Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology, or IT, function. These processes are designed to help protect our operations and information assets from unauthorized access or attack, as well as secure our networks and information systems. Such processes include technical, procedural, and organizational safeguards, including, without limitation: detection and response platforms on all endpoints within the organization; various additional security tools designed to help protect, identify, escalate, investigate, resolve and recover from security incidents in a timely manner; monitoring and regular testing of our data controls and provenance for vulnerabilities; incident simulations; incident response plans; employee training, including bimonthly phishing simulations to provide “experiential learning” on how to recognize phishing attempts; integrated and easily accessible mechanisms available to all employees that encourage proactive reporting of any perceived or actual vulnerabilities across the organization; and routine review of our policies and procedures to identify risks and refine our practices. As part of these processes, we engage a third-party penetration testing firm to conduct annual penetration testing from both internal and external perspectives to identify and mitigate potential vulnerabilities. We also consider the internal risk oversight programs of third-party service providers, and our IT department uses an audit review process to evaluate the internal controls of third-party vendors who will have access to personally identifiable information or our confidential financial data. We do not believe there are currently any known risks from cybersecurity threats, including as a result of any previous cybersecurity incident of which we are aware, that are reasonably likely to materially affect our business strategy, results of operations or financial condition. For more information regarding cybersecurity risks and the potential related impacts on our Company, please see the risk factor beginning with the caption “We depend on our information technology systems and those of our third-party service providers, and any failure of these systems could harm our business” in Part I, Item 1A. “Risk Factors” in this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology, or IT, function. These processes are designed to help protect our operations and information assets from unauthorized access or attack, as well as secure our networks and information systems. Such processes include technical, procedural, and organizational safeguards, including, without limitation: detection and response platforms on all endpoints within the organization; various additional security tools designed to help protect, identify, escalate, investigate, resolve and recover from security incidents in a timely manner; monitoring and regular testing of our data controls and provenance for vulnerabilities; incident simulations; incident response plans; employee training, including bimonthly phishing simulations to provide “experiential learning” on how to recognize phishing attempts; integrated and easily accessible mechanisms available to all employees that encourage proactive reporting of any perceived or actual vulnerabilities across the organization; and routine review of our policies and procedures to identify risks and refine our practices. As part of these processes, we engage a third-party penetration testing firm to conduct annual penetration testing from both internal and external perspectives to identify and mitigate potential vulnerabilities. We also consider the internal risk oversight programs of third-party service providers, and our IT department uses an audit review process to evaluate the internal controls of third-party vendors who will have access to personally identifiable information or our confidential financial data.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our board of directors is responsible for monitoring and assessing strategic risk exposures, including reviewing our policies and practices with respect to risk assessment and risk management. The audit committee of our board of directors assists the board of directors with this responsibility by discussing our risk assessment and risk management policies, including the guidelines and policies that govern the process by which we manage our exposure to cybersecurity risks, with members of management on a periodic basis, and the audit committee is notified between such updates regarding significant new cybersecurity threats or incidents. The audit committee, in turn, periodically reports on its review to the board of directors.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	audit committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our board of directors is responsible for monitoring and assessing strategic risk exposures, including reviewing our policies and practices with respect to risk assessment and risk management. The audit committee of our board of directors assists the board of directors with this responsibility by discussing our risk assessment and risk management policies, including the guidelines and policies that govern the process by which we manage our exposure to cybersecurity risks, with members of management on a periodic basis, and the audit committee is notified between such updates regarding significant new cybersecurity threats or incidents. The audit committee, in turn, periodically reports on its review to the board of directors.
Cybersecurity Risk Role of Management [Text Block]	Management is responsible for the day-to-day assessment and management of cybersecurity risks. Our chief information technology officer, or CIO, has primary oversight of material risks from cybersecurity threats and leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes, including through his management of, and participation in, the cybersecurity risk management and strategy processes described above, and his oversight of our incident response plans and escalation procedures described below. Our CIO reports to our chief financial and operating officer and is an experienced information technology leader with over 25 years of expertise in cybersecurity defense, both in academic and corporate environments. This experience includes, but is not limited to, data defense, perimeter and infrastructure defense, corporate risk awareness, compliance adherence, and cybersecurity training and leadership. We have also established a cross-functional information security counsel, or ISC, led by our CIO, that brings together representatives from across the organization, including from our IT, finance, clinical, human resources, research and development, program leadership, facilities, and legal functions, that is responsible for reviewing, responding, mitigating and reporting all cybersecurity incidents. The ISC meets quarterly and on an ad hoc basis, as necessary. In the event of a cybersecurity incident, our ISC is promptly convened and follows a standardized review and mitigation process and incident response plan, which includes escalation to our data protection committee, or DPC. Our DPC is composed of our CIO, our chief financial and operating officer, our senior vice president, finance and accounting, and senior members of our legal and IT teams and is responsible for assessing, among other factors, the actual or potential operational, business, financial, legal or reputational impact of a cybersecurity incident on us. The DPC is also responsible for notifying the audit committee of the board of directors in the event of a significant cybersecurity threat or incident.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	chief information technology officer, or CIO,
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CIO reports to our chief financial and operating officer and is an experienced information technology leader with over 25 years of expertise in cybersecurity defense, both in academic and corporate environments. This experience includes, but is not limited to, data defense, perimeter and infrastructure defense, corporate risk awareness, compliance adherence, and cybersecurity training and leadership.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	We have also established a cross-functional information security counsel, or ISC, led by our CIO, that brings together representatives from across the organization, including from our IT, finance, clinical, human resources, research and development, program leadership, facilities, and legal functions, that is responsible for reviewing, responding, mitigating and reporting all cybersecurity incidents. The ISC meets quarterly and on an ad hoc basis, as necessary. In the event of a cybersecurity incident, our ISC is promptly convened and follows a standardized review and mitigation process and incident response plan, which includes escalation to our data protection committee, or DPC. Our DPC is composed of our CIO, our chief financial and operating officer, our senior vice president, finance and accounting, and senior members of our legal and IT teams and is responsible for assessing, among other factors, the actual or potential operational, business, financial, legal or reputational impact of a cybersecurity incident on us. The DPC is also responsible for notifying the audit committee of the board of directors in the event of a significant cybersecurity threat or incident.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our overall information technology, or IT, function. These processes are designed to help protect our operations and information assets

