Thrive Global Privacy Policy

Last Updated: September 8, 2021

Welcome to Thrive Global Holdings Inc. (“Thrive”, “we”, “us” and/or “our”). Our website (“Site”) also allows you (“Users,” “you,” or “your”) to easily access and use content, including features, resources and other information intended to help you change the way you live and work. Our mobile application and services (“App”) helps Users achieve behavior change through “too small to fail” incremental microsteps, personal assessments, video micro-learning, inspiring stories and other content and resources. Collectively, the services we provide through the Site and the App from time to time are defined as the “Service(s)”.

PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy explains what personal data we collect through the Services, how we use and share that data, and your choices concerning our data practices. This Privacy Policy forms part of our Terms and Conditions Agreement, which is available at https://www.thriveglobal.com/thrive/terms.

By using the Services AND providing us with your personal data when, you expressly agree to our use of the personal data in accordance with the practices described in this Privacy Policy. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE THE SERVICES.

Users in different regions might be subject to different data protection standards and based on their employer DPA (Data Protection Agreement) with Thrive Global (For App Users Only). This document has a section dedicated to European Union consumers and their privacy rights, as well as a section dedicated to California consumers and their privacy rights.

This Privacy Policy applies to all Services we provide, except for Thrive ZP Services, which are covered by a different privacy policy https://thrivezp.com/privacy/ and different terms and conditions https://thrivezp.com/tos/.

INFORMATION WE COLLECT

When you interact with us through the Services, we collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”), described below.

I. App Users

Personal Data You Provide Us. We collect the information that you choose to provide when you use the Services, such as your name, email address contact details, and password. You may also choose to provide other information to make public on the Services, such as a profile photo, biography, country information, demographic information (such as your racial and ethnic origin, as well as gender and age). We may also collect information on your interests and behaviors (such as the content you are most interested in), including through the use of cookies and other technologies as described below.

Automatically Collected Data. When you download and use our App we will automatically collect certain information, described under the Automatically Collected Data section below.

Location Information. When enabled by you, we collect location information provided by your device. We may also obtain location information you provide in your profile or from your Internet Protocol (IP) address. With your consent where required by the applicable law, we may also determine location by using other data from your device, such as precise location information from GPS, information about wireless networks or cell towers near your mobile device.

II. Site Users

Personal Data You Provide Us. We collect information that visitors to the Site enter when you sign up on the Site (e.g., email and password) or send to us electronically, for example when completing any “free text” boxes in our forms (such as on our “Contact Us” page, support request or survey submission), requesting information, registering for an event, or subscribing to email lists. While the type of data we collect depends on the nature of the inquiry, it typically includes name and contact details, company information, and phone number.

Automatically Collected Data. We automatically collect certain information relating to your use of our Site, described under the Automatically Collected Data section below.

III. Automatically Collected Data

When you use the Site or the App, the following information is created and automatically logged in our systems:

Log data: Information (“log data”) that your browser automatically sends whenever you visit the Site, or that the App automatically sends when you use the Services. Log data includes your IP address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Services.
Cookies: Information from cookies and other technologies. Please see the “Cookies” section below to learn more about how we use cookies and other technologies.
Device information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
Usage Information: Information about how you use our Site and the App, such as the types of content that you view or engage with, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities.

IV. Service Data

Where we provide the Services under contract with Thrive’s enterprise customers (“Customers”) (for example, your employer), that Customer controls whether the Customer provides Personal Data or other information to or in connection with the Services. In this Privacy Policy we refer to the data we process that is provided to us directly by our Customers as “Service Data”. Service Data does not include any Personal Data or other data provided to us or to the Services by a User (including a User who has access to the Services in connection with an enterprise relationship between a Customer and Thrive). Our use of Service Data is governed by our contract with the specific Customer and may be subject to the Customer’s own privacy policies. We are not responsible for the privacy policies or privacy practices of Customers or other third parties.

HOW WE USE INFORMATION

We use your Personal Data collected for the following purposes:

To authenticate Users and provide the Services. This processing is necessary to provide you with access to and use of the Services.

As necessary for certain legitimate business interests, which include the following:

To respond to your inquiries and fulfill your requests for products and services;
To customize our Services for you. For example, we use information on your use of Services features, including information that we obtain through cookies and other technologies, to better understand your needs and interests in order to personalize your experience with our Services by presenting content or functionalities tailored to your interests;
To send administrative information to you, for example, information regarding the Site or the App, and changes to our terms, conditions, and policies;
To provide, maintain and improve the content and functionality of the Services. For example, we regularly fix bugs or user experience issues that may be tied to particular user accounts. We use cookies and other technologies to analyze how Users interact with our Services. And that analysis can help us build better Services;
To conduct research, and provide aggregate and anonymized information on your use of our Services to third parties (such as device manufacturers);
If you ask us to delete your data and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing;
To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our Terms and Conditions Agreement; (d) protect our operations or those of any of our affiliates; (e) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain, as required or permitted by the law.

