Within Unlimited, Inc. Privacy Policy

Effective as of January 31, 2020

Welcome to Within Unlimited, Inc. (“Within”, “we”, “us” and/or “our”). We have prepared this “Privacy Policy” to explain how we collect, use, protect and disclose information and data when you use the Within website (“Site”) and any Within services, including any software, mobile applications, products, devices or other services offered by Within from time to time and other services offered through third parties integrating Within functionality (collectively, “Services”). “You” refers to you as a user of the Site or Services.

We provide important information for California residents here.

TABLE OF CONTENTS

  1. personal information we collect

  2. how we use your personal information

  3. with whom we share your personal information

  4. your choices

  5. other sites and services

  6. security

  7. children’s privacy

  8. International data transfer

  9. changes to this privacy policy

  10. how to contact us

  11. important information for california residents

PERSONAL INFORMATION WE COLLECT

Personal information you provide to us. Personal information you may provide to us when you use the Services or otherwise includes:

  • Contact data, such as your name, email address, mailing address and phone number;
  • Profile data that you provide when you register for or update your account on the Services, such as your username and password, home city or town, age, profile image, height, weight, injuries and/or limitations, equipment you own, activity preferences, followers and workout ratings.
  • Fitness and performance data, such as, for our Supernatural service, heart rate data, classes taken, fitness performance history, achievements, workout history and details and additional fitness information that you choose to link to or share with us through Within.
  • Financial data, such as your credit card number and/or other related information that may be required from you to complete your purchase, however Stripe and other App Store transactions are stored solely by those partners/platforms.
  • Purchase data, such as order history and information about the transactions you have completed with us.
  • Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Information collected automatically. We, our service providers and our third party partners may automatically log information about you, your computer or mobile device, and your activity over time on the Services and other online services, including:

  • Usage data, such as the date and time of your access, visit or use of the Services, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, searches you conduct on our Site and information about your activity on a page or screen.
  • Device data, such as unique device identifier, media access control address, network information, hardware model, browser type, screen resolution, IP address as well as usage and traffic data and information about how the device interacts with the Services.
  • Precise geolocation data, such as when you authorize our mobile application to access your location.

Some of our automatic collection is facilitated by:

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
  • Web beacons, also known as pixel tags or clear GIFs, which are typically used demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns. We may use web beacons to track your use of Site or to collect information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails.

Third party platforms. When you choose to connect with a social media service or other third party platform when using the Services, including Facebook, Google or Oculus, we may collect information about you from that platform, including any information that you choose to import into the Services. You may also be able to access posting and sharing tools on the Services that allow you to post information to a social media or third party platform. By using these tools, you acknowledge that some account information may be transmitted from the applicable platform account to us; our treatment of that information is covered by this Privacy Policy. Additionally, when you use one of these tools, the social media or third party platform may be collecting information about your online activity through its own tracking technologies, subject to its own privacy policy. We encourage you to read the privacy and other policies of any third party platform you use in connection with the Services.

HOW WE USE your personal INFORMATION

We may use your personal information for the purpose for which it was provided, including without limitation for the purposes described further below:

Service delivery. We may use your personal information to:

  • provide you with access to the Services;
  • support and maintain your use of the Services
  • monitor your use of the Services;
  • provide you with the opportunity to participate in surveys, contests and other special offers;
  • enhance or supplement the Services;
  • communicate with you about the Services, including regarding the status of any orders of products and to respond to your inquiries, including for customer support; and
  • understand your needs and interests, and personalize your experience with the Services and our communications.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Services and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Marketing and advertising. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you Within-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the “Opt-out of marketing communications” section below.
  • Interest-based advertising. We may contract with third-party advertising companies and social media companies to display ads on the Services and other sites. These companies may use cookies and similar technologies to try to tailor the ads you see online to your interests based on your activity over time across the Services and other sites, or your interaction with our emails. These ads are known as interest-based advertisements. You can learn more about your choices for limiting interest-based advertising, in the “Advertising choices” section below.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • enforce the terms and conditions that govern the Services; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

For other purposes. We may also use your personal information for other purposes described in this Privacy Policy or at the time we collect the information.

With Whom We share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy.

Payment processors. Any payment card information you use to make a purchase on the Services is collected and processed directly by one of our payment processors, Stripe or Oculus, and we never physically receive or store your full payment card information.

