Privacy Policy

 
Last updated: September 14, 2022

This privacy policy has been compiled to better serve those who are concerned with how their Personal Information is being used online. Personal Information, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personal Information in accordance with our website.
WHAT PERSONAL INFORMATION DO WE COLLECT FROM THE PEOPLE THAT VISIT OUR BLOG, WEBSITE OR APP?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number, city/state/zip code or other details to help you with your experience.

WHEN DO WE COLLECT INFORMATION?
We collect information from you when you fill out a form or enter information on our site
HOW DO WE USE YOUR INFORMATION?
We may use the information we collect from you when you register, provide your email address or phone number or any other contact information, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
 
  • To contact you regarding scheduling, class reminders, promotions, specials, or in other ways related to the XPASS business;
  •  To provide to third parties that may contact you on behalf, in connection with the XPASS business;
  • To administer a contest, promotion, survey or other site feature; and/or
  • To send periodic emails regarding your order or other products and services.
HOW DO WE PROTECT VISITOR INFORMATION?
  • We use regular Malware Scanning.
  • Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
  • We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
  • All transactions are processed through a gateway provider and are not stored or processed on our servers.
DO WE USE ‘COOKIES’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.


We use cookies to:

  • Understand and save user’s preferences for future visits;
  • Keep track of advertisements; and
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s “Help” menu to learn the correct way to modify your cookies.

If you disable cookies, some features of our website may be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly.

However, you can still place orders even if you disable cookies, Location or IP address information.

THIRD-PARTY DISCLOSURE

In general, we do not sell, trade, or otherwise transfer to outside parties your Personal Information, except as described in this policy.  Consistent with this policy, we may share your Personal Information with third party partners and service providers, such as website hosting partners and other parties who assist us in operating our website, conducting our business, or otherwise providing the services you request; these service providers and partners agree to keep all such information confidential. We may share certain information, including your Personal Information, with our parent company, subsidiaries, joint ventures, or other companies under common control (“Affiliates”).  Any Personal Information shared with our Affiliates will be used in a manner consistent with this policy. We may also release your information when we believe in good faith that release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.  Finally, we may share your Personal Information with third parties for any other purpose with your consent. 

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

THIRD-PARTY LINKS
We do not include or offer third party products or services on our website.  However, to the extent our website may link to a third party website, and if you should use such links, we are not responsible for the content of any third party website, nor for the data collection or handling practices of such third party.  
GOOGLE

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. – See more at:


We have not enabled Google AdSense on our site but we may do so in the future.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at:

To comply with CalOPPA, we agree to the following:

  • Users can visit our site anonymously;
  • Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website;
  • Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above;
  • Users will be notified of any privacy policy changes via the privacy policy website page; and
  • Users are able to change their personal information by emailing us.

How does our site handle do not track signals?

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third party behavioral tracking?

It’s also important to note that we do not allow third party behavioral tracking.

COPPA (CHILDREN ONLINE PRIVACY PROTECTION ACT)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13.
CACPA (California consumer privacy act)
If you are a California resident, please refer to XPASS’s Privacy Notice for California Residents.
 
We do not offer financial incentives based on your providing us with your personal information.  We may require certain Personal Information from you to provide you with, or to enroll you in, requested services or programs, including in partnership with third parties.  You have the right at any time to opt out of these services or programs; however, if you opt out, you may not be able to participate in, or receive the benefits of, such services or programs. 
FAIR INFORMATION PRACTICES

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will notify users of our website within (7) business days should a data breach occur.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

CAN SPAM ACT
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations

We collect your email address in order to:
 
  • Send information, promotions, marketing information, business information, respond to inquiries, and/or other requests or questions;
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred; and
  • Share your information with our third party provides to market our business to you.
To be in accordance with CANSPAM we agree to:
 
  • Refrain from using false, or misleading subjects or email addresses;
    Identify the message as an advertisement in some reasonable way;
    Include the physical address of our business or site headquarters;
  • Monitor third party email marketing services for compliance, if one is used;
    Honor opt-out/unsubscribe requests quickly; and
  • Allow users to unsubscribe by using link at the bottom of each email by following the requisite instructions. Once a user unsubscribes, they will be promptly removed from ALL correspondence.
CONTACTING US
If there are any questions regarding this privacy policy, you may contact us using the following information:
 

17877 Von Karman Ave.
Irvine, California 92614
United States

Last updated: September 14, 2022

Xponential+ Meta Quest App Privacy Policy

 
Effective: November 2, 2023

We value and respect your privacy and are committed to protecting your personal information. This privacy policy applies to information collected by Xponential Fitness (“we,” “us,” “our”) from and about visitors (“you,” “your”) to the Xponential+ Meta Quest (the “XPLUS Quest App”). Please read this policy carefully to better understand how we collect, use, protect or otherwise handle your personal information.

 

The XPLUS Quest App is offered exclusively on the Meta Quest-branded platform (formerly the Oculus brand, the “Meta Quest Platform”). If you use a Meta, Facebook, or an Oculus account to purchase a subscription to the XPLUS Quest App, or if you use Meta VR Products (e.g., virtual, mixed, and augmented reality hardware and software products), Meta may collect certain personal information from or about you. This data would be subject to the applicable Meta privacy policy. (For more information about how Meta uses your personal information, including on the Meta Quest Platform, please visit the Meta Privacy Center).

 

With respect to your use of the XPLUS Quest App, except as described in this privacy policy, we do not obtain or receive your personal information from third parties, and we do not sell or share your data with third parties.          

