Privacy Policy

 

Last updated: May 24th, 2024

 

This Privacy Policy describes how Xponential Fitness LLC and its affiliates, brands, franchisees, and studios (collectively “Xponential,” “we,” “us,” o “our”) collect, disclose, and use personal information. This Privacy Policy applies to personal information we collect online, including via our websites, applications, and other online platforms or services (collectively “Online Services”), or any other product or service where this Privacy Policy is displayed, and offline, including our physical locations and studios, and programs and events operated by or in partnership with us. Depending on your relationship with us and/or the service(s) you obtain from us, a separate or additional privacy policy may be provided and apply to you. For purposes of this Privacy Policy, the term “personal information” has the same meaning as the equivalent term defined under applicable laws and does not include certain types of information, such as publicly available information or de-identified information.

We encourage you to read this Privacy Policy carefully and review it regularly for any updates to better understand how we handle your personal information.

Summary of this Privacy Policy

This section summarizes the Privacy Policy, which describes our data handling practices in more detail below, and is intended to provide a quick reference related to our collection and use of your personal information.

  • What Personal Information We Collect. We may collect the following categories of personal information from and about you: Identifiers; Characteristics of protected classifications under certain state or federal law; Commercial information; Internet or other electronic network activity information; Payment information; Biometric information; Geolocation data; Professional or employment-related information; and Sensitive personal information.

  • How We Collect and Use Your Personal Information. We typically collect personal information directly from you, including via cookies or other tracking technologies, but we may also collect information about you from our business partners, vendors, or other third parties. We use this information consistent with this Privacy Policy to: provide you with our products and services; improve and develop new offerings, features, and services; maintain our business relationship with you, including customer correspondence or other modes of communication; promote our products and services and otherwise serve advertising and marketing campaigns; comply with applicable laws or legal requirements; or for other purposes with your consent.

  • How We Protect and Retain Your Personal Information. We use reasonable security measures that are designed to protect your personal information; however, no system of transmission or storage of data can be 100% secure and we cannot guarantee the absolute security of your information. We retain your personal information for as long as is reasonably necessary to fulfill the purpose(s) for which it was collected or as otherwise required to be retained under applicable law.

  • Selling and Sharing your Personal Information. We may sell or share certain categories of personal information (e.g., we share identifiers for advertising purposes). You may opt-out of the selling or sharing of your personal information by completing our online request form (Your Privacy Choices Request Form). For more information, please see the section below on “How to Exercise Your Privacy Rights.”

 
What Personal Information We Collect

 

We may collect the following categories of personal information from and about you:

  • Identifiers, such as name, email address, IP address;
  • Characteristics of protected classifications under certain state or federal law, such as your age and gender;
  • Commercial information, such as products or services purchased, obtained, or
    considered;
  • Internet or other electronic network activity information, such as information
    regarding your interaction with our Online Services;
  • Payment information, such as credit or debit card number and other payment or financial information;
  • Geolocation data, such as information collected through GPS technology;
  • Sensitive personal information, as the term is defined in applicable privacy laws and for purposes as permitted by applicable laws or with your consent, which may include information related to your exercise habits, metabolic information, consumer health data, and precise geolocation data

 

How We Collect Your Personal Information

 

We may collect personal information from different sources, which include:

  • Directly from you, such as when you complete forms, register or purchase products and services, sign up to receive emails or text messages, contact us, book or attend a session, use connected equipment in our studios, make a payment, visit our Online Services or our physical locations, studios and events, or otherwise provide permission(s) for our applications or other online platforms to access certain information on your device;
  • Indirectly from you, including when you interact with our Online Services, such as when certain information is automatically collected using online tracking technologies, such as pixels, cookies, and web beacons, or when you use Wi-Fi services provided by us in our physical locations or studios;
  • From our affiliates, brands, franchisees, and studios, such as when you register for and attend classes or sessions, promotional events, or otherwise interact with our franchisees or studios.
  • From our business partners, such as when we collaborate or co-sponsor events with other businesses with which we partner;
  • From our vendors, such as our service providers that collect your personal information on our behalf, including data analytics companies; and
  • From third parties and other sources, such as social media platforms and online advertising networks, or from third parties which may provide your contact information via the ‘refer a friend’ function in our Online Services.
 
