Lindora Privacy Policy

Last Updated: March 25, 2025

This Lindora Privacy Policy describes how Lindora Franchise, LLC (“Lindora”) and our corporate parent, Xponential Fitness LLC (collectively, “we”, “us”, or “our”) collects, discloses, and uses personal information. This Lindora Privacy Policy supplements the Xponential Privacy Policy , and applies to personal information we collect online, via our website (https://www.lindora.com/) and our other online platforms or services where this Lindora Privacy Policy is displayed (collectively, “Online Services”), and offline, including at our studios, and programs and events operated by or in partnership with us. For purposes of this Lindora Privacy Policy, the term “personal information” has the same meaning as the equivalent term defined under applicable laws, including related to certain health data, and does not include certain types of information, such as publicly available information or de-identified information.

We encourage you to read our privacy policies – including this Lindora Privacy Policy and the Lindora Consumer Health Data Privacy Policy – carefully and review them regularly for any updates to better understand how we handle your personal information.California consumers can find specific disclosures, including “Notice at Collection” details, by clicking here.

Clinician Partners

Our franchisees partner with wellness professionals and licensed healthcare practitioners (the “Clinician Partners”) to facilitate hormone, GLP-1, or other health-related treatments or services from Lindora. Certain personal information collected by the Clinician Partners in the provision of these services to you is medical information. This data may be accessible to us and third parties that assist in providing the health-related treatment(s) or service(s) that you request, each as appropriate; it is securely stored in systems controlled by our corporate parent.

For more information about the handling of your medical information, please review the Notice of Privacy Practices maintained by the Clinician Partner.

What Personal Information We Collect

The personal information we collect depends on how you interact with us, the services you use, and the choices you make.

We may collect the following categories of personal information from and about you:

Identifiers and device information, such as your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in our “ Cookie Policy ”, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data. name, email address, IP address;
Name and contact information, such as name, username or alias, and contact details such as email address, postal address, and phone number.
Demographic data, in some cases, such as when you register or participate in surveys, we request that you provide age, gender, marital status, and similar demographic details.
Content and files, such as the photos, documents, or other files you upload to our services; and if you send us email messages or other communications, we collect and retain those communications.
Characteristics of protected classifications under certain state or federal law, such as your age and gender;
Commercial information, such as products or services purchased, obtained, or considered;
Internet or other electronic network activity information, such as information regarding your interaction with our Online Services;
Payment information, such as credit or debit card number and other payment or financial information;
Geolocation data, such as information collected through GPS technology. This information may include precise geolocation data, meaning data derived from a device and that is used to locate you within a circle with a radius of 1,850 feet or less, which is considered a type of sensitive personal information;
Usage data, such as automatic logs of your activity on our websites, apps and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website;

Sensitive personal information, as the term is defined in applicable privacy laws and for purposes as permitted by applicable laws or with your consent, which may include government ID, account access information, sensitive demographic data, contents of communications, genetic data, biometric information, sexuality data, health data, and precise geolocation data.

How We Collect Your Personal Information

We typically collect personal information from you, or about you from the Clinician Partners, in order to provide you with our services. More specifically, we may collect personal information:

Directly from you, such as when you complete forms, register or purchase products and services, sign up to receive emails or text messages, contact us, book or attend an appointment, make a payment, or visit our Online Services or our clinics or other physical locations, and events;
Indirectly from you, including when you interact with our Online Services, such as when certain information is automatically collected using online tracking technologies, such as pixels, cookies, and web beacons, or when you use Wi-Fi services provided by us in our clinics or other physical locations;
From our corporate parent and franchisees, such as when you register for and attend appointments (other than with the Clinician Partners), promotional events, or otherwise interact with us or our franchisees;
From our business partners, such as when we collaborate or co-sponsor events with other businesses with which we partner;
From our vendors, such as our service providers that collect your personal information on our behalf, including data analytics companies, or that otherwise assist us in the provision of services to you; and
From third parties and other sources, such as social media platforms and online advertising networks, as well as from data brokers and aggregators from which we obtain data to supplement the data we collect;
Co-branding/marketing partners with which we offer co-branded services or engage in joint marketing activities;
Publicly available sources of information, such as open government databases.

