Privacy Notice
Madrigal Pharmaceuticals, Inc. Privacy Notice
Last Updated: November 19th, 2025
Introduction
Madrigal Pharmaceuticals, Inc. and its affiliates and subsidiaries (collectively “Madrigal” or “we” or “us” or “our”) respect your privacy. This Privacy Notice explains what information we collect through our websites, including www.madrigalpharma.com and any other website Madrigal owns (Our “website(s)”), how we use it and how we protect it.
“Personal Information” is information, or a combination of pieces of information, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, consumer, household, or device, or as otherwise defined by applicable data protection laws. This notice also informs you about your privacy rights.
It is our goal to be transparent about the use of your information so please read this notice carefully to understand our policies and practices. This Privacy Notice may change from time to time, so please check periodically for updates. For European data protection law purposes, Madrigal Pharmaceuticals, Inc. will act as the controller of your Personal Information processed as set out in this Privacy Notice.
BY USING OUR WEBSITES OR SHARING YOUR PERSONAL INFORMATION WITH US, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD HOW WE COLLECT, USE AND DISCLOSE YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY NOTICE. However, this does not equate to consent for the purposes of European data protection laws.
Information We Collect About You and How We Collect It
We collect several types of information, and we collect this information:
- Directly from you when you voluntarily provide it to us.
- Automatically as you navigate through the website.
- From certain third parties, like technology partners and analytics providers.
- From any inferences we may draw or related to the information provided below.
Please note, information, including Personal Information, provided, or collected through the website will be through a third-party hosting service. We may also share information, including Personal Information, with third-party data storage providers.
The Personal Information we collect may include:
- Information you provide directly, for example, by filling out forms on the website. This may include, without limitation, your name, e-mail address, phone number and/or other information by which you may be personally identified.
- Information that you provide, for example, by sharing your professional resume, which may include, in addition to the information described in the above paragraph, your employment history, professional skills and related details.
- Information we or certain third parties may collect automatically as you navigate to, or otherwise interact with, the website. This information may include, without limitation:
- Your IP addresses, unique device identifiers, cookie identifiers, hash identifiers, device and browser settings and information, and internet service provider information.
- Information about your device and its internet connection, browsing activity, operating system, and browser type.
- Details of your visits to the website, including traffic and usage data, geolocation data, and other communication data and the resources that you access and use on the website.
- Information relating to your engagement with the content on the website and other usage details.
Our Use of Cookies and Analytics
We use cookies and similar technologies to automatically collect information through our website. We use these technologies to help identify irregular behavior, prevent fraudulent activity and improve security, as well as making it possible for you to save your preferences and help us understand how you interact with our services.
We also allow third parties (including Google and Meta) to use third party cookies, web beacons, and other storage technologies to collect or receive information about how you interact with our websites and apps and elsewhere on the Internet and use that information to provide analytics and other measurements services, and to deliver and target advertisements tailored to you. Third parties may also use some of these technologies to assist us in determining if you require assistance or are having problems navigating on our websites or apps, and this may include technologies that record your interactions with the website or app, including without limitation, your keystrokes, mouse clicks, screen touches, and information about when, how and from where you accessed our website or app.
To find out more about what cookies we use and how we use them, please consult our Cookies Notice
Our Third-Party Partners
We work with certain third-party companies, which may host and manage your interaction with our content. For example, when you navigate to our content through the website, you may be redirected to a third-party hosted website. We may share your Personal Information for the purposes set forth in this Privacy Notice with such third-party companies and they may also possess, obtain, or share information about you from your interactions directly with them.
Our website may also include embedded YouTube videos. When a visitor views an embedded YouTube video on our website, certain data related to that viewing may be shared with YouTube and/or Google, because YouTube is a service owned by Google. To learn more about YouTube’s data privacy policy, you may visit https://policies.google.com/privacy?hl=en .
We may also share Personal Information with other third-party companies that we work with, in the manner and for the purposes described in this Privacy Notice.
How We Use Your Information
We use information that we collect about you or that you provide to us, including Personal Information:
- To provide you with information regarding Madrigal’s products, services, and other information, and to improve the experience for visitors the website, to maintain proper business functions, and to engage with you and others. Legal Basis: legitimate interests, performance of a contract, and where required by applicable law, consent (e.g., for marketing purposes).
- To respond to you, such as when you complete a form on the website. Legal Basis: legitimate interests.
- To personalize your experience with us, including to present the website and its contents to you, remember your interests and preferences, and customize your experience. Legal Basis: legitimate interests and where required by applicable law, consent.