How We Use Your Personal Information

 

We may use or disclose the personal information we collect for different purposes, which may include one or more of the following business purposes:

  • To provide or improve our products and services or to fulfill the purpose(s) for which your information is collected, including providing you with information, products or services that you request;
  • To process payment or financial transactions, including to facilitate new product orders or process returns;
  • To analyze your use of our products and services, including how you interact with our Online Services, in order to improve the same, personalize your experience and provide recommendations, customize advertising and marketing campaigns, and otherwise to better understand your needs;
  • To respond to your requests or questions, such as when you reach out to us using our “Contact Us” page and otherwise when you interact with us;
  • To communicate with you, including to provide you with email alerts, event registrations and other notices concerning our products or services, or events or news that may be of interest to you;
  • To contact you regarding scheduling, class or session reminders;
  • To market and advertise to you, including sending promotional communications via email, text messages, push notification, or other means, to show you advertisements on the Online Services, social media, and other platforms or websites for products and/or services tailored to your interests;
  • To conduct or provide other programs, such as surveys, contests, or promotional campaigns;
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • As described to you when collecting your personal information;
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred; and
  • For any other purpose for which you provide consent, or as otherwise required or permitted by law.

To the extent we collect your sensitive personal information, we do not use or disclose such information for purposes other than those permitted under the applicable laws.

 
To Whom We Disclose Your Personal Information

 

We may disclose personal information to different persons for various purposes, consistent with this Privacy Policy, which may include the following:

  • Our affiliates, brands, franchisees, and studios, including corporate affiliates or Xponential family companies;
  • Business partners or other third parties, including for promotional purposes and to serve or display advertising;
  • Vendors and service providers, including who perform certain services and/or support internal or other business operations;
  • Successor(s) of our business, relating to all or part of the business, to evaluate proposed transaction or conduct a sale, reorganization, merger, acquisition, or other change of control; and
  • Government, regulatory, or investigatory bodies, or other law enforcement entities, including for purposes of complying with applicable law, court order or subpoena.
 
Your Privacy Rights

 

Depending on applicable laws or the jurisdiction you reside in, you have certain rights regarding your personal information, which may include the right to:

  • Access, know about, or confirm processing of your personal information, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about the consumer;
  • Correct inaccurate personal information we maintain about you;
  • Delete your personal information;
  • Receive a copy of your personal information in a portable format, where technically feasible;
  • Opt-out of the “sale” or “sharing” or “targeted advertising” (as these terms are defined under privacy laws applicable to you);
  • Appeal, in connection with a decision made regarding your privacy rights request; and
  • Limit the use and disclosure of sensitive personal information.

Some of these rights may be limited when certain exceptions are provided under applicable laws, including to complete a transaction or to comply with a legal obligation. You will not receive discriminatory treatment for exercising your privacy rights.

You may also enable the Global Privacy Control (GPC) to exercise your opt-out right, which is a tool that communicates your opt-out preferences, if your browser or browser extension supports such a signal. The GPC may apply only to a single browser or device, and you may need to turn on the GPC signal for each browser that you use. For more information about GPC, please visit https://globalprivacycontrol.org/.

 
How to Exercise Your Privacy Rights

 

To exercise your privacy rights, please submit a request by either visiting and completing our online request form (Your Privacy Choices Request Form) or calling us at (949) 346-3000. To exercise your right to know, correct, and delete personal information, you will need to submit a verifiable request, and we may request additional information to verify your identity before we can respond to your request.

You may designate an authorized agent to submit privacy rights requests on your behalf. Authorized agents will be required to provide proof of their authority to act on your behalf by providing relevant documentation. We may contact you to confirm an authorized agent’s representation and to verify your identity.

 
Additional U.S. State-Specific Privacy Information

 

You may have additional rights based on your location or jurisdiction of residency, as described below

 
For California Residents

In the last 12 months, we have disclosed the categories of personal information listed in “What Personal Information We Collect” for the business purpose(s) identified above, subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”), as well as California’s Shine the Light Law. The parties to which we have disclosed your personal information include our affiliates and brands, service providers, and third parties to which you have authorized such disclosure.

 

Categories of Personal Information Categories of Recipients
Identifiers, including device information and other unique identifiers Business partners, service providers and third parties, such as advertising networks, analytics and social media networks
Commercial information Business partners, service providers and third parties, such as advertising networks, analytics and social media networks.
Internet or other electronic network activity information Business partners, service providers and third parties, such as advertising networks, analytics and social media networks.
Geolocation data Business partners, service providers and third parties, such as advertising networks, analytics and social media networks.