Other users and the public. By using the Site or Services, including creation of a profile or submission of public queries, you may make certain of your Personal Information available to others, such as your name, your user name, and your picture. This information may be accessed by users who use the Site or Services and may be accessed by commercial search engines such as Google, Yahoo!, and Bing to the extent that such engines are permitted to access the Site or Services.

Service providers. From time to time, we may establish a business relationship with other businesses that we believe to be trustworthy and have privacy practices consistent with ours (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management, music integration and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use or disclosure. Service Providers are prohibited from using Personal Information other than as specified by Within.

Advertising partners. We may work with third-party advertisers, search providers, and ad networks (“Advertisers”). These companies may collect and use information about your use of the Site or Services in order to provide advertisements about goods and services that may be of interest to you. Advertisements may be shown via the Site, the Services, or third-party websites and online services. These companies may place or recognize a unique cookie on your computer or use other technologies such as web beacons. Our Privacy Policy does not cover any use of information that Advertisers may collect from you or that you choose to provide to them.

Business transferees. If Within is merged, acquired, or sold, or in the event of a transfer of some or all of our assets or equity, we may sell, disclose or transfer your personal information in connection with such transaction, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us.

Law enforcement. Within will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose your personal information to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property or rights of Within or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.

For other purposes. We may also share your personal information for other purposes described in this Privacy Policy or with your consent.

YOUR choices

Opt-out of marketing communications. You can opt out of receiving certain emails by changing notification settings on the Site or in our applications, clicking the unsubscribe link provided in an email, or by emailing us at [email protected]. If you have questions or concerns regarding this Privacy Policy, please email us at [email protected].

Account information. If you have purchased a subscription or otherwise signed up for an account, then you may access your account at any time once logged on, and you may modify, update and change your account settings through your account on the Services. When you update information, we may maintain a copy of the unrevised information in our records. You can also delete your account by emailing us at [email protected]. Please note that we will need to verify that you have the authority to delete the account. Also, some information may remain in our records after your deletion of such information from your account, and public activity on your account prior to deletion may remain publicly accessible.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Services may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Privacy settings and location data. Users of our mobile application can disable our access to their device’s precise geolocation in their mobile device settings.

Advertising choices. Like many companies online, we use services provided by Google, Facebook and others that help deliver interest-based ads to you. Your choices for limiting collection and/or use of your personal information by these companies include:

  • Browser settings. Blocking third party cookies in your browser settings using or ad-blocking browser plug-ins/extensions.
  • Mobile device settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Platform settings. Using Google’s and Facebook’s interest-based advertising opt-out features:
    • Google: https://adssettings.google.com/
    • Facebook: https://www.facebook.com/about/ads
  • Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:


The opt-out preferences described above must be set on each device for which you want them to apply. Not all companies that serve interest-based ads participate in the ad industry opt-out programs described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing not to share your personal information. If you do not provide information that we need to provide the Services, we may not be able to provide you with the Services or certain features. We will tell you what information you must provide to receive the Services when we request it.

Third party platforms. If you choose to connect to Within through your social media account on Facebook or Google or another third party platform like Oculus, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.

other sites and services

Our Site and Services may contain links to or integrate with other websites and online services, or allow others to send you such links. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or other online services operated by third parties, and Within is not responsible or liable for any damage or loss related to your use of any such third-party website or online service. You should always read the terms and conditions and privacy policy of a third-party website or online service before using it, whether directly or in connection with your use of the Site or Services.

SECURITY

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.

CHILDREN'S PRIVACY

We offer to our users a range of Services, some of which are primarily targeted at children, and others that are intended for users of all ages and their families. We are required under the Children Online Privacy Protection Act (“COPPA”), with limited exceptions, to obtain verifiable parental consent in order to collect, use, or disclose personal information from children.

Many of our Services are intended for general audiences and do not knowingly collect any personal information from children. If our Services request age information from your child and your child indicates that he/she is under 13 years old (except for our Supernatural service), the Services will block your child from providing personal information. However, please note that if your child indicates that he/she is under the age of 13, your child will not be blocked from using our Services (except for our Supernatural service). For more information on age limitations for the Supernatural service, please see our Supernatural Terms of Use.

For our Services that are primarily directed at children under the age of 13, we do not collect personal information, except in those instances under COPPA where personal information may be collected without verifiable parental consent. For example, if your child provides us feedback or contacts us (for support, for example), we will collect the data included in the communication. We will use this personal information to assist your child with his/her query or support request and then delete such information once we have fulfilled the child’s query or support request. We do not share your child’s personal information with third parties, other than as described in this Privacy Policy.

