Dymensions
HomeFeaturesInstructorsPricingBlogAbout

Privacy Policy

Last updated: September 15, 2025

Dymensions Privacy Policy

Effective date: September 15, 2025
Last updated: September 15, 2025

This Privacy Policy explains how Dymensions, Inc. ("Dymensions", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our websites, mobile apps, and related services (collectively, the "Services"). It also describes your choices and rights. By using the Services, you agree to this Policy.

This Policy is intended to be robust and comprehensive while complying with applicable privacy laws as of September 2025, including (where applicable) the EU/UK GDPR, ePrivacy rules, U.S. state privacy laws (e.g., California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, Montana, Tennessee, Texas, Oregon, Delaware, Florida, Nebraska, New Jersey), Canada’s PIPEDA and Québec Law 25, Brazil’s LGPD, and other similar frameworks. If any provision of this Policy conflicts with your non-waivable rights under applicable law, the law controls to the extent of the conflict.

This Policy is not a contract and does not create legal rights beyond those required by law or agreed in our Terms of Service. Capitalized terms not defined here have the meaning in our Terms.

1) Who We Are and Our Roles

  • Controller: For most processing of personal information, Dymensions, Inc. is the "controller" (EU/UK) or "business" (U.S. state laws).
  • Processor/Service Provider: For certain activities (e.g., tools instructors use to communicate with students), we may act as a processor/service provider to those instructors/organizations. In those cases, our processing is governed by our data processing terms with the relevant customer.

Contact: [email protected]
Mailing address: Dymensions, Inc., [Insert street], [City], [State] [ZIP], USA.
EU/UK Representative (if applicable): [Insert contact].
Data Protection Officer (if applicable): [email protected].

2) Scope

This Policy covers personal information processed through the Services. It does not cover third-party websites or services that we do not control, even if linked from the Services.

3) Information We Collect

We collect information in the following categories:

A. Information You Provide

  • Account and profile details (name, email, password, role, bio, experience level, social links).
  • Payment and subscription details processed by our payment partners (e.g., billing address, last 4 digits; we do not store full card numbers).
  • Communications (messages, support requests, feedback, surveys, reviews).
  • Content you upload or create (photos, avatars, videos, comments, playlists, class notes, bookings).
  • Preferences and settings (notifications, marketing choices, privacy settings).
  • Identity verification details (if applicable) such as government ID snapshots (handled via specialized providers, subject to their policies).

B. Information Collected Automatically

  • Device and usage data (IP, device identifiers, browser, OS, language, referrer/UTM, pages viewed, events, timestamps).
  • App telemetry and analytics (performance logs, crashes, session duration, feature usage).
  • Cookies, pixels, SDKs, and similar technologies (see Section 9) for essential functionality, analytics, personalization, and advertising (where applicable and permitted by law).

C. Information from Third Parties

  • Payment processors, fraud prevention and anti-abuse vendors.
  • Single sign-on (SSO) or identity providers (if used).
  • Referral partners, ad networks, analytics providers.
  • Publicly available sources and social profiles (where allowed).

D. Sensitive Information

We do not require you to provide sensitive personal information (e.g., health, biometric, precise geolocation). Do not submit such information unless requested for a lawful purpose and you consent where required. If you use AI or video analysis features that generate body movement or performance metrics, we treat those as non-biometric technical signals unless otherwise designated by law; where such signals could be considered sensitive under local law, we will obtain consent where required and process in compliance with that law.

4) How We Use Information (Purposes and Legal Bases)

We process personal information for:

  1. Service delivery: Provide, maintain, secure, and improve the Services; create and manage accounts; enable classes, bookings, 1‑on‑1 sessions, video streaming, messaging, and community features.
  2. Transactions: Process payments, subscriptions, refunds; maintain transaction records and comply with tax/accounting.
  3. Communications: Send service messages (e.g., confirmations, security alerts), administrative updates, and—if permitted—marketing communications with opt-out options.
  4. Trust, safety, and fraud prevention: Detect and prevent fraud, abuse, spam, and illegal content; enforce Terms; protect our users and the platform. Automated tools may scan content (including audio/video) to maintain safety and integrity.
  5. Personalization and analytics: Understand usage, measure performance, recommend content, and enhance user experience.
  6. Research and development: Develop new features, including AI-enabled movement analysis, personalization, and quality improvements. We may use de-identified and aggregated data for any purpose.
  7. Legal compliance and defense: Comply with legal obligations and respond to lawful requests; establish, exercise, or defend legal claims.
  8. Business operations: Auditing, security monitoring, debugging, and planning; business transfers (e.g., merger, acquisition) consistent with this Policy.

