This Privacy Policy explains how One Three Workspace, LLC d/b/a “Two Thirty” (“Two Thirty,” “Company,” “we,” “us,” or “our”) collects, uses, and shares information about you when you use our website, mobile applications, and any other online products and services that link to this Privacy Policy (collectively, the “Services”), or when you otherwise interact with us.

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

‍We collect information you provide directly, including:

Account information:
Name, email address, phone number, password, company name, job role or team, and similar details.

Profile, membership, and booking information:
Membership details, preferred locations, reservations, check-in times, amenities used, and related preferences.

Payment and billing information:
Billing name, billing address, partial payment method details, and transaction history. We use Stripe to process payments and subscriptions and do not store full card numbers on our servers.

Identity verification and security information:
Where applicable, limited identity verification data (such as phone number verification via SMS). We use Twilio for SMS verification codes and messaging.

Communications and support:
The content of messages you send us (email, in-app chat, contact forms, social media) and the contact details you use.

Surveys, feedback, promotions, and events:
Information you provide when you participate in surveys, beta programs, feedback forms, contests, promotions, or events.
‍

1.2 Information We Collect Automatically

‍We collect information you provide directly, including:

Usage data:
Pages or screens viewed, features used, time spent, access timestamps, referring/exit pages, links clicked, and other actions within the Services.

Device and log data:
IP address, browser type/version, operating system, device identifiers, mobile network information, and crash/diagnostic logs.

Network and Wi-Fi information in our spaces:
If you connect to Wi-Fi in a Two Thirty space or a participating location, we may collect technical information such as device identifiers (e.g., MAC address), connection times, bandwidth usage, and similar logs through providers like UniFi (Ubiquiti). This helps us provide secure connectivity and understand network usage.

Occupancy and utilization data:
We use sensors and hardware (for example, from Density) to understand space occupancy, utilization, and traffic patterns. This may include time-based information about when people enter or exit certain areas, usually in aggregated or pseudonymous form.

Location data (no GPS today):
We currently collect approximate location information based on your IP address, Wi-Fi network, and the locations you use (e.g., which building/room you check into).

We do not currently request or use precise GPS-based location from your mobile device.

We and our partners use cookies, pixels, SDKs, local storage, and similar technologies to collect some of this information (see “Cookies and Similar Technologies” below).

1.3 Information We Receive from Third Parties

We may receive information about you from:

Payment and identity providers:
Stripe for payments, subscriptions, and certain identity/anti-fraud checks.

Communication providers:
Twilio (SMS) and SendGrid (transactional email) for sending codes, alerts, and notifications.

Workspace partners and operators:
Information related to your reservations, access, check-ins, Wi-Fi or door access, and usage of their locations.

Analytics and infrastructure providers:
Information from tools like Google Analytics, PostHog, and Density about how you use our Services, which we use to understand and improve performance and user experience.

Content management & website tools:
Webflow, which we use to manage and sync content such as team profiles and public website content.

Authentication providers:
If you sign in with a third-party account such as Sign in with Apple or Google, we may receive certain information from that provider (such as your name and email), subject to their settings and your choices.

Marketing and advertising partners:
Platforms such as Facebook/Meta, Google, and LinkedIn may provide us with campaign and audience insights when we run ads.

3. How We Share Your Information

We do not sell your personal information for money. We may share your information as follows:

‍With workspace partners and operators

To manage your reservations, access, and use of their locations, including identity verification, check-ins, access control, and enforcement of their policies.

With service providers and vendors
We work with third parties who help us operate the Services and our spaces, including:

Stripe – payment processing, subscriptions, and certain identity/fraud checks.
Twilio – SMS verification and messaging.
SendGrid – transactional email delivery.
Last Lock – smart lock integration and digital keys (including Apple Wallet passes).
UniFi (Ubiquiti) – network infrastructure and Wi-Fi analytics.
Density – occupancy and utilization monitoring.
Google Analytics & PostHog – product and website analytics.
Webflow – public website and content management.
Neon (PostgreSQL) – primary data storage.
Replit Object Storage & Google Cloud Storage – file and image storage (as used).

These providers are allowed to access your information only to perform services on our behalf and are required to protect it.

With corporate customers or team administrators
If you use the Services through your employer or another organization, we may share certain information (such as booking history, usage summaries, and utilization reports) with that organization and its administrators, in line with our agreement with them.