 

We do not knowingly “sell” or “share” the personal information of individuals under 16 years of age. For more information, please see the section below on “How to Exercise Your Privacy Rights.”

For Washington and Nevada Consumers and Residents

For consumers in Washington and Nevada, please refer to our Consumer Health Data Privacy Policy for additional information about processing your consumer health data and your rights.

Notice of Financial Incentive
We may provide certain discounts, special offers, benefits, or other rewards as part of our voluntary loyalty program, which may be interpreted as a “financial incentive” or “bona fide loyalty program” under certain applicable laws, when we collect your personal information, which may include your name, contact information, address, or birthday. Joining this voluntary program is subject to our Terms and your opt-in consent. The value of your personal information may vary depending on the types of special offers, benefits, or other rewards that are available and you choose to participate in, and it is reasonably related to the incentives that we offer. You may withdraw from a financial incentive at any time by contacting us as described
below.

How We Protect Your Personal Information

We use reasonable security measures that are designed to protect your personal information from unauthorized access and use, which may include using access controls and using Secure Socket Layer (SSL) technology to encrypt certain sensitive information. However, no system of transmission or storage of data can be 100% secure. As such, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control.

 

Retention of Your Personal Information
We retain your personal information for no longer than is reasonably necessary to fulfill the purposes described in this Privacy Policy or any other notice provided to you at the time your personal information is collected, and to comply with our legal obligations.

Children’s Privacy
Our services are not directed to or intended for use by individuals under the age of 16. We do not knowingly collect personal information from individuals under the age of 16.

Third-Party Website
To the extent our website may link to a third-party website, and if you should use such links, we are not responsible for the content of any third-party website, nor for the data collection or handling practices of such third party, as we do not control such sites.  We encourage you to review the privacy policy of any such third-party website.

Cookie Policy
We use tracking technologies, such as pixels, cookies, and web beacons to ensure that those using our Online Services have the best possible experience. For more information about our cookie practices, please refer to our Cookie Policy.

Do Not Track
Some web browsers allow “Do Not Track” signals or settings, which may allow you to request that you do not want certain information about your web page visits tracked and collected across websites. We do not honor “Do Not Track” signals or settings.

Transfer of Personal Information
We are located in the United States. You understand and agree that personal information that you provide to us, or which we collect about you may be transferred to, or processed or stored in, the United States, which may not provide the same level of protection to such information as that of your country of residency.

How To Contact Us
If you have any questions about this Privacy Policy, how we process your personal information, or have concerns about how we have handled your prior privacy requests and would like to appeal to Xponential or a state regulator, please email us at privacy@xponential.com or contact
us at: Phone: (949) 346-3000.


Xponential
17877 Von Karman Ave.
Irvine, California 9261
Attention: Privacy


Additional Notices
Depending on your relationship with us – e.g., current or prospective employees, franchisees – this Privacy Policy may be supplemented or superseded by another notice, agreement, or policy provided to you at the commencement of such relationship and periodically thereafter.

Changes To This Privacy Policy
We may revise or update this Privacy Policy from time to time, including as required under applicable privacy laws or to incorporate changes to our privacy practices. Updates to this Privacy Policy will be reflected in the “last updated” date, above.

Consumer Health Data Privacy Policy
Effective Date: May 24th, 2024

This Consumer Health Data Privacy Policy (the “Policy”) supplements our Privacy Policy and applies only to “consumer health data” and “consumer” as the terms are defined under applicable laws, including the Washington My Health My Data Act. If you are not a Washington or Nevada “consumer”, this Policy does not apply to you.

What Consumer Health Data We Collect

We may collect the following categories of consumer health data if you choose to provide such information to us:

  • Individual health conditions, treatment, diseases, or diagnosis;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed medication;
  • Bodily functions, vital signs, symptoms, or measurements of the health information;
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Gender-affirming care information;
  • Reproductive or sexual health information;
  • Biometric data;
  • Genetic data;
  • Precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies;
  • Data that identifies a consumer seeking health care services;
  • Any inference of the categories of health data listed above derived or extrapolated from non-health information.
How We Collect Your Consumer Health Data

We may collect consumer health data from different sources, including:

  • Directly from you, such as when you use our Online Services or complete a form online or in our physical locations;
  • Business partners, such as persons or entities that are co-sponsors to events;
  • Our affiliates and brands;
  • From other third parties, such as vendors or service providers, marketing or digital advertising vendors.
Purposes for Collecting, Using, and Sharing Consumer Health data

We may collect and use your consumer health data as described in “How We Use Your Personal Information” section of the Privacy Policy. We may primarily collect, use, and share your consumer health data to provide products or services that you request or to fulfill the reason for which your consumer health data is provided, such as to provide programs, classes, or sessions.