from unauthorized access or attack, as well as secure our networks and information systems. Such processes include technical, procedural, and organizational safeguards, including, without limitation: detection and response platforms on all endpoints within the organization; various additional security tools designed to help protect, identify, escalate, investigate, resolve and recover from security incidents in a timely manner; monitoring and regular testing of our data controls and provenance for vulnerabilities; incident simulations; incident response plans; employee training, including bimonthly phishing simulations to provide “experiential learning” on how to recognize phishing attempts; integrated and easily accessible mechanisms available to all employees that encourage proactive reporting of any perceived or actual vulnerabilities across the organization; and routine review of our policies and procedures to identify risks and refine our practices.

As part of these processes, we engage a third-party penetration testing firm to conduct annual penetration testing from both internal and external perspectives to identify and mitigate potential vulnerabilities. We also consider the internal risk oversight programs of third-party service providers, and our IT department uses an audit review process to evaluate the internal controls of third-party vendors who will have access to personally identifiable information or our confidential financial data.

We do not believe there are currently any known risks from cybersecurity threats, including as a result of any previous cybersecurity incident of which we are aware, that are reasonably likely to materially affect our business strategy, results of operations or financial condition. For more information regarding cybersecurity risks and the potential related impacts on our Company, please see the risk factor beginning with the caption “We depend on our information technology systems and those of our third-party service providers, and any failure of these systems could harm our business” in Part I, Item 1A. “Risk Factors” in this Annual Report on Form 10-K.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors is responsible for monitoring and assessing strategic risk exposures, including reviewing our policies and practices with respect to risk assessment and risk management. The audit committee of our board of directors assists the board of directors with this responsibility by discussing our risk assessment and risk management policies, including the guidelines and policies that govern the process by which we manage our exposure to cybersecurity risks, with members of management on a periodic basis, and the audit committee is notified between such updates regarding significant new cybersecurity threats or incidents. The audit committee, in turn, periodically reports on its review to the board of directors.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

audit committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Management is responsible for the day-to-day assessment and management of cybersecurity risks. Our chief information technology officer, or CIO, has primary oversight of material risks from cybersecurity threats and leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes, including through his management of, and participation in, the cybersecurity risk management and strategy processes described above, and his oversight of our incident response plans and escalation procedures described below. Our CIO reports to our chief financial and operating officer and is an experienced information technology leader with over 25 years of expertise in cybersecurity defense, both in academic and corporate environments. This experience includes, but is not limited to, data defense, perimeter and infrastructure defense, corporate risk awareness, compliance adherence, and cybersecurity training and leadership.

We have also established a cross-functional information security counsel, or ISC, led by our CIO, that brings together representatives from across the organization, including from our IT, finance, clinical, human resources, research and development, program leadership, facilities, and legal functions, that is responsible for reviewing, responding, mitigating and reporting all cybersecurity incidents. The ISC meets quarterly and on an ad hoc basis, as necessary. In the event of a cybersecurity incident, our ISC is promptly convened and follows a standardized review and mitigation process and incident response plan, which includes escalation to our data protection committee, or DPC. Our DPC is composed of our CIO, our chief financial and operating officer, our senior vice president, finance and accounting, and senior members of our legal and IT teams and is responsible for assessing, among other factors, the actual or potential operational, business, financial, legal or reputational impact of a cybersecurity incident on us. The DPC is also responsible for notifying the audit committee of the board of directors in the event of a significant cybersecurity threat or incident.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

chief information technology officer, or CIO,

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CIO reports to our chief financial and operating officer and is an experienced information technology leader with over 25 years of expertise in cybersecurity defense, both in academic and corporate environments. This experience includes, but is not limited to, data defense, perimeter and infrastructure defense, corporate risk awareness, compliance adherence, and cybersecurity training and leadership.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true