Cookie Policy.

This Cookie Policy is effective as of [date to be set on approval].

We will update the Effective Date at the top of this page whenever we make material changes. The version that applies to your visit is the version published at the time you accessed the website.

This Cookie Policy explains how Burna AI, Inc. ("Burna AI," "we," "us," or "our") uses cookies and similar tracking technologies when you visit our public website at burna.ai and related marketing subdomains (collectively, the "Website").

This policy is a companion to our Privacy Policy, which describes more broadly how we collect, use, and protect personal information. Where this Cookie Policy is silent, the Privacy Policy governs.

Our approach to cookies

Burna AI builds clinical software for oncology research and post-market drug safety. We take privacy seriously, and we apply that standard to our marketing website as well. We aim to:

1. Minimize. Use the smallest set of cookies necessary to operate the Website and understand whether our content is useful.
2. Consent. Obtain opt-in consent for any non-strictly-necessary cookies from visitors in jurisdictions that require it, including the European Economic Area, the United Kingdom, and Brazil.
3. Control. Give every visitor, regardless of jurisdiction, clear and accessible tools to review, accept, reject, and change their cookie preferences at any time.

A cookie is a small text file that a website places on your device (computer, phone, or tablet) through your browser. Cookies let a website remember information about your visit, such as your language preference or whether you have dismissed a banner, so the next page or the next visit works correctly.

Session cookies exist only while your browser is open and are deleted automatically when you close it. Persistent cookies remain on your device for a defined period or until you delete them manually.

First-party cookies are set directly by burna.ai. Third-party cookies are set by services other than burna.ai when you interact with embedded content or follow outbound links. We do not control third-party cookies, and they are governed by the privacy policies of those services.

Similar technologies

This policy also covers technologies that work like cookies even when they are not technically cookies, including:

• Pixels (sometimes called web beacons or tracking pixels): small invisible images that record that a page or email was opened.
• Local storage and session storage: browser features that store small amounts of information directly on your device.
• Fingerprinting: techniques that infer information about a visitor by combining signals such as screen size, time zone, fonts installed, and user agent. Burna AI does not use fingerprinting on its public website.

We group the cookies on our Website into four standard categories.

4.1 Strictly necessary

Required for the Website to function. Without them, basic features such as navigation, security, and accessibility would not work. You cannot disable strictly necessary cookies through our consent banner, although you can block them at the browser level. Examples: session management for forms, CSRF protection, load balancing, and accessibility or display preferences such as theme and language.

Legal basis (EU and UK): exempt from consent requirements under the ePrivacy Directive and UK PECR because they are strictly necessary to provide the service you have requested.

4.2 Functional

Functional cookies remember choices you make to give you a better experience on return visits. They are not required for the Website to work, and you can disable them through your browser or our consent banner. Examples: remembering that you signed up for our newsletter, that you dismissed a banner, or your form field values during a single visit.

Legal basis (EU, UK, Brazil): consent.

4.3 Analytics

Analytics cookies help us understand, in aggregate, how visitors find and use the Website so we can improve the content. We are interested in patterns, not in identifying individual visitors.

Legal basis (EU, UK, Brazil): consent if the chosen tool sets non-essential cookies. No consent required if the tool is fully cookieless and does not process personal data (still subject to confirmation).

4.4 Marketing and advertising

Burna AI does not run paid advertising or remarketing campaigns at this time, and therefore does not set marketing or advertising cookies on its public website. We do not use display or programmatic advertising pixels, retargeting or remarketing cookies, conversion tracking pixels, or social advertising pixels (for example, Meta Pixel, LinkedIn Insight Tag, or X conversion pixel).

If this changes in the future, we will update this Cookie Policy and, where required, request your consent before any marketing cookies are set.

The table below describes the individual cookies set on burna.ai. It is provided so you can see exactly what is on your device, why it is there, and how long it stays.

If you see a cookie on burna.ai that is not listed in this table, please contact privacy@burna.ai so we can investigate and update the policy.

When you interact with content on burna.ai that is hosted or served by a third party, that third party may set its own cookies on your device. We do not control these cookies, and they are governed by the privacy and cookie policies of the third party.

Common situations where this can happen:

• Outbound links to social profiles such as our LinkedIn company page, X account, or GitHub organization.
• Embedded video. Where possible, we use privacy-enhanced embed modes that defer cookie placement until you actively engage with the video.
• Calendar booking. If we link out to a scheduling tool, that tool sets its own cookies on the page where you book.

