Last updated: September 23, 2024
This Privacy Policy describes how Xponential Fitness LLC and its affiliates, brands, franchisees, and studios (collectively “Xponential,” “we,” “us,” or “our”) collect, disclose, and use personal information. This Privacy Policy applies to personal information we collect online, including via our websites, applications, and other online platforms or services (collectively “Online Services”), or any other product or service where this Privacy Policy is displayed, and offline, including our physical locations and studios, as well as programs and events operated by or in partnership with us. Depending on your relationship with us and/or the service(s) you obtain from us, a separate or additional privacy policy may be provided and apply to you. For purposes of this Privacy Policy, the term “personal information” has the same meaning as the equivalent term defined under applicable laws and does not include certain types of information, such as publicly available information or de-identified information.
We encourage you to read this Privacy Policy carefully and review it regularly for any updates to better understand how we handle your personal information.
Summary of this Privacy Policy
This section summarizes the Privacy Policy, which describes our data handling practices in more detail below and is intended to provide a quick reference regarding our collection and use of your personal information.
What Personal Information We Collect. We may collect the following categories of personal information from and about you: Identifiers; Characteristics of protected classifications under certain state or federal law; Commercial information; Internet or other electronic network activity information; Payment information; Biometric information; Geolocation data; Professional or employment-related information; and Sensitive personal information.
How We Collect and Use Your Personal Information. We typically collect personal information directly from you, including via cookies or other tracking technologies, but we may also collect information about you from our business partners, vendors, or other third parties. We use this information consistent with this Privacy Policy to: provide you with our products and services; improve and develop new offerings, features, and services; maintain our business relationship with you, including customer correspondence or other modes of communication; promote our products and services and otherwise serve advertising and marketing campaigns; comply with applicable laws or legal requirements; or for other purposes with your consent.
How We Protect and Retain Your Personal Information. We use reasonable security measures that are designed to protect your personal information; however, no system of transmission or storage of data can be 100% secure and we cannot guarantee the absolute security of your information. We retain your personal information for as long as is reasonably necessary to fulfill the purpose(s) for which it was collected or as otherwise required to be retained under applicable law.
Selling and Sharing your Personal Information. We may sell or share certain categories of personal information (e.g., we share identifiers for advertising purposes). You may opt-out of the selling or sharing of your personal information by completing our online request form (Your Privacy Choices Request Form). For more information, please see the section below on “How to Exercise Your Privacy Rights.”
We may collect the following categories of personal information from and about you:
We may collect personal information from different sources, which include:
We may use or disclose the personal information we collect for different purposes, which may include one or more of the following business purposes:
To the extent we collect your sensitive personal information, we do not use or disclose such information for purposes other than those permitted under the applicable laws.
We may disclose personal information to different persons for various purposes, consistent with this Privacy Policy, which may include the following:
Depending on applicable laws or the jurisdiction you reside in, you have certain rights regarding your personal information, which may include the right to:
Some of these rights may be limited when certain exceptions are provided under applicable laws, including to complete a transaction or to comply with a legal obligation. You will not receive discriminatory treatment for exercising your privacy rights.
You may also enable the Global Privacy Control (GPC) to exercise your opt-out right, which is a tool that communicates your opt-out preferences, if your browser or browser extension supports such a signal. The GPC may apply only to a single browser or device, and you may need to turn on the GPC signal for each browser that you use. For more information about GPC, please visit https://globalprivacycontrol.org/.
To exercise your privacy rights, please submit a request by either visiting and completing our online request form (Your Privacy Choices Request Form) or calling us at (949) 346-3000. To exercise your right to know, correct, and delete personal information, you will need to submit a verifiable request, and we may request additional information to verify your identity before we can respond to your request.
You may designate an authorized agent to submit privacy rights requests on your behalf. Authorized agents will be required to provide proof of their authority to act on your behalf by providing relevant documentation. We may contact you to confirm an authorized agent’s representation and to verify your identity.
You may have additional rights based on your location or jurisdiction of residency, as described below
In the last 12 months, we have disclosed the categories of personal information listed in “What Personal Information We Collect” for the business purpose(s) identified above, subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”), as well as California’s Shine the Light Law. The parties to which we have disclosed your personal information include our affiliates and brands, service providers, and third parties to which you have authorized such disclosure.
Categories of Personal Information | Categories of Recipients |
Identifiers, including device information and other unique identifiers | Business partners, service providers and third parties, such as advertising networks, analytics and social media networks |
Commercial information | Business partners, service providers and third parties, such as advertising networks, analytics and social media networks. |
Internet or other electronic network activity information | Business partners, service providers and third parties, such as advertising networks, analytics and social media networks. |
Geolocation data | Business partners, service providers and third parties, such as advertising networks, analytics and social media networks. |
We do not knowingly “sell” or “share” the personal information of individuals under 16 years of age. For more information, please see the section below on “How to Exercise Your Privacy Rights.”