With analytics and advertising partners
We may allow analytics partners (e.g., Google Analytics, PostHog) and advertising partners (Facebook/Meta, Google, LinkedIn) to collect or receive information about your use of the Services through cookies, SDKs, and similar technologies. They may use this information to help us understand usage and to provide or measure personalized advertising. In some jurisdictions, this may be considered a “sale” or “sharing” of personal information for cross-context behavioral advertising; see “Your Rights and Choices” below for how to opt out where applicable.

Business transfers
In connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, reorganization, or similar transaction, or in the event of insolvency, bankruptcy, or receivership, your information may be disclosed or transferred as a business asset.

For legal, safety, and protection purposes
- We may disclose information if we believe it is reasonably necessary to:
- Comply with any applicable law, regulation, legal process, or governmental request.
- Enforce our agreements, policies, and terms.
- Protect the rights, property, or safety of Two Thirty, our users, partners, or the public.

Detect, investigate, and help prevent fraud, security, or technical issues.

With your consent
We may share information in other ways if you specifically ask or consent to such sharing.

4. Cookies and Similar Technologies

We and our partners use cookies, web beacons, pixels, local storage, and similar technologies to:

- Keep you signed in and maintain sessions.
- Remember your preferences and settings.
- Analyze usage and performance of our website and app.
- Support and measure marketing and advertising campaigns.

You can usually configure your browser to block or delete cookies. If you do, some features of the Services may not function properly.

Where required by law (for example, in parts of the EU, UK, or certain U.S. states), we may present you with a cookie banner or preferences tool that allows you to manage non-essential cookies and, where applicable, opt out of targeted advertising cookies.

5. Data Retention

We retain personal information for as long as necessary to:
- Provide the Services and support your account and memberships.
- Fulfill the purposes described in this Privacy Policy.
- Comply with legal, tax, accounting, and regulatory requirements.
- Resolve disputes and enforce our agreements.

When information is no longer needed for these purposes, we will delete or anonymize it. If immediate deletion is not possible (for example, because the data is stored in backup archives), we will securely store and isolate it from any further processing until deletion is feasible.

6. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information, including:

‍Access and portability – Request a copy of the personal information we hold about you.

Correction – Ask us to correct inaccurate or incomplete information.

Deletion – Request that we delete certain personal information, subject to legal retention requirements.

Restriction or objection – Request that we limit certain processing or object to processing based on our legitimate interests.

Withdraw consent – Where processing is based on consent, you may withdraw your consent at any time.

Marketing opt-out – Opt out of marketing emails by using the “unsubscribe” link in those messages or by contacting us.

If you are in the European Economic Area, UK, or other regions with similar laws, you may also have the right to lodge a complaint with a data protection authority.

If you are a resident of certain U.S. states (such as California, Colorado, Virginia, and others):

- You may have additional rights, such as the right to know and access, delete, or correct certain personal information; and

- You may have the right to opt out of “selling” or “sharing” personal information for cross-context behavioral advertising.

Where required, we will provide a way to exercise these rights (for example, through a “Do Not Sell or Share My Personal Information” link or equivalent settings).

To exercise any of these rights, please contact us using the details in “Contact Us” below. We may need to verify your identity before processing your request. Some rights may be limited or unavailable depending on your location and the circumstances of the request.

7. Children’s Privacy

The Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without appropriate consent, we will take steps to delete that information.If you believe a child has provided us with personal information, please contact us.

8. Data Security

We use commercially reasonable technical and organizational measures to help protect your personal information against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. This includes protections for our application, databases (such as Neon), and storage systems (such as Replit Object Storage and Google Cloud Storage, as used).

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

9. International Data Transfers

We are based in the United States, and your information may be stored and processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws that are different from those in your country.

Where required by law, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, to protect your information when it is transferred internationally.

10. Third-Party Links and Services

The Services may contain links to or integrations with third-party websites, apps, or services (such as social media platforms, authentication providers, or operator websites). This Privacy Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. We encourage you to review their privacy policies before interacting with them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” at the top of this page and may provide additional notice (such as via email or in-app notification).Your continued use of the Services after any changes become effective means you accept the updated Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you would like to exercise your privacy rights, please contact us at:

‍One Three Workspace, LLC d/b/a Two Thirty
Email: hello@twothirty.space
Attn: Privacy