Privacy Policy

Effective date: May 8, 2026

1 Introduction

This Privacy Policy (“Policy”) describes the collection, use, storage, disclosure, and protection of personal information by One Three Workspace LLC, an Illinois limited liability company doing business as Two Thirty (hereafter “Company”, we, us, or our), in connection with your use of our websites, mobile applications, and the physical workspace located on the third floor of 230 West Superior Street, Chicago, Illinois 60654 (the “Workspace”), together with any associated services (collectively, the “Services”).

By accessing or using the Services, including visiting our websites, by registering for access to our Sites (defined below) or our Workspace, or by entering the Workspace, you agree to the terms of this Privacy Policy and you agree to be legally bound by the terms of our Terms of Service (“ToS”) and Mobile Messaging Terms (“MMT”) (collectively the “Use Policies”), which are also posted on our Sites and which are incorporated herein by this reference. If you do not agree with the terms of this Privacy Policy or the other Use Policies, you must immediately discontinue your use of the Services.

This Policy is intended to comply with applicable privacy and data protection laws and recognized best practices in the United States.

2 Definitions

For the purposes of this Policy the following terms have the meanings assigned to them below:

  • “Company” refers to One Three Workspace LLC d/b/a Two Thirty and any successor-in-interest.
  • “User” or “Users” refers to any individual or entity who visits, registers for, or uses the Services, including Site Users, Workspace Users, and Invitees, as further defined in our Terms of Service.
  • “Personal Information” means information that (by itself, or in combination with other information) could be used to identify, or could reasonably be linked, directly or indirectly, to a specific individual or household, as defined under applicable law.
  • “Site(s)” refers to all Company-operated websites, service portals, and mobile applications.
  • “Workspace” refers to the physical coworking space and associated facilities provided by the Company.
  • Sensitive Personal Information” refers to certain kinds of Personal Information that receive additional protections and/or restrictions under applicable laws (e.g., payment information, biometric information). 
  • “Service Partners” means third parties with whom we contract to provide or support elements of our Services, including payment processors, IT providers, and administrative service vendors.

3.0 The Personal Information we Collect

We collect the following categories of Personal Information in the course of providing our Services:

3.1 Information You Provide to Us

  1. Registration and Account Information: Name, contact information (email address, phone number, postal address), username/password, and other identifying information required for account creation.
  2. Workspace Access and Identity Verification: Government-issued identification, photograph, access device identifiers (badges, cards, digital credentials), business affiliations, and associated entity information for Workspace Users and their Invitees.
  3. Payment and Financial Information: Payment card numbers, billing address, and transaction records, processed by third-party payment processors, as described further in Section 4..
  4. Communications: Records of any communications or correspondence with us, including support requests, feedback, or complaints.
  5. Reservation and Booking Information: Details related to bookings, workspace reservations, and use of amenities.

3.2 Information which may be Collected Automatically

  1. Usage Data: IP address, device identifiers, browser type, access times, pages visited, referring URLs, clickstream data, and other technical log information collected through cookies and other tracking technologies.
  2. Security and Access Logs: Data generated by electronic access systems, including entry and exit logs, key card usage, and security camera footage (if applicable; see Section 10).
  3. Security and Access Information:  As described in Section 4, we require user authentication to access the Workspace; and we may receive photographs and confidence scores from security systems associated with Users within the Workspace.  

3.3 Information Which may be Collected from Third Parties

  1. Service Providers: Payment status confirmation, technical support data, and verification information as applicable.
  2. Invitees: Information about Invitees provided by Workspace Users for the purpose of granting access or fulfilling contractual obligations.
  1. Limited Use of Artificial Intelligence (AI) Tools, and Sensitive Personal Information

(a) User Authentication via Mobile Devices; Face ID and Touch ID:  When a user logs in to our Sites with Face ID or Touch ID a biometric scan is conducted, but the scan takes place entirely on the user's mobile device. The Company’s Sites never receives or stores the biometric details of a face scan or a fingerprint scan; we only receive and store a public key, credential ID, and a confirmation of the applicable device type. Certain AI technologies may be used by the mobile device manufacturers as part of this authentication methodology, but those AI tools are not under the control or supervision of the Company, and the mobile device manufacturers are not Service Partners (defined below) of the Company. We do not collect Sensitive Personal Information from these authentication activities. 

(b) Chatbot. We use a chatbot service which is available via our Sites and may also be available in other ways within our Workspace. The Chatbot service is provided by Ortto (for more information about this Service Provider please see the next section). Conversations, visitor identifiers, and messages exchanged are processed and stored by Ortto. 