Where required by law, our legal bases include: (a) contract performance; (b) legitimate interests (e.g., to secure the Services, improve features, prevent fraud), balanced against your rights; (c) consent (e.g., certain marketing or certain cookies/SDKs); and (d) compliance with legal obligations.

5) When We Share Information

We share personal information with:

  • Service providers / processors (e.g., hosting, storage, analytics, video, communications, payments, fraud prevention). We require appropriate safeguards and process agreements. A current list of sub‑processors is available at: https://www.dymensions.com/legal/subprocessors (or contact us).
  • Instructors/Organizations using the Services to deliver lessons or manage communities (you choose whether to engage them). They are independent controllers of any personal information they collect or process outside our Services.
  • Affiliates and business partners for permitted purposes consistent with this Policy. Where required, we obtain consent.
  • Legal and safety: To law enforcement or others when required by law or to protect rights, safety, and integrity of users, the public, or the Services.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets; we will continue to protect personal information consistent with this Policy.

We do not sell personal information in the conventional sense. We may "share" personal information for cross‑context behavioral advertising/targeted advertising as defined by certain U.S. state laws; see Section 11 for opt‑out rights.

6) Data Retention

We retain personal information only as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. Typical retention periods (which may vary by law):

  • Account data: for the life of the account and up to 24 months after closure (unless we must keep longer for legal claims, fraud prevention, or compliance).
  • Transaction records and tax-relevant data: 7–10 years.
  • Logs and telemetry: 12–24 months.
  • Support tickets and safety reports: 5 years or longer if legally required.
  • Backups: retained for limited windows and then deleted or overwritten per schedule.

We may retain and use de-identified or aggregated data indefinitely.

7) Security

We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, encryption at rest for key data stores, access controls, role-based permissions, database row-level security where applicable, audit logging, key management, secure software development, and vendor reviews. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8) International Data Transfers

We operate globally and may transfer personal information to countries with different data protection laws. Where required, we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs), UK Addendum, and/or participation in recognized transfer frameworks. We assess transfers and apply supplementary measures as needed.

9) Cookies, Pixels, and SDKs

We use first- and third‑party cookies/SDKs for: (a) essential functionality; (b) analytics and performance; (c) personalization; (d) advertising/retargeting where permitted. You can manage preferences in our cookie/settings center and via browser/device controls. Where required, we obtain consent before setting non-essential cookies.

  • Do Not Track (DNT): We do not respond to DNT signals, but we recognize Global Privacy Control (GPC) signals for applicable U.S. state law opt‑out rights (see Section 11).

10) Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, receive a portable copy, withdraw consent, and lodge a complaint with a supervisory authority. You can submit requests through our Privacy Request form at https://www.dymensions.com/privacy/requests or by emailing [email protected]. We may verify your identity and may deny or limit requests as permitted by law (e.g., when disclosure would adversely affect others’ rights, trade secrets, or legal obligations). If we act as a processor/service provider for an instructor or organization, we will direct you to contact that controller.

11) U.S. State Disclosures (CPRA/CPA/CTDPA/VCDPA/UCPA and others)

Categories Collected and Disclosed

In the past 12 months we collected the following categories (examples): identifiers; customer records; commercial information; internet activity; approximate geolocation; inferences; audio/visual content you provide; and professional or education information you submit. We disclose these to service providers/processors and—in limited cases—to business partners, to prevent fraud, or to comply with law.

Sale/Share/Targeted Advertising

We do not sell personal information for money. We may “share” personal information for cross‑context behavioral advertising/targeted advertising. You may opt out by using our "Do Not Sell or Share My Personal Information" link or enabling a recognized GPC signal.

Sensitive Data

We do not use or disclose sensitive personal information for inferring characteristics or for purposes other than those allowed by law. Where required, we obtain consent and/or provide additional controls.