- For analytics, to understand how you use the website, track certain activity on and off the website, including by identifying the different websites you visit to understand how you search, and to determine the methods and devices used to access the website and improve the website. Legal Basis: legitimate interests and where required by applicable law, consent.
- For our business purposes, such as operating and improving upon our business, maintaining our programs, contacts, and records, determining your satisfaction with our website, detecting, and preventing fraud or misuse of our website and related services, and for any other legitimate business purpose. Legal Basis: legitimate interests and where required by law.
- For legal and safety purposes, such as defending or protecting us, our customers, you, or third parties, from harm or in legal proceedings, protecting or enforcing our rights, protecting our security and the security of our customers, employees, and property, responding to legal process, or addressing legal and regulatory compliance. Legal Basis: legitimate interests and where required by law.
- To fulfill any other lawful purpose for which you provide your information. Legal Basis: legitimate interests.
- To notify you about changes to the website or any products or services we offer or provide though it. Legal Basis: legitimate interests.
- To register you for and provide you with access to events / advisory boards (including, the administration and conduct of the relevant event / advisory boards). Legal Basis: legitimate interest, performance of a contract (e.g., where you are a speaker) and where required by applicable law, consent.
- Enabling the creation, distribution, broadcast or other use of any recordings made during the event / advisory board. Legal Basis: legitimate interests.
- Compliance with and satisfaction of legal obligations and regulatory requirements for the purposes of financial reporting / public disclosure obligations in relation to agreements with and/or payments and benefits to HCPs and healthcare organizations. Legal Basis: legitimate interests and where required by law.
- In any other way we may describe when you provide the information.
- For those who interact with us in a commercial capacity, we use your personal information to engage in business transactions with the entity you represent and market to or engage in diligence with the entities you represent. Legal Basis: legitimate interests.
If you are located in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”), you have a right to object to the processing of your Personal Information where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil all such requests. You are able to request a copy of the legitimate interest assessment. Where we need to collect the above-mentioned categories of Personal Information by virtue of a legal obligation or in light of a contract entered, or to be entered, into with you, and you do not provide this Personal Information when requested, we may not be able to comply with our legal obligations, provide you with the Services or perform the contract we have, or are trying to enter into, with you. In such cases we may have to terminate our relationship with you.
Categories of Personal Information We Sell or Share or Use for Targeted Advertising
When we engage in digital advertising or certain third party supported analytics services, we may sell the following categories of Personal Information (according to the broad definition of “sell” under select state privacy laws), share them for purposes of cross-context behavioral advertising, or use them for targeted advertising: personal identifiers (including IP address, mobile advertising IDs) and internet or other electronic activity information.
These categories of Personal Information are used or shared for cross-context behavioral advertising or targeted advertising with advertising networks and other companies that facilitate or engage in digital advertising. We engage in such sharing to facilitate personalized advertising. We do so by allowing third parties to place cookies or other tracking technologies on our website that may collect information about your online activities over time and across different websites or applications. For more information about the use of cookies and other tracking technologies, see the section “Our Use of Cookies and Analytics” above.
We share the following categories of personal information to our affiliates so they can offer their products and services to you: name, email address, physical address, commercial information such as purchasing history information.
Aside from tracking technologies supporting our website features and marketing activities, we do not otherwise sell or share for cross-context behavioral advertising any of the other categories of personal information we collect.
Use or Disclosure of Sensitive Personal Information
We do not use or disclose sensitive personal information to create profiles about or infer characteristics about individuals, or for any purposes other than providing our services.
No Profiling to Facilitate Decisions with Legal or Other Significant Effects
We do not engage in the automated processing of Personal Information to create profiles about individuals that are used for decisions with legal or other significant effects.
Disclosure of Your Information
We may disclose aggregated information about our users, that does not identify any individual or household, without restriction, for any lawful purposes. In the preceding twelve (12) months, we may have disclosed your Personal Information for a business purpose to the following categories of recipients:
|
Personal Information Category |
Categories of Third Parties to Whom the Personal Information Was Disclosed |
|---|---|
|
Identifiers (including names, email addresses, online identifiers, I.P. addresses, postal addresses, or other similar identifiers) |
|
|
Customer Records personal information categories (including credit card numbers, debit card numbers, or other financial information) |
None |
|
Protected classification characteristics under U.S. State or Federal law (including age, race, color, ancestry, national origin, or citizenship) |
None, except gender, by inference arising from the use of a title (e.g. Mr. or Mrs.) or first name (e.g. Joseph or Alice) when voluntarily provided by a Website visitor.
|
|
Commercial information (including purchasing or consuming histories) |
None |
|
Internet or other similar network activity (including browsing history, search history, information on a consumer’s interaction with a website) |
|
|
Geolocation data |
|
|
Professional or employment related information |
|
Business Purposes for Such Disclosures
We disclosed the aforementioned categories of Personal Information to the categories of third parties identified above for the following purposes: to manage customer, supplier and vendor accounts and relationships; process payments; verify customers’ identities; fulfill orders and transactions; engage in advertising and marketing; operate our IT systems and secure our systems; prevent fraud and other illegal activities; and to obtain professional advice about legal and accounting matters.