We do not knowingly collect personal information from children under the age of 13. If we learn that we have inadvertently collected personal information from a child under the age of 13, we will delete such information from our records. If you believe that we might have any personal information from a child under 13, please contact us at [email protected].

international data transfer

We are headquartered in the United States and may use service providers in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

PRIVACY POLICY CHANGES

From time to time, we may change this Privacy Policy. If we change this Privacy Policy, we will give you notice by posting the revised Privacy Policy on the Site and within our Services. Those changes will go into effect on the effective date shown in the revised Privacy Policy. In all cases, by continuing to use the Site or Services, you consent to the revised Privacy Policy.

PLEASE PRINT A COPY OF THIS PRIVACY POLICY FOR YOUR RECORDS AND PLEASE CHECK THE SITE FREQUENTLY FOR ANY CHANGES TO THIS PRIVACY POLICY.

how to contact us

If you have any questions about this Privacy Policy or our information handling practices, you may contact us at [email protected] or via postal mail at the following address: Within Unlimited, Inc., Privacy Policy Inquiry, 3760 Motor Avenue, Los Angeles, California 90034.

important information for california residents

This section applies only to California residents and is immediately effective at the time this Privacy Policy is posted. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties with whom we share Personal Information.
    • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
    • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
  • Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
  • Deletion. You can ask us to delete the Personal Information that we have collected from you.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of the Services.

How to exercise your rights. You may exercise your California privacy rights described above as follows:

  • Right to information, access and deletion. You can request to exercise your information, access and deletion rights by emailing us at [email protected], visiting our website at with.in/CCPA or by calling (888) 602-4744. We reserve the right to confirm your California residence and will need to confirm your identity to process your requests. As part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
  • Request a list of third party marketers. California’s “Shine the Light” law (California Civil Code § 1798.83) allows California residents to ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide certain information about the companies’ sharing of certain personal information with third parties for their direct marketing purposes during the preceding year. You can submit such a request by sending an email to [email protected] with “Shine the Light” in the subject line. The request must include your current name, street address, city, state, and zip code and attest to the fact that you are a California resident.
  • We do not sell your personal information. Based on our understanding of the term “sell” under the CCPA, we do not “sell” your Personal Information and have not sold it to third parties for a business or commercial purpose in the 12 months preceding the effective date of this Privacy Policy. However, like many companies online, we use services provided by Google, Facebook and others that help deliver interest-based ads to you as described in the section above entitled “Interest-Based Advertising.” You can review your options for opting-out of such services in the section above entitled “Advertising choices.”

Personal information that we collect, use and share. We are required to explain the categories of Personal Information we collect by reference to the categories specified by the CCPA (in bold), as defined here, which are described in the list below. For each category, we list the type of data we collect and the source of that data as described in the section above entitled “Personal Information We Collect.” We have not sold your personal information in the preceding 12 months.

  • Identifiers
    • What we collect: Contact data, profile data
    • Sources: You, third party platforms
  • Commercial information
    • What we collect: Profile data, fitness and performance data, purchase data, usage data
    • Sources: You, automatic collection, third party platforms
  • Financial Information
    • What we collect: Financial data
    • Sources: You
  • Online identifiers
    • What we collect: Contact data, profile data, usage data, device data
    • Sources: You, automatic collection, third party platforms
  • Internet or network information
    • What we collect: Device data, usage data
    • Sources: Automatic collection
  • Geolocation data
    • What we collect: Device data, precise geolocation data
    • Sources: Automatic collection
  • Inferences drawn from any of the above information to create a profile reflecting your preferences, characteristics, and behavior.
    • May be derived from: Profile data, fitness and performance data, purchase data, usage data.
  • Medical Information
    • What we collect: Profile data, fitness and performance data
    • Sources: You, third party platforms
  • Physical Description
    • What we collect: Profile data, fitness and performance data
    • Sources: You, third party platforms
  • Protected Classification Characteristics, which we do not intentionally collect, but may be revealed in other data we collect.
  • Biometric Information
    • What we collect: Profile data, fitness and performance data
    • Sources: You, third party platforms

The business/commercial purposes for which we use each category of Personal Information above are described in the section above entitled “How We Use Your Personal Information.” The categories of third parties to which we disclose each category of Personal Information above of Personal Information for business purposes are described in the section above entitled “With Whom We Share Your Personal Information.”

The above summary of how we collect, use, share Personal Information describes our practices for the 12 months preceding the effective date at the top of this Privacy Policy. Information that you choose to provide to us may include other categories of information.