Minors

We do not knowingly sell or share personal information of consumers under 16. If we learn we have done so, we will cease and honor applicable rights.

Non‑Discrimination

We will not discriminate against you for exercising your rights.

12) Children’s Privacy

The Services are not directed to children under 13. If you are a parent or guardian and believe your child provided personal information, contact us to request deletion. For users between 13–16 in jurisdictions requiring opt‑in for sale/share, we obtain consent as required.

13) AI and Automated Decision‑Making

We may use automated tools (including AI) to support features such as content recommendations, quality/performance analysis, spam/fraud detection, and moderation. We do not make solely automated decisions that produce legal or similarly significant effects without appropriate human involvement where required by law. You may have rights to obtain meaningful information about such processing, to request human review, or to opt out of certain profiling/targeted advertising depending on your jurisdiction.

We may train models using de‑identified and aggregated data. We will not use personal information for model training in ways that would re-identify individuals or violate law; where required, we will obtain consent or provide an opt‑out.

14) Third‑Party Links and Integrations

The Services may link to or integrate third‑party sites or platforms. Your use of those services is governed by their privacy policies and terms, not ours. We are not responsible for third‑party practices.

15) Your Responsibilities

You are responsible for the personal information you submit and for maintaining the confidentiality of your account credentials. Avoid posting sensitive information in public areas. Where you act as a controller (e.g., an instructor collecting information from students), you must comply with applicable laws, provide required notices, and obtain necessary permissions.

16) Changes to This Policy

We may update this Policy to reflect operational or legal changes. We will post the updated Policy with a new "Last updated" date and, where required, provide additional notice or request consent. Your continued use of the Services after the effective date constitutes acceptance of the changes to the extent permitted by law.

17) Contact Us and Complaints

Questions or requests: [email protected]
Mail: Dymensions, Inc., [Insert street], [City], [State] [ZIP], USA
EU/UK: You may contact your local authority; a list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

18) Region‑Specific Supplements

A. EU/UK GDPR

  • Controller: Dymensions, Inc.
  • Legal bases: contract, legitimate interests, consent, legal obligation.
  • Transfers: SCCs/UK Addendum and supplementary measures as needed.
  • Rights: access, rectification, erasure, restriction, portability, objection, and to withdraw consent.
  • Data Protection Officer (if applicable): [email protected].
  • Retention: see Section 6.

B. Canada (PIPEDA / Québec Law 25)

  • We obtain consent for collection, use, and disclosure, subject to recognized exceptions.
  • You have rights to access and correct personal information.
  • Cross-border transfers are subject to contractual and organizational safeguards.

C. Brazil (LGPD)

  • Legal bases include contract, legitimate interests, consent, and legal obligation.
  • You have rights to confirmation, access, correction, anonymization, portability, deletion, information about sharing, and to revoke consent.

D. Australia and Other Jurisdictions

  • We comply with local law requirements where we offer services or otherwise fall within scope. Contact us to exercise your rights.

19) "Do Not Sell or Share" & Preference Center

You can manage cookie/SDK preferences and advertising choices in our preference center, access the “Do Not Sell or Share My Personal Information” link where required, and signal GPC to exercise applicable opt-outs. We will honor such signals in jurisdictions that recognize them.

20) Definitions (Summary)

  • Personal information / personal data: Information that identifies, relates to, describes, or could reasonably be linked with an individual or household.
  • Processing: Any operation performed on personal information.
  • Controller / Business: Entity that determines purposes and means of processing.
  • Processor / Service Provider: Entity that processes personal information on behalf of a controller/business.
  • Sale/Share: As defined in applicable laws (e.g., CPRA) and may include transfers for cross‑context behavioral advertising.

Important Notices

  • We may decline requests where permitted by law (e.g., when requests are excessive, manifestly unfounded, conflict with others’ rights, or we must retain information for legal/regulatory reasons).
  • We may use de‑identified or aggregated information for any lawful purpose and will not re‑identify such data.
  • If you choose to make information public (e.g., in a profile, comment, or class), that information may be visible to others; we are not responsible for how others use it.
  • Where local law requires parental consent for minors, valid parental consent must be obtained before those minors use the Services.

Cookie preferences saved