Additional Information About How We May Disclose Personal Information and Purposes for Disclosures
We may also disclose your Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your Personal Information to third parties to help detect and protect against fraud or data security vulnerabilities. We may also disclose or transfer your Personal Information to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.
SMS Consent and Terms and Conditions
Information obtained as part of SMS or text messaging consent will not be shared with third parties or affiliates; it will only be shared with service providers that operate our SMS/text messaging service for the purpose of providing that service.
If you have consented to receive text messages from us, you may receive text messages about patient support or status of your application if you apply for a job with us. Message rates may apply, and messaging frequency may vary. You may opt out of text messages by texting STOP. For additional information, you can text HELP. Links to our Terms of Service and this Privacy Notice may also be provided.
Retention, Data Security and Storage
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the Personal Information. These measures are, among other things, designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, exfiltration, and disclosure, including through secure cloud storage of your Personal Information with third-party information technology vendors. These measures are also aimed at ensuring the on-going integrity and confidentiality of your Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.
Unfortunately, the transmission of information via the internet is not completely secure. Although we reasonably strive to protect your Personal Information, we cannot guarantee the security of Personal Information transmitted to the website or transmitted between you and us via electronic mail. Any transmission of Personal Information is at your own risk. We will keep your Personal Information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your Personal Information for a period of time that enables us to:
- Maintain business records for analysis and/or audit purposes.
- Comply with records retention requirements under the law.
- Defend or bring any existing or potential legal claims.
- Deal with any complaints regarding the services.
- Any other purposes for which Personal Information will be retained.
- We will delete your Personal Information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
Hyperlinks
The website may provide hyperlinks to other websites as a service or convenience to you. We do not endorse, control, or have any responsibility for the content or security of any third-party websites. And we have no control over any information any third-party websites may collect from or about you. This Privacy Notice does not apply to any third-party websites. Third-party websites may have their own privacy notices which we strongly encourage you to review before providing any of your Personal Information.
European Privacy Rights
If you are located in Europe, you have certain rights regarding your Personal Information subject to your local law and any applicable limitations. These include the rights to:
- access your Personal Information;
- rectify the information we hold
- erase your Personal information;
- restrict our use of your Personal Information;
- object to our use of your Personal Information;
- receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability);
- withdraw your consent where you have given your consent to the processing of your Personal Information. If you withdraw your consent, it will not affect the validity of any processing carried out before your withdrawal.
You also have the right to file a complaint concerning our processing of your Personal Information with the competent data protection supervisory authority in the relevant jurisdiction.
U.S. State Data Privacy Rights
State privacy laws in various states give state residents various rights with respect to many types of Personal Information we collect about them, with some exceptions. In addition, there will be state privacy laws in other states that come into effect after the date of this Privacy Notice. The rights provided under these laws are similar in many respects, with some differences from state to state. We list below the rights that may be applicable to our business under these laws, noting that not all rights are available under each state’s law:
- Know/Access: You may have the right to request that we confirm whether we process your Personal Information and that we provide you access to such Personal Information.
- Data Portability: You may have the right to request that we provide a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.
- Correction: You may have the right to request that we correct inaccuracies in the Personal Information that we hold about you.
- Deletion: You may have the right to request deletion of your Personal Information, subject to certain exceptions.
- Opt-Out: You may have the right to request that we not process your Personal Information for one or more of the following purposes:
- Sale of Personal Information: The right to request that we stop selling your personal information, to the extent that our use is consistent with the definition of “sale” in each law.
- Targeted Advertising: The right to request that we stop processing your personal information for targeted advertising, subject to exceptions in some state laws.
- Sharing for Cross-Context Behavioral Advertising: California’s law provides the right to request that we stop sharing personal information for cross-context behavioral advertising.
- Profiling: You may have the right to request that we not process your Personal Information for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects.
- List of Third-Party Entities: Depending on your state of residence, you may have the right to request a list of third-party entities to which we have disclosed Personal Information.