How We Use Your Personal Information

We may use or disclose the personal information we collect for different purposes, which may include one or more of the following business purposes:

Purposes of Use	Categories of Personal Information
Product and service delivery. To provide and deliver our services, including troubleshooting, improving, and personalizing those services.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data, information about sex life or sexual orientation
Business operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data, information about sex life or sexual orientation
Product improvement, development, and research. To develop new services or features, and conduct research.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, biometric information for identification, health data, information about sex life or sexual orientation
Personalization. To understand you and your preferences to enhance your experience and enjoyment using our services.	Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: precise geolocation data, sensitive demographic data, health data, information about sex life or sexual orientation
Customer support. To provide customer support and respond to your questions.	Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, inferences Sensitive Information: account access information, health data, information about sex life or sexual orientation
Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: health data, information about sex life or sexual orientation
Marketing. To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: precise geolocation data, health data, information about sex life or sexual orientation
Advertising. To display advertising to you.	Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences Sensitive Information: precise geolocation data, health data, information about sex life or sexual orientation

We combine data we collect from different sources for these purposes, and to give you a more seamless, consistent, and personalized experience.

To Whom We Disclose Your Personal Information

We may disclose personal information to different persons for various purposes, consistent with this Lindora Privacy Policy, which may include the following:

The Clinician Partners, under your direction, to facilitate visits and other health-related service(s) or treatment(s);
Our corporate parent and franchisees, including to maintain your membership or our business relationship with you;
Vendors and service providers, including who perform certain services and/or support internal, clinic management, or other business operations;
Publicly, as you may select options available through our services to publicly display and disclose your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data;
Financial services and payment processing partners, including when you provide payment data to make a purchase, when we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services;
Business partners or other third parties, including for promotional purposes and to serve or display advertising (note that we do not share sensitive personal information for promotional or advertising purposes without your consent);
Successor(s) of our business, relating to all or part of the business, to evaluate proposed transaction or conduct a sale, reorganization, merger, acquisition, or other change of control; and
Government, regulatory, or investigatory bodies, or other law enforcement entities, including for purposes of complying with applicable law or responding to valid legal process, such as a court order or subpoena.

We also may share information with third parties when we have your consent or otherwise as described to you at the point of collection. Note, however, that if you provided us with consent to contact you such as through SMS, we do not share that consent with third parties.

Third party analytics and advertising companies also collect personal information through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in our “Cookie Policy.” These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

Some of the data disclosures to these third parties may be considered a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states.

NOTICE: We may sell your sensitive personal information. Please see the “How to Exercise Your Privacy Rights” and “For California Residents” sections below for more details.

Please note that some of our services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy statements.

Finally, we may disclose de-identified information in accordance with applicable law.

Your Privacy Rights

Depending on applicable laws or the jurisdiction you reside in, you have certain rights regarding your personal information, which may include the right to:

Access and confirm processing of your personal information, including, in some states, the right to know the categories of or specific third parties to whom we business disclose personal information;
Correct inaccuracies in the personal information we maintain about you;
Delete your personal information;
Receive a copy of your personal information in a portable format, where technically feasible;
Opt-out of the “sale” or “sharing” of your personal information or “targeted advertising” (as these terms are defined under privacy laws applicable to you);
Appeal, in connection with a decision made regarding your privacy rights request; and
Limit the use and disclosure of sensitive personal information.

Some of these rights may be limited when certain exceptions are provided under applicable laws, including to complete a transaction or to comply with a legal obligation. You will not receive discriminatory treatment for exercising your privacy rights.

How to Exercise Your Privacy Rights

To exercise your privacy rights, please submit a request by either visiting and completing our online request form (Your Privacy Choices Request Form) or calling us at (949) 346-3000. We may request additional information to verify your identity before we can respond to your request.

You may designate an authorized agent to submit privacy rights requests on your behalf. Authorized agents will be required to provide proof of their authority to act on your behalf by providing relevant documentation. We may contact you to confirm an authorized agent’s representation and to verify your identity.

Browser and Platform Controls

To exercise your rights to opt-out of the “sale” and “sharing” of your personal information and of targeted advertising you can use the other cookie or mobile ID controls described below:

Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
Global Privacy Control. You may also enable the Global Privacy Control (GPC) to exercise your opt-out rights. The GPC, which is a tool that communicates your opt-out preferences, if your browser or browser extension supports such a signal. The GPC may apply only to a single browser or device, and you may need to turn on the GPC signal for each browser that you use. For more information about GPC, please visit https://globalprivacycontrol.org/.
Do Not Track. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
Email Web Beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, and the automatic connection to the web servers that host those images.