How We Share and Third Parties with Whom We Share Consumer Health Data

We may share the categories of consumer health data listed in “What Consumer Health Data We Collect” with the following categories of third parties:

  • Business partners
  • Vendors or service providers
  • Other third parties
  • Our affiliates, brands and franchisees: AKT, BFT, Club Pilates, Cyclebar, Lindora, Pure Barre, Row House, Rumble, StretchLab, YogaSix.

We limit how third parties may collect your consumer health data over time and across different websites or online services when you use our Online Services.

Your Rights Regarding Consumer Health Data

Depending on applicable laws or the jurisdiction you reside in, and subject to certain limitations which may apply under applicable laws, you have certain rights regarding your consumer health data, which may include the right to:

  • Confirm whether we collect, share, or sell your consumer health data and access such data;
  • Receive a list of third parties with whom we have shared or sold consumer health data;
  • Withdraw consent regarding collection and sharing of your consumer health data;
  • Delete your consumer health data;
  • Appeal, if your request has been denied.

To exercise your privacy rights, please submit a request by either visiting and completing our online request form (Your Privacy Choices Request Form) or calling us at (949) 346-3000. When you submit a request, we may need to authenticate your identity, and if we are not able to authenticate your request, we may need to request additional information or not be able to process your request.

For consumers in Washington, if your appeal is denied, you may contact Washington State Attorney General at https://www.atg.wa.gov/file-complaint or call 1-800-551-4636 to submit a compliant.

Changes To This Policy

We may revise or update this Policy from time to time, including as required under applicable laws. Updates to this Privacy Policy will be reflected in the “last updated” date, above.




Last updated: September 14, 2022

Xponential+ Meta Quest App Privacy Policy

 
Effective: November 2, 2023

We value and respect your privacy and are committed to protecting your personal information. This privacy policy applies to information collected by Xponential Fitness (“we,” “us,” “our”) from and about visitors (“you,” “your”) to the Xponential+ Meta Quest (the “XPLUS Quest App”). Please read this policy carefully to better understand how we collect, use, protect or otherwise handle your personal information.

 

The XPLUS Quest App is offered exclusively on the Meta Quest-branded platform (formerly the Oculus brand, the “Meta Quest Platform”). If you use a Meta, Facebook, or an Oculus account to purchase a subscription to the XPLUS Quest App, or if you use Meta VR Products (e.g., virtual, mixed, and augmented reality hardware and software products), Meta may collect certain personal information from or about you. This data would be subject to the applicable Meta privacy policy. (For more information about how Meta uses your personal information, including on the Meta Quest Platform, please visit the Meta Privacy Center).

 

With respect to your use of the XPLUS Quest App, except as described in this privacy policy, we do not obtain or receive your personal information from third parties, and we do not sell or share your data with third parties.          

WHAT PERSONAL INFORMATION DO WE COLLECT?

When you subscribe to, or visit the XPLUS Quest App, we collect the following:

  • Information you provide to us – such as your name, email address, and Zip code, and profile photo (if uploaded).
  • Information collected automatically – such as IP Address (and geolocation), certain device information (such as your mobile device ID), Oculus User ID, Oculus Username.
  • Usage or Engagement Information – such as log data related to your activity in our app (e.g., what virtual classes you’ve attended, how long you stayed in the app) and engagement with the XPLUS Quest App.
  • Authentication Information from Meta Quest – such as Meta Quest User Information, and other information to confirm you have an active subscription to the XPLUS Quest App.
HOW DO WE USE YOUR INFORMATION?