Consumer Rights Under U.S. State Consumer Health Data Privacy Laws
We have a separate Consumer Health Data Privacy Notice that relates to rights provided under certain state consumer health data privacy laws to residents of those states acting in an individual or household context with respect to their consumer health data. You can access our Consumer Health Data Privacy Notice here.
Opt-out Preference Signals and Do Not Track
An opt-out preference signal is sent by a platform, technology, or mechanism on behalf of consumers and communicates a consumer’s choice to opt out of the sale and sharing of personal information for cross-context behavioral advertising with all businesses that recognize the signal, without having to make individualized requests. The signal can be set on certain browsers or through opt-out plug-in tools.
We recognize the Global Privacy Control signal where required by law and do so at the browser level and it does not apply to Personal Information we may collect offline or that we may associate only with your name or email address. This means that if the signal is sent through a specific browser, we will recognize it for that browser only, and only with respect to the identifiers for that browser. If you would like more information about opt-out preference signals, including how to use them, the Global Privacy Control website has such information (https://globalprivacycontrol.org/).
We will respond to opt-out requests as soon as feasibly possible, but no later than 15 business days after receipt of your request. If we require additional information or time to process your requests, we will contact you.
We do not respond to the DNT or “Do Not Track” signal other than the Global Privacy Control.
Exercising Your Data Privacy Rights
We will respond to requests from residents of jurisdictions with data protection and privacy laws that apply to us and grant the requested right as of the effective date of that law.
For European Data Protection and Privacy Rights, if you want to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other rights available under European data protection laws , where applicable, you should contact us via e-mail: privacy@madrigalpharma.com.
For US Data Privacy Rights Depending on our relationship with you and in which state you reside within the United States (such as California, Colorado, Nevada, Oregon, or Delaware), you may have certain rights regarding Personal Information, including rights to know, access/copy, delete, or correct. You can exercise these rights by calling us at 888-210-2064, or by emailing us at privacy@madrigalpharma.com.
Only you, or someone legally authorized to act on your behalf (as evidenced by a signed authorization that the agent is able to act on your behalf), may make a request to know or delete related to your Personal Information. We may require additional information from you to verify your request. You may also make a request to know or delete on behalf of your child.
Depending where you reside, you may also have the right to appeal a refusal to take action on your request within 30 days after your receipt of our decision by contacting us at privacy@madrigalpharma.com.
Right to Opt Out of Sale, Sharing, and Targeted Advertising. You may have the right to opt out of selling, sharing, and targeted advertising (as such terms are defined under applicable laws). We do not knowingly sell data about minors under 18. You can exercise the Right to Opt Out of Sale, Sharing, and Targeted Advertising by accessing the “Manage Cookie Preferences” link at the footer of our websites and turning the “Targeting and Advertising” toggle to the “off” position.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days.
We endeavor to substantively respond to a verifiable consumer request within the legally required time period, and no later than within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
The response we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
If you exercise any of the rights explained in this Privacy Notice, we will continue to treat you fairly. If you exercise your rights under this Privacy Notice, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.
California’s “Shine the Light Law”
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the website that are California residents to request certain information regarding our disclosure of certain information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@madrigalpharma.com.
International Data Transfers
Your Personal Information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information in your home jurisdiction. When we transfer your information to other countries, we will protect that information in the manner described in this Privacy Notice.
Our website is hosted in the US. Therefore, when you disclose Personal Information to us, this Personal Information will be transferred to the US.
If you are located in Europe, we may, for the purposes listed above, transfer your Personal Information to other recipients as referred to above, also located in countries outside Europe, including the U.S., which do not currently provide an adequate level of data protection. In these circumstances, we will take steps to ensure that the Personal Information is protected including by entering into, for example, Standard Contractual Clauses or similar (“SCCs”) with the recipient, seeking assurances from the recipient that they have Binding Corporate Rules in place, or otherwise relying on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims).
You can request further information on the data transfer solutions relied upon, including, a copy of the SCCs, by using the contact details in the Contact Information section below.
Changes to Our Privacy Notice
We will post any changes we make to this Privacy Notice on this page, so please check periodically for updates. If we make a material change to this Privacy Notice, we will notify you. Please do not hesitate to contact us with questions about this.
Persons Under the Age of 18
The website is not intended for use by people under the age of 13. We do not knowingly collect, sell or share for purposes of behavioral advertising the personal information of persons under the age of 16.
Contact Information
Madrigal Pharmaceuticals, Inc., 200 Barr Harbor Drive, Suite 200, West Conshohocken, Pennsylvania 19428, United States of America.
To ask questions or comment about this Privacy Notice and our privacy practices, you may contact Madrigal at: privacy@madrigalpharma.com, or via our toll-free number: 888-210-2064.