For individuals in the European Union (“EU”) and Switzerland, please see the “European Union (EU) Users” section below for information on what we mean by legitimate business interests and your rights

Marketing. We may contact you to tell you about content, services or products we believe will be of interest to you. If we do, where required by law, for example if you are a User in the EU, we will only send you marketing information if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by updating your user settings. In addition, if at any time you do not wish to receive future marketing communications, please contact us at [email protected]. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.

Usage Data. We glean valuable insights from your use of and interactions with the Services, including the aggregated and/or anonymized data that is derived from your and others’ use of the Services. We may create such aggregated and/or anonymized data from or using your interactions and contributions to the Services (including your content) and other metrics related to your usage of the Services. We use such aggregated and/or anonymized data in connection with our internal operations and functions, including, but not limited to, operational analytics and reporting, internal financial reporting and analysis, audit functions and archival purposes, as well as in connection with our other business purposes.

PARTICIPATION IN THRIVE PROGRAMS

In addition to the Services, we may offer certain programs for Thrive Users to participate in, such as webinars, events, stories, promotional contests, etc. (each a “Thrive Program”). By participating in a Thrive Program and submitting to Thrive Global any requested Personal Data or other information, you expressly agree that (i) Thrive may, for the duration of the Thrive Program and thereafter, copy, modify, display, distribute, or otherwise use, for any legitimate business purpose, any audio, pictures, video, information of or disclosed by you (including any health or personal information of yourself or your family whom you have valid authorization to do so), and/or other materials you submit to Thrive or otherwise are recorded by Thrive during the applicable Thrive Program, and (ii) you release and hold harmless Thrive from any liability or damages that may arise from such use. IF YOU DO NOT AGREE, PLEASE DO NOT PARTICIPATE IN ANY THRIVE PROGRAMS.

SHARING AND DISCLOSURE OF INFORMATION

We may share or disclose your information at your direction, such as when you authorize a third-party service to access your account or when you voluntarily share information or content via the Services.

There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, unless required by the law, as set forth below:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, caching and other IT services, email communication and automation platforms, customer support services, analytics, marketing, advertising (for more details on the third parties that use cookies and other technologies through the Site and the App, please see the “Cookies” section below). For example, we use Google Analytics to collect certain demographic data and to understand how our Site and the App are used, and Google Cloud, Microsoft Azure and Amazon Web Services for hosting. Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us. Please see the “Sub-processors” section below for a complete list of sub-processors.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Site or the App, or the public, or (iv) protect against legal liability.

DATA RETENTION

We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

UPDATE YOUR INFORMATION

If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us as described in the “Contact Us” section below. We will address your request as required by applicable law.

EUROPEAN UNION (EU) USERS – GDPR

Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Thrive Global is based in the United States. If you are accessing our Services from the European Union or other regions with laws governing data collection and use, please note that your Personal Data will be transmitted to our servers in the United States as necessary to provide you with the Services that you requested, administer our contract with you or to respond to your requests as described in this Privacy Policy, and the data may be transmitted to our service providers supporting our business operations (described above). The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this Privacy Policy. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our Site and Apps. We also enter into Standard Contractual Clauses agreement with your employer (for App users), and with our data processors that require them to treat personal information in a manner that is consistent with this Privacy Policy.

Legitimate Business Interest

“Legitimate business interest” means our interest in conducting our business, managing and delivering the best Services to you. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted to by law.

Standard Contractual Clauses

Although Thrive Global remains self-certified under the E.U.-U.S. and Swiss-U.S. Privacy Shield (see below), Thrive Global currently uses the Standard Contractual Clauses (SCCs) for E.U. to U.S. data transfers as an alternative to Privacy Shield in order to meet data protection requirements for our international customers subject to the General Data Protection Regulation (GDPR) and other data protection regulations. By agreeing to our Privacy Policy, if you are an EU resident, you are also agreeing to the Standard Contractual Clauses as the Data Exporter and Thrive Global as the Data Importer.

Further, you agree that Thrive Global Holdings Inc. is the data controller for processing Personal Data provided to us through the Services.