We use your information for the following purposes:

  • To Provide the XPLUS Quest App – to provide and maintain the virtual studio and exercise experience, including to develop new virtual reality content.
  • To Improve the XPLUS Quest App – to understand your use of the virtual studio and exercise offering, and to improve and create new features of the XPLUS Quest App, including testing, research, and product development.
  • To Communicate with You – to contact or otherwise communicate with you regarding the XPLUS Quest App, including to incorporate feedback provided by you.
  • To Comply with Our Obligations – to maintain the safety, security, and integrity of our services and our community; to comply with our legal/contractual obligations (e.g., enforcing our Terms of Service), and with applicable laws and legal process (e.g., responding to valid law enforcement requests); to protect our, your or others’ legal rights.
  • For Other Purposes – we may use your information in a de-identified or anonymous format for data analysis, identifying usage trends, and evaluating and improving the services and products we offer and your experience using the XPLUS Quest App.
  • With Your Consent – we may use your personal information for other purposes related to the XPLUS Quest App with your consent.
WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR INFORMATION?

We process your personal information when we believe we have a valid legal basis to do so under applicable law. For instance, if you are located in the European Economic Area (“EEA”) or the United Kingdom, the General Data Protection Regulation (“GDPR”) requires us to identify the legal basis upon which we rely. These include:

  • Performance of a Contract – Where we have entered into a contract with you (i.e., to provide you access to the XPLUS Quest App).
  • Consent – We will process your personal information if you have given us consent to do so.
  • Legitimate Interests – We may process your information if it is reasonably necessary to achieve our legitimate business interests.
  • Legal Obligations – We may disclose your information where we are legally required to do so (e.g., to comply with applicable law, law enforcement requests)
WILL WE DISCLOSE YOUR INFORMATION TO ANYONE?

We do not sell, trade, or otherwise transfer to outside parties the personal information we collect via the XPLUS Quest App except as described in this policy.

 

Consistent with this policy, we may share your Personal Information with:

  • Third Party Partners and Service Providers – such as database hosting partners and other parties, such VR application developers, who assist us in operating and maintaining the Xponential+ Virtual Experience, conducting our business, or otherwise providing the services you request; these service providers and partners agree to keep all such information confidential.
  • Our Parent Company or Affiliates – We may share certain information, including your personal information, with our parent company, subsidiaries, joint ventures, or other companies under common control (“Affiliates”). Any Personal Information shared with our Affiliates will be used in a manner consistent with this policy.
  • Law Enforcement – We may also disclose your information when we believe in good faith that we are required to do so to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
  • Your Consent – We may disclose your Personal Information with third parties for any other purpose with your consent or at your direction.
THIRD PARTY LINKS

We are not responsible for the content of any third party website, platform, or other VR experience – including Meta or other offerings provided by third parties on the Meta Quest Platform – nor for the data collection or handling practices of any such third party. We encourage you to read the privacy policies of such third parties to understand how your data may be used by them.

HOW DO WE PROTECT YOUR INFORMATION?

We maintain commercially reasonable security measures to protect the personal information we collect from you via the XPLUS Quest App. However, no data transmitted over the internet is totally secure so we cannot guarantee the absolute security of your information.

 

We will retain your personal information for as long as needed to fulfill the purposes described in this policy, or as otherwise required by law.

YOUR PRIVACY RIGHTS; DELETING YOUR INFORMATION

You have the right to access and delete your personal information. Additionally, you may have certain rights related to your personal information that we have collected. If you (or your authorized representative) would like to exercise these rights, please submit the Your Privacy Choices Request Form or contact us cxc@xponential.com or via the information provided below.

 

European Economic Area (“EEA”) and United Kingdom Residents

If you are located in the EEA or the UK, you have a number of rights protected under GDPR, including:

  • The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
  • The right to erasure (deletion) – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions

 

Certain US State Laws

Certain states – including those in California, Colorado, Connecticut, Utah, and Virginia – have enacted privacy laws which provide certain rights to residents of those states, similar to those listed above. For further information, please refer to the Privacy Notice for California Residents.

INTERNATIONAL TRANSFERS

We are based and operate in the United States. If you reside outside the United States and use the XPLUS Quest App, your information will be transferred to and processed in the United States for the purposes described in this policy, which may provide different levels of privacy protection than the jurisdiction in which you are located.

CHILDREN

The XPLUS Quest App is not intended for children under the age of 18. We do not market to, or knowingly collect personal information of children under 18.

CONTACT US

If you have any questions regarding this privacy policy, how we collect, use, process, or share your information, or how to delete or otherwise exercise your rights over your personal information, you may contact us using the following information:

 

cxc@xponential.com

 

17877 Von Karman Ave.

Irvine, California 92614

United States