Except for the automated controls described above, if you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal using the contact method described at the bottom of this privacy statement.

Additional U.S. State-Specific Privacy Information

You may have additional rights based on your location or jurisdiction of residency, as described below.

For California Residents

If you are a resident of California and the personal information we process about you is subject to the California Consumer Protection Act, you have certain rights with respect to that information.

Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this statement by clicking on the above links.

Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this privacy statement. You may make such a “request to know” as described in “How to Exercise Your Privacy Rights.”

Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, make a request as described in “How to Exercise Your Privacy Rights.”

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data disclosures described in this privacy statement may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online services, but do not “sell” or “share” any other types of personal information. If you do not wish for us or our partners to “sell” or “share” personal information relating to your visits to our sites for advertising purposes, you can make your request by visiting our “Do Not Sell or Share My Personal Information” page, using a Global Privacy Control, or emailing us using the contact information at the bottom of this Statement. If you opt-out using these choices, we will not disclose or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.

We do not knowingly sell or share the personal information of minors under 16 years of age.

Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law.

To opt-out from such additional purposes, please visit our “Limit the Use of My Sensitive Personal information” page or use the Global Privacy Control described in the “How to Exercise Your Privacy Rights” section of this statement.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.

Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.

Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.

Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

Notice of Financial Incentive

We may provide certain discounts, special offers, benefits, or other rewards as part of our membership, which may be interpreted as a “financial incentive” or “bona fide loyalty program” under certain applicable laws, when we collect your personal information, which may include your name, contact information, address, or birthday. Joining this voluntary program is subject to our Terms and all applicable laws. The value of your personal information may vary depending on the types of special offers, benefits, or other rewards that are available and you choose to participate in, and it is reasonably related to the incentives that we offer. You may withdraw from a financial incentive at any time by contacting us as described below.

California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed to privacy@xponential.com. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

For Washington and Nevada Consumers and Residents

For consumers in Washington and Nevada, please refer to our Cookie Policy Consumer Health Data Privacy Policy for additional information about processing your consumer health data and your rights.

How We Protect Your Personal Information

We use reasonable security measures that are designed to protect your personal information from unauthorized access and use, which may include using access controls and using Secure Socket Layer (SSL) technology to encrypt certain sensitive information. Furthermore, we implement additional measures to ensure consumer health data is stored in a secure environment.

However, no system of transmission or storage of data can be 100% secure. As such, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control.

Retention of Your Personal Information

We retain your personal information for no longer than is reasonably necessary to fulfill the purposes described in this Lindora Privacy Policy or any other notice provided to you at the time your personal information is collected, and to comply with our legal obligations.

Children’s Privacy

Our services are not directed to or intended for use by individuals under the age of 16. We do not knowingly collect personal information from individuals under the age of 16.

Third-Party Websites

To the extent our website may link to a third-party website, and if you should use such links, we are not responsible for the content of any third-party website, nor for the data collection or handling practices of such third party, as we do not control such sites. We encourage you to review the privacy policy of any such third-party website.

Cookie Policy

We use tracking technologies, such as pixels, cookies, and web beacons to ensure that those using our Online Services have the best possible experience. For more information about our cookie practices, please refer to our

Transfer of Personal Information

We are located in the United States. You understand and agree that personal information that you provide to us, or which we collect about you may be transferred to, or processed or stored in, the United States, which may not provide the same level of protection to such information as that of your country of residency.

How To Contact Us

If you have any questions about our privacy policies (including this Lindora Privacy Policy or the Lindora Consumer Health Data Privacy Policy), how we process your personal information, or have concerns about how we have handled your prior privacy requests and would like to appeal to us or a state regulator, please email our corporate parent at privacy@xponential.com or contact us at: Phone: (949) 346-3000.

Xponential

17877 Von Karman Ave.

Irvine, California 9261

Attention: Privacy

Changes To This Lindora Privacy Policy

We may revise or update this Lindora Privacy Policy from time to time, including as required under applicable privacy laws or to incorporate changes to our privacy practices. Updates to this Lindora Privacy Policy will be reflected in the “last updated” date, above.