For consumers in Washington and Nevada, please refer to our Consumer Health Data Privacy Policy for additional information about processing your consumer health data and your rights.
We may provide certain discounts, special offers, benefits, or other rewards as part of our voluntary loyalty program, which may be interpreted as a “financial incentive” or “bona fide loyalty program” under certain applicable laws, when we collect your personal information, which may include your name, contact information, address, or birthday. Joining this voluntary program is subject to our Terms and your opt-in consent. The value of your personal information may vary depending on the types of special offers, benefits, or other rewards that are available and you choose to participate in, and it is reasonably related to the incentives that we offer. You may withdraw from a financial incentive at any time by contacting us as described
below.
We use reasonable security measures that are designed to protect your personal information from unauthorized access and use, which may include using access controls and using Secure Socket Layer (SSL) technology to encrypt certain sensitive information. However, no system of transmission or storage of data can be 100% secure. As such, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control.
We retain your personal information for no longer than is reasonably necessary to fulfill the purposes described in this Privacy Policy or any other notice provided to you at the time your personal information is collected, and to comply with our legal obligations.
Our services are not directed to or intended for use by individuals under the age of 16. We do not knowingly collect personal information from individuals under the age of 16.
To the extent our website may link to a third-party website, and if you should use such links, we are not responsible for the content of any third-party website, nor for the data collection or handling practices of such third party, as we do not control such sites. We encourage you to review the privacy policy of any such third-party website.
We use tracking technologies, such as pixels, cookies, and web beacons to ensure that those using our Online Services have the best possible experience. For more information about our cookie practices, please refer to our Cookie Policy.
Some web browsers allow “Do Not Track” signals or settings, which may allow you to request that you do not want certain information about your web page visits tracked and collected across websites. We do not honor “Do Not Track” signals or settings.
We are located in the United States. You understand and agree that personal information that you provide to us, or which we collect about you may be transferred to, or processed or stored in, the United States, which may not provide the same level of protection to such information as that of your country of residency.
If you have any questions about this Privacy Policy, how we process your personal information, or have concerns about how we have handled your prior privacy requests and would like to appeal to Xponential or a state regulator, please email us at privacy@xponential.com or contact
us at: Phone: (949) 346-3000.
Xponential
17877 Von Karman Ave.
Irvine, California 9261
Attention: Privacy
Depending on your relationship with us – e.g., current or prospective employees, franchisees – this Privacy Policy may be supplemented or superseded by another notice, agreement, or policy provided to you at the commencement of such relationship and periodically thereafter.
We may revise or update this Privacy Policy from time to time, including as required under applicable privacy laws or to incorporate changes to our privacy practices. Updates to this Privacy Policy will be reflected in the “last updated” date, above.
Effective Date: May 24th, 2024
This Consumer Health Data Privacy Policy (the “Policy”) supplements our Privacy Policy and applies only to “consumer health data” and “consumer” as the terms are defined under applicable laws, including the Washington My Health My Data Act. If you are not a Washington or Nevada “consumer”, this Policy does not apply to you.
We may collect the following categories of consumer health data if you choose to provide such information to us:
We may collect and use your consumer health data as described in “How We Use Your Personal Information” section of the Privacy Policy. We may primarily collect, use, and share your consumer health data to provide products or services that you request or to fulfill the reason for which your consumer health data is provided, such as to provide programs, classes, or sessions.
We may share the categories of consumer health data listed in “What Consumer Health Data We Collect” with the following categories of third parties:
We limit how third parties may collect your consumer health data over time and across different websites or online services when you use our Online Services.
Depending on applicable laws or the jurisdiction you reside in, and subject to certain limitations which may apply under applicable laws, you have certain rights regarding your consumer health data, which may include the right to:
To exercise your privacy rights, please submit a request by either visiting and completing our online request form (Your Privacy Choices Request Form) or calling us at (949) 346-3000. When you submit a request, we may need to authenticate your identity, and if we are not able to authenticate your request, we may need to request additional information or not be able to process your request.
For consumers in Washington, if your appeal is denied, you may contact Washington State Attorney General at https://www.atg.wa.gov/file-complaint or call 1-800-551-4636 to submit a compliant.
We may revise or update this Policy from time to time, including as required under applicable laws. Updates to this Privacy Policy will be reflected in the “last updated” date, above.
We are rapidly expanding to new locations. Be the first to know when XPASS becomes available in your area.
See our Terms of Use.
XPASS is now available for download on iOS and Android devices and on the web.