Last Updated: November 30, 2023
If you use our Service in a clinical setting, you may receive a different privacy notice from your health care provider and/or the sponsor of the clinical research if applicable. Those notices will apply to the activities they describe.
NOTICE TO EUROPEAN USERS: Please see the Notice to European Users section below for additional information for individuals located in the European Economic Area or United Kingdom (which we refer to as “Europe”, and “European” should be understood accordingly).
- Personal information we collect
- How we use your personal information
- How we share your personal information
- Your choices
- Other sites and services
- International data transfer
- How to contact us
- Notice to European users
Personal information we collect
Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
- Contact data, such as your first and last name, phone number, and email address.
- Registration data that you provide when you register through the Service, such as your first name, last name, email address, display name, state, country, gender and date of birth.
- Profile data, such as the username and password that you may set to establish an online account on the Service, photograph, list of people you follow and those who follow you and any other information that you add to your account profile.
- Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise.
- Transactional data, such as information relating to your TRIPP subscription plan or needed to complete your orders on or through the Service, including order numbers, subscription method and transaction history.
- Marketing data, such as your preferences for receiving our marketing communications.
- User-generated content, such as profile pictures; photos; images; music; videos; comments; questions; messages; voice recordings; lists of friends, followers, and circles you’re connected to and interact with; and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
- Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
- Health and fitness data that you store in your mobile health apps, such as Apple HealthKit and Google Fit, when you choose to grant us access to it;
- Mood and feelings, based on your voluntary responses to surveys and questionnaires;
- Body dimensions that you choose to store in the tracking features of your VR device such as a Meta Quest.
- Payment information needed to complete transactions, including payment card information or bank account number. Note that your payment card information is processed directly by our third-party providers (see How we share your personal information, below).
- Survey and promotions data, including information you share when you choose to participate in a promotion or complete a survey. We recommend that you read any instructions, terms or rules applicable to the survey or promotion before participating.
Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
- Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
- Data providers, such as information services and data licensors that provide demographic and other information.
- Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.
- Marketing partners, such as joint marketing partners and event co-sponsors.
- Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer, mobile device or headset, and your interaction over time with the Service, our communications and other online services, such as:
- Device data, such as your computer, mobile or headset’s operating system type and version, manufacturer and model, browser type, graphics processing unit, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including VR App identifiers and identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
- Interaction data, such as information about the content, features, length and frequency of TRIPPs taken on the VR App.
- Technical system information, such as crash logs which may contain your user ID, device ID, IP address, local computer file path, feature quality, and use of that feature.
- Precise geolocation data when you authorize our Mobile App to access your mobile device’s location.
- Fitness, such as the number of calories you have burned or how long you have been physically active when you choose to track this data using the health tracking features of your device;
- Physical characteristics and movement, such as:
- Head and controller movement, including the position, orientation and speed of your headset and controllers;
- Physiological data, such as your heart rate and breathing rate;
- Body dimensions, such as your height, derived from the headset’s distance from the floor;
- Eye direction through cameras that estimate the direction of where your eyes are looking if you choose to grant us access to it through your device’s operating system;
- Hand data, such as estimated hand size, orientation, and finger configuration to generate a generic hand model that can be used to navigate the VR App if you choose to grant us access to it through your device’s operating system;
- Facial expressions estimating how your face is moving if you choose to grant us access to it through your device’s operating system.
- Physical environment data, such as the dimensions of the room where you use the device.
Cookies and other technologies. Some of the automatic collection described above is facilitated by the following technologies:
- Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.
- Session replay services, which employ software code to record users’ interactions with the Service in a manner that allows us to watch DVR-like replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, scrolls and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. For example, we use session replay services provided by Hotjar. You can learn more about Hotjar at https://www.hotjar.com/legal/policies/privacy/.
- Software development kits (SDKs), or third-party computer code, that may be used for a variety of purposes, including to provide us with analytics regarding the use of our applications, to integrate with social media, add features or functionality to our applications, or to facilitate online advertising. SDKs may enable third parties to collect information directly from our applications.
Data about others. We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described at the time of collection:
Service delivery. We may use your personal information to:
- provide, operate and improve the Service and our business;
- facilitate your invitations to friends who you want to invite to join the Service;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with the Service and our communications; and
- provide support for the Service, and respond to your requests, questions and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.
Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct marketing. We may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Cookies and other technologies. In addition to the other uses included in this section, we may use the Cookies and other technologies described above for the following purposes:
- Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
- Advertising. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.
- Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.
Retention of personal information
We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account through our Mobile App and selecting the gear icon in the top right corner or logging into our Site.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.
Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.
Advertising choices. You can limit use of your information for interest-based advertising by:
- Browser settings. Blocking third-party cookies in your browser settings.
- Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.
- Platform Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising:
- Google: https://adssettings.google.com/
- Facebook: https://www.facebook.com/about/ads
- Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance: aboutads.info.
- AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.
- Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
You will need to apply these opt-out settings on each device from which you wish to opt-out.
We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Linked third-party platforms. If you choose to connect to the Service through a third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
Delete your content or close your account. You can choose to delete certain content through your Mobile App account or by emailing us at email@example.com. If you wish to request to close your account, please contact us.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
For more information on how we transfer the personal information of individuals based in Europe, please see the Notice to European Users section.
The Service is not intended for use by anyone under 16 years of age . If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
How to contact us
- Email: firstname.lastname@example.org
- Mail: 5877 Obama Boulevard, Los Angeles, California, 90016
- Phone: +1 213-770-7751
Notice to European users
Our GDPR Representatives. We have appointed the following representatives in Europe as required by the GDPR – you can also contact them directly should you wish:
Our Representative in the EU. Our EU representative appointed under the EU GDPR is European Data Protection Office (EDPO). You can contact them:
- By email by using this online request form: https://edpo.com/gdpr-data-request/
- By postal mail to: EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
Our Representative in the UK. Our UK representative appointed under the UK GDPR is EDPO UK Ltd. You can contact them:
- By email by using this online request form: https://edpo.com/uk-gdpr-data-request/
- By postal mail to: EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Our legal bases for processing. In respect of each of the purposes for which we use your personal information, the GDPR requires us to ensure that we have a “legal basis” for that use.
- Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your personal information for is set out in the table below.
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
- Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).
We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your personal information – for more information on these Purposes and the data types involved, see How we use your personal information section above
Categories of personal information involved
Research and development
Marketing and advertising
Compliance and protection
To create anonymous, aggregated or de-identified data
Special categories of personal information. In addition to the categories of personal information set out in the table above, we process certain special categories of personal information (e.g., health-related data, biometrics or genetic characteristics). We can only process such special categories of personal information with your consent. You are free to choose not to provide us with special categories of personal information. If you do not consent to our processing and use of such special categories, you may not be able to use certain elements of the Service.
For any special categories of personal data we process, we must establish a ‘condition’ to process such data in addition to a legal basis, because it is considered to be more sensitive in nature – for example, we may look to obtain your explicit consent to the processing of those special categories of personal data for one or more specified purposes (“Explicit Consent”).
We have set out below the legal bases and conditions we rely on in respect of the relevant Purposes for which we use your special categories of personal information – for more information on these Purposes and the data types involved, see How we use your personal information section above.
Categories of personal information involved
Legal basis and condition
• Health and fitness data
• Mood and feelings
• Body dimensions
• Physical characteristics and movement
• Legal basis: Consent
• Condition: Explicit Consent
Research and development
Retention. We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance and protection purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information, we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
No Automated Decision-Making and Profiling. As part of the Service, we do not engage in automated decision-making and/or profiling, which produces legal or similarly significant effects.
Your rights. European data protection laws give you the right to ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information where there is no good reason for us continuing to process it – you also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
- Object. Object to our processing of your personal information where we are relying on Legitimate Interests – you also have the right to object where we are processing your personal information for direct marketing purposes.
- Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time.
Exercising These Rights. You may submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.
Your Right to Lodge a Complaint with your Supervisory Authority. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.
- For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
- For users in the UK – the contact information for the UK data protection regulator is below:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113
Data processing outside Europe. We may share your personal information with third parties who may be based outside of the EEA and/or UK. In such circumstances, those parties’ processing of your personal information will involve a transfer of your personal information outside of the EEA and/or UK where privacy laws may not be as protective as those in your state, province, or country.
You can obtain further information or a copy of or access safeguards under which your personal information is transferred outside of the EEA and/or UK by contacting us at firstname.lastname@example.org.