We provide links to the cookie policies of services we most commonly link to:

• LinkedIn: linkedin.com/legal/cookie-policy
• X (formerly Twitter): help.x.com/en/rules-and-policies/x-cookies
• GitHub: docs.github.com (GitHub Privacy Statement)
• YouTube (Google): policies.google.com/technologies/cookies
• Vimeo: vimeo.com/cookie_policy

We do not embed or link to advertising networks. If we add a new third-party embed or service that places cookies, we will update this policy and, where required, request your consent before the third-party cookies are set.

Browser settings

All major browsers let you view, block, and delete cookies on a per-site or global basis:

• Google Chrome: support.google.com/chrome
• Apple Safari (macOS): support.apple.com (Safari for macOS)
• Apple Safari (iOS): support.apple.com (Safari for iOS)
• Mozilla Firefox: support.mozilla.org
• Microsoft Edge: support.microsoft.com/microsoft-edge
• Brave: support.brave.com

Blocking all cookies will prevent some parts of the Website from working correctly. Blocking only non-essential cookies should leave the Website functional.

Consent banner

Where required by law (EU, UK, Brazil), we display a consent banner on your first visit. You can accept all cookies, reject all non-essential cookies, or open a preferences panel to make granular choices. You can change your choices at any time by clicking the "Cookie Preferences" link in the website footer.

Global Privacy Control (GPC)

Burna AI honors the Global Privacy Control signal as a valid opt-out of the "sale" or "sharing" of personal information under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and equivalent state laws. If your browser or extension sends a GPC signal with your request, we will treat that as an opt-out for the categories where GPC is recognized as a valid opt-out mechanism.

Specific opt-outs

Because we do not run advertising, we do not currently offer ad-network-specific opt-outs. If we add advertising in the future, we will provide direct opt-out tooling and link to industry opt-out programs such as the Digital Advertising Alliance (DAA), the Network Advertising Initiative (NAI), and the European Interactive Digital Advertising Alliance (EDAA).

If you visit burna.ai from the European Economic Area, the United Kingdom, Switzerland, or Brazil, we apply the following consent flow:

• First visit. Before any non-strictly-necessary cookies are set, we display a consent banner with three clear options: accept all, reject all non-essential, or open preferences.
• Granular control. The preferences panel lets you accept or reject each non-strictly-necessary category (functional, analytics) independently. Strictly necessary cookies cannot be disabled and are clearly labeled as such.
• Recording consent. We record your choice in a first-party cookie so we do not ask again on every page or every visit. The consent record is retained for 12 months. After that, we will show the banner again to refresh your choice, in line with guidance from European data protection authorities.
• Withdrawing consent. You can withdraw consent at any time by clicking "Cookie Preferences" in the website footer, which reopens the preferences panel. Withdrawing consent applies going forward; it does not affect the lawfulness of processing that occurred before withdrawal, but cookies set under the prior consent will be cleared when feasible.
• Equal weight. Accept and reject options are presented with equal visual prominence. We do not use dark patterns to push you toward acceptance.

For visitors outside these jurisdictions, the same preferences panel is available through the footer link, and the same control options apply. We extend a consistent set of controls to all visitors regardless of where they are located.

Do Not Track (DNT). Some browsers offer a "Do Not Track" setting that sends a signal to websites asking them not to track the user across the web. Because there is no consistent industry or regulatory standard for how websites should respond to DNT, and because the signal does not distinguish between cookie categories, Burna AI does not currently respond to DNT signals. We use the consent banner and browser controls described above instead.

Global Privacy Control (GPC). GPC is recognized as a valid opt-out signal under California law and several other United States state privacy laws. Burna AI honors GPC for the categories where it is recognized as a valid opt-out, including opt-out of "sale" or "sharing" of personal information under CCPA/CPRA. Because we do not sell or share personal information for cross-context behavioral advertising, the practical effect of GPC on our Website is limited, but we record and respect the signal as a matter of policy.

If a future regulation or industry consensus establishes a standard response to DNT, we will update this policy and our implementation accordingly.

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, the services we integrate with, or applicable law.

• Minor updates (typographic fixes, clarifications that do not change practice): we will update the Effective Date at the top of the page.
• Material changes (new cookie categories, new third-party services, changes to consent flow, changes to retention): we will update the Effective Date, post a notice on the Website, and, where required by law in your jurisdiction, request fresh consent before the new processing begins.

We encourage you to review this Cookie Policy periodically. The version published at burna.ai/cookies at the time of your visit is the version that applies to that visit.

If you have questions about this Cookie Policy, about the cookies set on your device by our Website, or about how to exercise your rights, please contact us at the address below.

For broader privacy questions or to exercise rights under GDPR, UK GDPR, CCPA/CPRA, LGPD, or other applicable laws, please see our Privacy Policy, which describes the full set of rights available to you and how to exercise them.