(c) Site Analytics.  Site analytics services are provided to us by PostHog and by Ortto.  Details follow.  PostHog is used for product analytics (e.g., page views, custom events, user identification, session data). The PostHog AI tool (and data processing) are hosted by PostHog in PostHog’s US data centers (see us.i.posthog.com).  Ortto is used for customer data analysis and lifecycle marketing services.  Ortto stores contact profiles and tracks activity events. The API is hosted by Ortto at api.ap3api.com.  All services provided by these Service Providers are provided pursuant to written agreements with us; all data are managed in accordance with the terms of these Service Providers’ privacy policies; and all AI tools used by these services are solely under the control of these Service Providers. In addition, we use Google Analytics, as described in Section 7, below.  

(d) User Authentication for Payment Processing; Stripe Identity.  In order to process payments our Sites require each User to authenticate their identity and confirm payment details via Stripe Identity (a Service Partner, as defined below). To do so, Users are required to upload a picture of a government ID and to take a selfie. Stripe Identity then performs a comparison between the selfie and the ID photo using facial geometry analysis, and such comparison may include the use of certain AI technologies. However, our Sites do not collect or store images or any biometric information derived from this process (we receive only a verification session ID, status, and timestamp); and any AI tools which may be used by Stripe Identity are not under our control.  

(e) Security Detection - Smart Video Detection Data:  In order to monitor the Workspace and provide appropriate security, we have engaged UniFi (as a Service Provider), which monitors the Workspace through installed video cameras. Through UniFi’s service we may receive and store snapshot images (Base64-encoded) of detected persons, as well as confidence scores. It is possible that UniFi may use AI tools in generating such images and/or scores; However, such tools are not under our control. We treat the images generated by UniFi as Sensitive Personal Information.   

5 Purpose of Collection, and How we Use, Personal Information

We collect, use, and process Personal Information for the following purposes:

  • Account creation, authentication, and management;
  • Provision, administration, and improvement of the Services;
  • Workspace access and security management, including identity verification;
  • Processing payment transactions and managing billing/payment obligations;
  • Responding to inquiries, requests for support, and direct communications;
  • Compliance with legal obligations, including security, health, and safety requirements;
  • Detection and prevention of fraud, unauthorized access, or other harmful activities;
  • Facilitation of reservations, event management, and use of amenities;
  • Internal analytics, statistical, and business operations purposes;
  • Enforcement of our Terms of Service, House Rules, and other usage policies; and
  • Other purposes disclosed to you at the time information is collected or as required by law.
  • We may process aggregated and de-identified information for statistical, analytic, or operational purposes, provided such information cannot reasonably be linked back to an individual.

6 Disclosure of Personal Information

We may disclose Personal Information under one or more of the following circumstances:

  1. To Service Partners: Including but not limited to payment processors, IT service providers, security system vendors, facility management, and other administrative support.
  2. To Affiliates and Authorized Business Partners: For operational purposes related to the delivery and maintenance of Services.
  3. To Invitees and Workspace Users: As necessary to facilitate workspace access, support booking logistics, or satisfy registration requirements.
  4. For Legal, Regulatory, or Safety Reasons: Where required or permitted by law, in response to subpoenas, court orders, lawful requests by public authorities, or to exercise or defend legal claims.
  5. For Business Transfers: In connection with a potential or actual merger, sale of assets, financing, restructuring, or acquisition of all or part of the Company, information may be transferred as part of that transaction.
  6. With Your Consent or at Your Direction: For specific purposes made clear at the point of collection.
  7. As Otherwise Disclosed in this Policy or our Terms of Service.

We do not sell Personal Information or share it for third-party marketing or targeted advertising purposes, unless expressly authorized by you.

7 Cookies and Tracking Technologies

We may utilize cookies, web beacons, and similar technologies to collect information automatically about interactions with our Sites and Services. These technologies help us improve functionality, analyze traffic, customize user experience, and for Site security purposes.

Users may be able to control or limit the use of cookies through their browser settings; however, disabling cookies may affect the availability or function of certain Services.  In addition, depending on your location and applicable laws, we may give you the option of adjusting your preferences with regard to the categories of cookies we use. When this option is available, you can configure your personal settings via options that may be available on the relevant Sites. If you use a different device to access the same Sites, you may need to manage your settings for each separate device you use.  

We differentiate between cookies that are essential for the technical features of the services and optional analytics and advertising cookies.

We may use the following kinds of cookies: 
 

  • Essential and Functional Cookies:  These are cookies that the Sites need to function and/or that enable you to use certain site areas or features. Without these cookies the Sites may not function well and you may not be able to access certain Site features. 
  • Analytics Cookies: Analytics cookies allow us to understand how many visitors we have to our Sites, how many times they visit us, and how many times a user viewed specific pages within our Sites. 
  • Google Analytics and other Analytics Cookies:  For more information about Google Analytics, please refer to "How Google Uses Information From Sites or Apps that Use Our Services", which can be found at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time.
  • Advertising Cookies:  We may work with third-party online or mobile advertising providers that use cookies to help us manage our online and mobile advertising. We (or an advertising service provider acting on our behalf) may place these cookies to display ads or to collect information about how users are using ads. The information collected from these cookies may also allow us to analyze the effectiveness of our advertising.
  • Social Media Cookies:  In certain circumstances we may work with third-party social media services (e.g., LinkedIn, Facebook) to support sign-in functions and/or other social media-related functions (such as LinkedIn follow features).