Contact Information

EU Users may contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of your Personal Data. If you want to raise a question to Thrive, or otherwise exercise your rights in respect of your personal data (described below), please contact DPR Group as follows:

send an email to [email protected];
fill in the online form at www.dpr.eu.com/thriveglobal, or
mail your inquiry to DPR Group at the most convenient of the addresses in the table below. Please ensure post is addressed to ‘DPR Group’ and not to ‘Thrive Global Holdings, Inc.’ directly, to ensure that your communications are received by DPR Group. Please refer clearly to Thrive in your correspondence.

Country	Address
Austria	DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium	DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria	DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia	DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus	DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic	DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark	DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia	DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland	DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France	DPR Group, 72 rue de Lessard, Rouen, 76100, France
Germany	DPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece	DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary	DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary
Ireland	DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy	DPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy
Latvia	DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Lithuania	DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania
Luxembourg	DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta	DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands	DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Poland	DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal	DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania	DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania
Slovakia	DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia	DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain	DataRep, BPM 335368, Avd. Castilla La Mancha Nº 70-1 (Nave A), 45270, Mocejon-Toledo, Spain
Sweden	DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United Kingdom	DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data that we hold about you:

Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:a
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your Personal Data for direct marketing.
Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Rights in relation to automated decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Data (including profiling) which produce a significant legal effect on you, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Privacy Shield

Thrive Global complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Thrive Global has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Thrive Global is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and the Privacy Shield Principles, please visit https://www.privacyshield.gov/. Thrive Global’s Privacy Shield certification is available at: https://www.privacyshield.gov/participant?id=a2zt00000008XqRAAU&status=Active

In compliance with the Privacy Shield Principles, Thrive Global commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the DPR Group (as noted below) or [email protected].

Thrive Global has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield Program, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Further, in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. In cases of onward transfer of personal information to third parties of data of EU and Swiss individuals received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Thrive Global remains liable.

Sub-processors

Name and Address of Sub-Processor

Microsoft Azure	One Microsoft Way, Redmond, WA 980527 US
Google	1600 Amphitheatre Pkwy Mountain View, CA 94043 US
Amazon Web Services	410 Terry Avenue North, Seattle, WA 98109 US
Qualtrics	333 W River Park Dr, Provo, UT 84604, US
Segment	100 California Street, Suite 700 San Francisco, CA 94111 US
Sailthru	One World Trade Center, Suite 48A New York, NY 10007 US
Amplitude Analytics	631 Howard St 5th floor, San Francisco, CA 94105 US
Loopio	310 Spadina Ave. #600, Toronto, ON M5T 2E8, Canada
Okta	100 First Street, 6th Floor San Francisco, CA 94105 US
Fivetran	405 14th St floor 11, Oakland, CA 94612 US
Salesforce	The Landmark @ One Market, Suite 300 San Francisco, CA 94105 US
Zendesk	500 Howard St, San Francisco, CA 94105 US
Looker	101 Church Street, 4th Floor, Santa Cruz, CA 95060 US
Touchcast	609 Greenwich Street, 5th Floor, New York, NY 10014

CALIFORNIA PRIVACY DISCLOSURE

Do Not Track Signals: The Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

California’s “Do Not Sell My Info” Law

Thrive Global does not sell your personal information for payment or other monetary consideration. However, because California law broadly defines a “sale” of your personal information to include the act of making cookies and other similar data available to third party advertising and analytics providers when you use Thrive Global Services (even though we never receive any money in exchange), we are required to disclose those practices here.

Notices to California Residents

Your California Privacy Rights – California Consumer Privacy Act (“CCPA”)

If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), beginning January 2020 you have certain rights with respect to that information. In particular, you have a right to request that we provide you with the following information:

The categories and specific pieces of personal information we have collected about you.
The categories of sources from which we collect personal information.
The purposes for collecting, using, disclosing, or selling personal information.
The categories of third parties with which we share or disclose personal information.
The categories of personal information disclosed about you for a business purpose
The categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for the categories of third parties to which the personal information was sold and the business or commercial purpose for selling personal information.

You also have a right to:

Receive explicit notice of further sale of personal information about a consumer that has been sold to a third party by a business and an opportunity to exercise the right to opt-out of such further sale;
Opt-out from the sale of personal information, which you can exercise by visiting our section above entitled “California’s Do Not Sell My Info Law”;
Request that we delete personal information under certain circumstances, subject to a number of exceptions;
Not be discriminated against for exercising rights set out in the CCPA.

How to Exercise Your Rights Under CCPA

To exercise your rights under CCPA, please send an email to [email protected].

A California resident who has provided Personal Data, as defined under California Civil Code section 1798.83, to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Data was disclosed in the preceding calendar year, as well as a list of the categories of Personal Data that were disclosed. California Customers may request further information about our compliance with this law by emailing [email protected] Please note that we are required to respond to one request per California Customer each year, and we are not required to respond to requests made by means other than through this email address.