WHAT PERSONAL INFORMATION DO WE COLLECT?

When you subscribe to, or visit the XPLUS Quest App, we collect the following:

  • Information you provide to us – such as your name, email address, and Zip code, and profile photo (if uploaded).
  • Information collected automatically – such as IP Address (and geolocation), certain device information (such as your mobile device ID), Oculus User ID, Oculus Username.
  • Usage or Engagement Information – such as log data related to your activity in our app (e.g., what virtual classes you’ve attended, how long you stayed in the app) and engagement with the XPLUS Quest App.
  • Authentication Information from Meta Quest – such as Meta Quest User Information, and other information to confirm you have an active subscription to the XPLUS Quest App.
HOW DO WE USE YOUR INFORMATION?

We use your information for the following purposes:

  • To Provide the XPLUS Quest App – to provide and maintain the virtual studio and exercise experience, including to develop new virtual reality content.
  • To Improve the XPLUS Quest App – to understand your use of the virtual studio and exercise offering, and to improve and create new features of the XPLUS Quest App, including testing, research, and product development.
  • To Communicate with You – to contact or otherwise communicate with you regarding the XPLUS Quest App, including to incorporate feedback provided by you.
  • To Comply with Our Obligations – to maintain the safety, security, and integrity of our services and our community; to comply with our legal/contractual obligations (e.g., enforcing our Terms of Service), and with applicable laws and legal process (e.g., responding to valid law enforcement requests); to protect our, your or others’ legal rights.
  • For Other Purposes – we may use your information in a de-identified or anonymous format for data analysis, identifying usage trends, and evaluating and improving the services and products we offer and your experience using the XPLUS Quest App.
  • With Your Consent – we may use your personal information for other purposes related to the XPLUS Quest App with your consent.
WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR INFORMATION?

We process your personal information when we believe we have a valid legal basis to do so under applicable law. For instance, if you are located in the European Economic Area (“EEA”) or the United Kingdom, the General Data Protection Regulation (“GDPR”) requires us to identify the legal basis upon which we rely. These include:

  • Performance of a Contract – Where we have entered into a contract with you (i.e., to provide you access to the XPLUS Quest App).
  • Consent – We will process your personal information if you have given us consent to do so.
  • Legitimate Interests – We may process your information if it is reasonably necessary to achieve our legitimate business interests.
  • Legal Obligations – We may disclose your information where we are legally required to do so (e.g., to comply with applicable law, law enforcement requests)
WILL WE DISCLOSE YOUR INFORMATION TO ANYONE?

We do not sell, trade, or otherwise transfer to outside parties the personal information we collect via the XPLUS Quest App except as described in this policy.

 

Consistent with this policy, we may share your Personal Information with:

  • Third Party Partners and Service Providers – such as database hosting partners and other parties, such VR application developers, who assist us in operating and maintaining the Xponential+ Virtual Experience, conducting our business, or otherwise providing the services you request; these service providers and partners agree to keep all such information confidential.
  • Our Parent Company or Affiliates – We may share certain information, including your personal information, with our parent company, subsidiaries, joint ventures, or other companies under common control (“Affiliates”). Any Personal Information shared with our Affiliates will be used in a manner consistent with this policy.
  • Law Enforcement – We may also disclose your information when we believe in good faith that we are required to do so to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
  • Your Consent – We may disclose your Personal Information with third parties for any other purpose with your consent or at your direction.
THIRD PARTY LINKS

We are not responsible for the content of any third party website, platform, or other VR experience – including Meta or other offerings provided by third parties on the Meta Quest Platform – nor for the data collection or handling practices of any such third party. We encourage you to read the privacy policies of such third parties to understand how your data may be used by them.

HOW DO WE PROTECT YOUR INFORMATION?

We maintain commercially reasonable security measures to protect the personal information we collect from you via the XPLUS Quest App. However, no data transmitted over the internet is totally secure so we cannot guarantee the absolute security of your information.

 

We will retain your personal information for as long as needed to fulfill the purposes described in this policy, or as otherwise required by law.

YOUR PRIVACY RIGHTS; DELETING YOUR INFORMATION

You have the right to access and delete your personal information. Additionally, you may have certain rights related to your personal information that we have collected. If you (or your authorized representative) would like to exercise these rights, please submit the Your Privacy Choices Request Form or contact us cxc@xponential.com or via the information provided below.

 

European Economic Area (“EEA”) and United Kingdom Residents

If you are located in the EEA or the UK, you have a number of rights protected under GDPR, including:

  • The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
  • The right to erasure (deletion) – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions

 

Certain US State Laws

Certain states – including those in California, Colorado, Connecticut, Utah, and Virginia – have enacted privacy laws which provide certain rights to residents of those states, similar to those listed above. For further information, please refer to the Privacy Notice for California Residents.

INTERNATIONAL TRANSFERS

We are based and operate in the United States. If you reside outside the United States and use the XPLUS Quest App, your information will be transferred to and processed in the United States for the purposes described in this policy, which may provide different levels of privacy protection than the jurisdiction in which you are located.

CHILDREN

The XPLUS Quest App is not intended for children under the age of 18. We do not market to, or knowingly collect personal information of children under 18.

CONTACT US

If you have any questions regarding this privacy policy, how we collect, use, process, or share your information, or how to delete or otherwise exercise your rights over your personal information, you may contact us using the following information:

 

cxc@xponential.com

 

17877 Von Karman Ave.

Irvine, California 92614

United States