional affiliations and other information of the type that would be included on a resume or curriculum vitae;
  • Profile Information, such as your username and password, industry, interests and references; and
  • Feedback and Correspondence, such as information you provide when you report a problem with our Site, receive customer support or otherwise correspond with us.

We may also collect Personal Data automatically such as site usage information and information about you and your computer or mobile device when you access our Site. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, and access times and information about your use of, and actions on, our Site.  We collect this information about you using cookies or similar technologies. Please refer to the section below for more details.

We do not knowingly collect Personal Data from children in connection with our Site. If we become aware that an individual under the age of 16 has provided Personal Data through our Site, we will immediately remove the individual’s Personal Data.  We request that parents and guardians do not use the Site or email to provide us with any Personal Data concerning children.

Any communications relating to clinical trials should be made through the communication channels described in the applicable informed consent, patient information sheet or other instructions provided to clinical trial participants.

Use of “Cookies” and Similar Technologies

Cookies are alphanumeric identifiers that are transferred to your computer’s hard drive through your web browser to help us identify you when you come to our Site. Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a better experience when you use our Site and allows us to improve our site.

You have choices with respect to cookies.  By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies.  If you choose to reject all cookies, you may be unable to use those aspects of our Site that require registration to participate.  You can learn about cookies and how they work at

You can disable cookies through your browser settings. Doing so, however, may disable certain features on our Site.  If applicable, you can opt out from third-party cookies that are used for advertising purposes on the NAI website at

If you are accessing this site from the EU or UK, your consent to the placement of cookies indicates your consent to the transfer of data collected by such cookies to third countries that may not have a level of data protection comparable to the EU or UK. You can always withdraw your consent by adjusting your preferences.  Depending on which Site you visit, we may use the following categories of cookies:

  • Strictly Necessary Cookies. These cookies are required for the operation of our Site. These cookies cannot be switched off.  You can set your browser to block these cookies, but as a result, some parts of our Site will not work as designed.
  • Analytics and Performance Cookies. Analytical cookies allow us to analyze traffic to our Site and how our Site is used.  For example, we use analytical cookies to count the number of visitors and sources of web traffic so we can see how users move around our Site. This helps us improve the way our Site works, for example, by ensuring that users can easily find what they are looking for. This “analytics data” is only available in aggregate and cannot be used to identify you.
  • Functional Cookies. These cookies allow our Site to remember choices you make when you use our Site. The purpose of these cookies is to provide you with a more personal experience and to avoid you from having to re-select your preferences every time you visit our sites.
  • Targeting Cookies. These cookies may be set through our site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly Personal Data directly, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

We may also use cookies, pixels, beacons, or other web tracking technologies to track the amount of time spent on our Site and whether certain content, such as a video, was viewed. We may work with a trusted third party to collect and process this information for us, based on our instructions and in compliance with this Policy.

How we use your Personal Data

To provide you with information and administer our Site. We use your Personal Data to give you the best possible experience on our Site.  More specifically, we use your Personal Data to:

  • operate, maintain, administer and improve our Site;
  • consider your application for employment with TScan;
  • communicate with you regarding our programs, events, or activities, including by sending you technical notices, updates, security alerts, and support and administrative messages;
  • better understand your needs and interests, and personalize your experience with the Site;
  • provide support and maintenance for our Site; and
  • respond to your service-related requests, questions and feedback.

To communicate with you. If you request information from us, we may send you communications as permitted by law. You can opt out of such communications by contacting us at

To comply with the law. We use your Personal Data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal processes, such as to respond to requests from government authorities.

With your consent. We may use or share your Personal Data with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, or when you instruct us to take a specific action with respect to your Personal Data.

For compliance, fraud prevention and safety. We may use your Personal Data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern use of our Site; (b) protect our rights, privacy, safety or property; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

For analytics purposes. We may use third parties, such as Google Analytics or other analytics providers, to analyze traffic to a Site. Google Analytics does not create individual profiles for visitors and only collects aggregate data.  To disable Google Analytics, download the browser add-on for the deactivation of Google Analytics provided by Google at  You can find additional information about Google Analytics at

How We Share Your Personal Data

We do not sell your Personal Data. We disclose Personal Data to third parties under the following circumstances:

  • Affiliates. We may disclose your Personal Data to our subsidiaries and corporate affiliates for purposes consistent with this Policy.
  • Service Providers. We may employ third-party companies and individuals to administer and provide services on our behalf (such as training, customer support, website hosting, email delivery and database management services). These third parties use Personal Data only as directed by us and in a manner consistent with this Policy.
  • Professional advisors. We may disclose your Personal Data to professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Compliance with Laws and Law Enforcement; Protection and Safety. We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests, such as to respond to requests from government authorities; (b) enforce the terms and conditions that govern use of the Site; (c) protect the rights, privacy, safety or property of users of our Site and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Policy.

Legal Bases for Processing

If you reside in the United Kingdom, European Economic Area (“EEA”) or Switzerland, we are required to inform you of the legal bases of our processing of your Personal Data on our Site, which are provided below:

Processing purpose Legal basis
To provide services Processing is necessary to provide services to you or to take steps that you request prior to providing those services.
To communicate with you

For compliance, fraud prevention and safety purposes

To create anonymous analytics

These processing activities are based on TScan’s legitimate interests.  We consider and balance potential impact on your rights and do not process your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law Processing is necessary to comply with our legal obligations.
With your consent Processing is based on your consent. Where we rely on consent, you have the right to withdraw it at any time.

International Data Transfers

TScan is based in the United States and may have, now or in the future, third-party service providers located in other countries.  TScan currently does not knowingly collect Personal Data of residents outside the United States on our Site.  If you are not a resident of the United States and your Personal Data is transferred to the United States or other locations outside of your country where privacy laws may not be as protective as those in your country, TScan will process and transfer your Personal Data in accordance with applicable laws and this Policy regardless of where your Personal Data is stored or accessed.  Our third-party service providers are contractually bound to process Personal Data in a manner that is consistent with this Policy and applicable data protection laws.

Securing your Personal Data

TScan uses reasonable administrative, physical, and technical safeguards to secure Personal Data you share with us. However, we cannot guarantee complete security of your Personal Data.

Any email or other communication purporting to be from one of our websites asking you to provide sensitive information (including medical information) via email, should be treated as unauthorized and suspicious and should be reported to us immediately by emailing


We will only retain Personal Data for as long as is necessary to fulfill the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose).  This does not affect your right to request that we delete your Personal Data before the end of its retention period.  We may archive Personal Data (storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures. In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Requests Regarding your Personal Data

If you reside in the United Kingdom, EEA or Switzerland, you may request that we take the following actions with regard to your Personal Data by contacting us at

  • Access: Provide you with information about our processing of your Personal Data and give you access to your Personal Data.
  • Correction: Update or correct inaccurate Personal Data.
  • Deletion: Delete your Personal Data.
  • Transfer: Transfer a machine-readable copy of your Personal Data to you or a third party of your choice.
  • Restriction: Restrict the processing of your Personal Data.
  • Objection: Object to our legitimate interest as the basis of our processing of your Personal Data.

We may require additional information to verify and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will inform you of such decision, subject to legal restrictions.

If you are a resident of the United Kingdom, EEA or Switzerland, you have the right to file a complaint concerning our processing of your Personal Data with your national (or in some countries, regional) data protection authority.

Contact Us

To contact us with questions or comments regarding this Policy or the information collection and dissemination practices of this website, or to request this Policy in an alternative format due to a disability, please email us at, or write to us at:

TScan Therapeutics, Inc.
880 Winter St.
Waltham, MA 02451
Attn: Privacy Officer