8 Data Security

We employ industry-standard administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, loss, misuse, disclosure, alteration, or destruction. These measures include:

  • Restricted access to information on a need-to-know basis;
  • Encryption of information in transit and, where appropriate, at rest;
  • Monitoring and audit controls on our systems;
  • Access controls for physical spaces; and 
  • Regular review and update of our security processes.

Despite our efforts, no security measure or network is entirely immune from compromise. You are responsible for maintaining the confidentiality and security of your account credentials and access devices, and for notifying us immediately of any suspected unauthorized activity.

9 Data Retention

We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to enforce our agreements, and to resolve disputes. Retention periods may vary depending on the type of information and applicable requirements. Upon termination of your account or end of your use of Services, your information may be deleted or anonymized in accordance with our records management policies, unless further retention is required by law or contractual obligation.

10 Consumer Rights

Subject to applicable law, you may have the following rights regarding your Personal Information:

  1. Right of Access: You may have the right to request information about the categories and specific pieces of Personal Information we maintain about you, and how it is used and disclosed.
  2. Right to Correction: You may have the right to request correction of inaccurate or incomplete Personal Information maintained by us.
  3. Right to Deletion: You may have the right to request deletion of Personal Information, subject to legal exceptions and our data retention obligations.
  4. Right to Restrict Processing: Where required by law, you may have the right to request that we restrict certain processing of your Personal Information.
  5. Right to Non-Discrimination: We will not deny Services, charge different prices, or provide a lower quality of Service if you exercise any rights under this Policy or applicable law.
  6. Right to Withdraw Consent: Where processing is based on your consent, you may have the right to withdraw that consent at any time, without affecting the lawfulness of processing previously undertaken.
  7. Right to Opt-Out of our Use of your Sensitive Personal Information (in certain instances and if permissible under applicable law): We do not currently use or disclose Sensitive Personal Information for purposes other than those which cannot be limited under applicable law. 
  8. Commercially Recognized Opt-Out Signals (e.g., Global Privacy Controls, Do Not Track): Our Sites may recognize commercially recognized opt-out preference signals (e.g., Global Privacy Controls, Do Not Track, other OOPS signals). Recognition of these signals applies only to the specific device and/or browser that communicates the signal and does not apply to other devices/browsers you use to access our Sites. 
  9. Promotional Emails: You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications. 
  10. Promotional Mailings: If at any time you do not want to receive offers and/or circulars from us, you can remove yourself from our mailing lists by emailing us (our contact information is below) with “NO SNAIL MAIL” in the subject line, along with your name, address and zip code. Please note that our mailings are prepared in advance of their being sent. Although we will remove your name from our mailing list after receiving your request, you may still receive mailings from us that had been initiated prior to your name being removed. 
  11. Promotional Text Messages: If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP”, or as otherwise directed in our Mobile Messaging Terms (MMT).

 

To exercise these rights, please submit your request in writing as detailed in Section 16. We will respond within a reasonable period, not to exceed any deadlines set by applicable law. We may require verification of your identity before fulfilling your request.

Please note that many of the above rights are subject to exceptions and limitations, and that many of the above rights are defined in specific US or international laws. Your rights and our responses will vary based on the circumstances of the request. If you choose to assert any of these rights under applicable laws, we will respond within the time period prescribed by applicable law. In some cases, we may limit or deny your requests to access or delete your information. This may occur because the law permits or requires us to do so, or if we are unable to adequately verify your identity. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. Under local law, you may be entitled to lodge a complaint with your local data-protection authority. We may require use of your Personal Information to provide access to the Sites. Therefore, when you exercise your deletion right, in particular, you may lose access to certain aspects of the Sites that require your Personal Information. 


Depending on where you are located, a person authorized to act on your behalf may make a verifiable request related to your Personal Information. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf. After you make your request, we will use the information we have about you to verify your identity (and if applicable, your authorized agent’s identity). If our verification process is successful, we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, we will attempt to contact you to inform you.

If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of a completed authorized agent designation form indicating that you have authorization to act on the individual’s behalf.

In any circumstances, your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.