Children

The Services are not directed to EU data subjects who are children who are under the age of 16. Thrive does not knowingly collect Personal Data from children who are under 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases

PUBLICLY POSTED INFORMATION

This Privacy Policy shall not apply to any information you post to the public areas of the Services. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.

CHILDREN

The Services are not directed to children who are under the age of 13. Thrive does not knowingly collect Personal Data from children who are under 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.

LINKS TO OTHER WEBSITES

The Site and the App may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media services such as Facebook or Twitter (“Social Media Services”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.

COOKIES

We use cookies and other technologies to operate and administer our Services, make it easier for you to use the Services during future visits and gather usage data on our Site or App.

What Are Cookies? A “cookie” is a piece of information sent to your browser by a website you visit. By choosing to use our the Site after having been notified of our use of cookies in the ways described in this Privacy Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

Some cookies expire after a certain amount of time, or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Site uses first party cookies (cookies set directly by Thrive) as well as third party cookies, as described below.

Type of Cookies Used. The Site uses the technologies described below.

CATEGORY	DESCRIPTION	WHO SERVES THE TECHNOLOGY	PRIVACY POLICY	OPT OUT
Strictly necessary	We use cookies that are strictly necessary to provide Users with the Services and to use some of their features, such as the ability to log-in and access to secure areas. These cookies are essential for using and navigating the Site. Without these cookies, basic functions of our Site would not work. We also use a cookie to record when a User has agreed to the cookie consent banner.	Thrive	Thrive	Because these cookies are strictly necessary to deliver the Site and the Services, Users cannot refuse them.
Analytics/performance	We use “analytics” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Site works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). These cookies also may allow us to track how often posts on third party websites, such as social media sites, are clicked on.	FacebookGoogle AnalyticsKeyweeParselyQuantcastQuora	Facebook Work Privacy Google Analytics GA Cookie Expiration Keywee Parsely Quantcast Quora Facebook	Google Analytics: Opt-out Browser Add-onKeywee: Users can opt out by disabling cookies for keywee.co.Parsely: Auto Opt-outQuantcast: Opt outQuora: Opt out
Functionality	We use cookies to enhance the performance and functionality of the Site and our services (such as collecting performance and error data). These cookies are not essential for using and navigating the Site. However, without these cookies, certain functionality may become unavailable.	New Relic	New Relic	New Relic: Users can opt out by disabling cookies for newrelic.com and nr-data.net.

Technologies used on the App. We use Mixpanel on the App to track how Users interact with our App to make better informed product decisions. The information collected includes event-based data to determine the value of individual features and demographic information on Users, which may include a User’s locations and device configurations, age and gender. For more information on Mixpanel’s privacy practices, visit https://mixpanel.com/legal/privacy-policy/. We also use Google Analytics, a web analytics service provided by Google Inc., to gather statistics on your use of the App. For more information on Google Analytics privacy practices, read here.

Your Choices. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

Internet Explorer
Mozilla Firefox
Google Chrome
Apple Safari

Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.

If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.

SECURITY

You use Services at your own risk. Thrive takes steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should keep this in mind when disclosing Personal Data to us and take special care in deciding what information you disclose to us over the Internet or send to us via email. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

OTHER TERMS AND CONDITIONS

Your access to and use of the Services is subject to any additional terms applicable to such Services that may be posted on the Services from time to time, including without limitation, Thrive’s Terms and Conditions Agreement at https://www.thriveglobal.com/thrive/terms.

CHANGES TO THE PRIVACY POLICY

The Services and our business may change from time to time. As a result we may change this Privacy Policy at any time and when we do we will post an updated version on this page and change the Last Updated date above, unless another type of notice is required by the applicable law. You should consult this Privacy Policy regularly for any changes. By continuing to use the Services or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.

LEGAL BASIS

This Privacy Policy has been prepared based on provisions of multiple legislations, including the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Health Information Technology for Economic and Clinical Health Act (HITECH), and Art. 13/14 of regulation (EU) 2016/679 General Data Protection Regulation (GDPR).

DATA PROTECTION OFFICER

You may contact the Data Protection Officer at the contact address noted below.

CONTACT US

Please feel free to contact us if you have any questions about Thrive’s Privacy Policy or the information practices of the Services. You may contact us as follows: You may send an email to [email protected] or send mail to:

Thrive Global Holdings, Inc.

Customer Support

599 Broadway

6th Floor

New York, NY 10012

Tel: 1-888-700-8474

If you are an individual in the EU, you can also contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation. Please read the European Union (EU) Users section above to learn how to contact DPR Group.

We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.