Your rights and our responses will vary based on your state or country of residency. Please note that you may be located in a jurisdiction where we are not obligated to fulfill a request. In such a case, your request may not be fulfilled. However, to the extent permitted by applicable law, we may reject requests that are unreasonably repetitive, unduly burdensome, risk the privacy of others, or would be very impractical to honor. Depending on where you are located, you may have the right to lodge a complaint with the relevant supervisory authority.

11 Biometric Information and Sensitive Personal Information

In the event we collect, store, or use biometric identifiers or information (including but not limited to facial recognition, fingerprint scans, or other biometric data for access control), we will comply with the Illinois Biometric Information Privacy Act (BIPA) and:

  • Provide explicit written notice describing the collection, purpose, and retention period for such information;
  • Obtain your written consent before collecting or storing biometric data;
  • Maintain strict data security measures to safeguard biometric data;
  • Not sell or disclose biometric data except as permitted by law or with your consent;
  • Permanently destroy biometric data within three years of your last interaction, unless required by law or valid warrant, subpoena, or court order.

At present we do not collect biometric information or identifiers, as defined in BIPA. We collect only very limited categories of Sensitive Personal Information, such as images which are captured automatically by security cameras in the Workspace, as described further in Section 4, above.  In addition, under certain laws, account credentials themselves can in certain circumstances be considered to be Sensitive Personal Information, and in such circumstances, we will treat account credentials as Sensitive Personal Information. 

If you have any questions or wish to exercise rights with respect to biometric information, contact us using the information in Section 16.

12 Privacy of Minors (Individuals under the Age of 18)

Our Services are intended solely for individuals who are at least eighteen (18) years of age. We do not knowingly collect or solicit Personal Information from anyone under the age of eighteen (18). If you believe that a minor has provided us with Personal Information, please contact us so that we may promptly remove such information from our records.

13 Third-Party Sites and Services

We are not responsible for the privacy practices and/or security practices employed by any third-party website or service, including but not limited to any such sites or services that may be linked to or referred to in any way on the Sites and our Service Partners.

We may provide links to other third-party websites through the Sites solely as a convenience to you. However, such linking does not mean, and should not be interpreted to mean, that we endorse, are affiliated with or make any representations concerning such third-party websites. We neither review, control, nor are responsible for these third-party sites or any content therein. By using such links, you will leave the Sites. Please note that any Personal Information that you provide to such third parties will be governed by their privacy policies, and we have no control over or responsibility for their privacy practices. If you decide to access any of the third-party sites linked to the Sites, you do so entirely at your own risk. We will not be liable for any consequences arising from use of any third-party websites to which the Sites link. We encourage you to review the privacy policies of any third-party website or application for details about what information is collected and how it is used and/or disclosed prior to providing any Personal Information to such Sites.

14 Confidentiality

All Users are required to maintain the confidentiality of any non-public, proprietary, or sensitive information obtained in connection with use of the Services, as further detailed in our Terms of Service.

15 Changes to this Privacy Policy

We may update or amend this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or the nature of our Services. Material changes will be posted on our Sites and, where feasible, notice will be provided in advance to registered Users. The effective date of each version will be clearly indicated at the top of this Policy. Your continued use of the Services after the effective date constitutes your acceptance of any amendments.

16 Exercising Your Rights and Contact Information

To access, correct, or request deletion of your Personal Information, or to submit any inquiries, concerns, or complaints concerning privacy or security, please contact us at:

Two Thirty Support

230 W Superior St, Suite 700

Chicago IL 60654

hello@twothirty.space

312-602-3335

All requests must include sufficient information to identify you and the nature of your request. We may request additional information to verify your identity and will respond in compliance with applicable law.

17 Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Illinois, without regard to its conflict of laws principles. Any disputes regarding this Policy are subject to the dispute resolution provisions set forth in our Terms of Service.

18 Effective Date

This Privacy Policy is effective as of the date set forth above. This Policy supersedes all previous notices or statements regarding our privacy practices with respect to the Services.

19 Dispute Resolution; Binding Arbitration

  1. Claims or Complaints: Upon receipt of any claim or complaint (hereafter a “Claim”) based on any matter addressed by or arising under this Privacy Policy or our privacy practices, we will (if necessary) investigate and respond to the Claim within a reasonable time period. We will attempt to resolve any Claim, in good faith, to the satisfaction of the individual submitting the Claim.  
  2. Binding Arbitration: If the procedures set forth above do not resolve a Claim, then, to expedite resolution and control the cost of any Claim, you agree that any Claim brought by either you or us (individually, a “Party” and collectively, the “Parties”) which is not resolved in accordance with the terms of the preceding section shall be considered to be a “Dispute”, and such Dispute shall be finally and exclusively resolved by binding arbitration in accordance with the terms and conditions set forth in our Terms of Service, which is posted on our Sites.  

For further information or assistance regarding this Privacy Policy, or to submit a written request concerning your Personal Information, please use the contact details provided in Section 16 above.