Privacy Policy

This Privacy Policy describes how Contrast Therapy LLC d/b/a Grotto collects, uses, and shares your personal information when you visit, create an account on, or make a purchase from grottobaths.com or our member portal (collectively, the “Site”). Throughout this Privacy Policy, the terms “Grotto,” “Grotto Baths,” “Grotto Social Baths,” “we,” “us,” and “our” refer to Contrast Therapy LLC and its Grotto business. Our Terms & Conditions are available at https://grottobaths.com/terms-and-conditions.

1. Personal Information We Collect

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.

We collect Device Information using the following technologies:

“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

Additionally, when you make a purchase or attempt to make a purchase through the Site (including booking a session at Grotto), we collect certain information from you, including your name, billing address, shipping address, payment information, email address, and phone number. Payment card information may be collected, processed, and stored by our booking platform and/or payment processors on our behalf, including to keep a card on file for bookings, deposits, no-show fees, memberships, or other authorized charges. Grotto does not directly store or access your full payment card number or card security code. We refer to this information as “Order Information”.

When you create an account or opt in to receive text messages from Grotto, we also collect your mobile phone number, your SMS consent status (transactional and/or marketing), and the date, method, and source of your consent. We refer to this as “Consent Information”.

When you book or use Grotto services or premises, we may collect signed waivers, acknowledgments, releases, safety confirmations, and related records needed to operate the facility and document your agreement to our service and premises rules. We refer to this as “Waiver Information”. Our waivers are not intended to collect medical records. However, we may receive limited health- or safety-related information if you voluntarily disclose it, request an accommodation, report an incident, disclose a limitation to staff, or submit documentation in connection with a cancellation or disability-related request.

When we talk about “Personal Information” in this Privacy Policy, we are talking about Device Information, Order Information, Consent Information, and Waiver Information.

2. How Do We Use Your Personal Information?

We use the Order Information, Consent Information, and Waiver Information that we collect generally to fulfill any orders placed through the Site, operate customer accounts, process bookings and payments, keep a payment card on file where applicable, administer waivers, and provide you with invoices and/or order confirmations. Additionally, we use this information to:

Send you transactional communications about your account and bookings (such as confirmations, reminders, account and security notices, and customer-support replies) by email and, if you have consented, by text message;

Send you marketing communications about events, new experiences, and promotions by email and, if you have separately opted in, by text message;

Screen our orders for potential risk or fraud; and

When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services (including updates regarding Grotto).

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

3. Sharing Your Personal Information

We share your Personal Information with third parties to help us use your Personal Information, as described above.

Shopify: We use Shopify to power our online store. Shopify Privacy Policy.

Shopify Privacy Policy: https://www.shopify.com/legal/privacy

Trybe: We use Trybe (try.be) as our online booking engine for Grotto services, including booking management and card-on-file functionality. Trybe Privacy Policy.

Trybe Privacy Policy: https://try.be/us/privacy

Auth0: We use Auth0 as our identity provider to manage account authentication, email verification, session security, and password security for our member portal.

Auth0 Privacy Policy: https://www.okta.com/privacy-policy/

Auth0 Data Privacy and Compliance: https://auth0.com/docs/secure/data-privacy-and-compliance

SMS / Telephony Provider: We use a third-party messaging provider to deliver text messages and process opt-in and opt-out requests. Mobile phone numbers and SMS consent data are shared with this provider only as needed to operate our messaging program.

Google Analytics: We use Google Analytics to help us understand how our customers use the Site. Google Privacy Policy. You can opt out of Google Analytics here.

Google Privacy Policy: https://policies.google.com/privacy

Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.

4. Behavioral Advertising

We may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. We do not necessarily use every advertising service listed below at all times, but if we use these services, the links below provide ways to learn more or manage your choices. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://thenai.org/about-online-advertising/.

You can opt out of targeted advertising by using the links below:

Facebook / Meta: https://www.facebook.com/ads/settings

Google: https://myadcenter.google.com/

Bing / Microsoft: https://choice.microsoft.com/

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/

5. Do Not Track

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

6. Your Rights

Depending on where you live, including in certain U.S. states, you may have the right to request access to, correction of, or deletion of personal information we hold about you, and to receive information about how we collect, use, and disclose your personal information. You may also have the right to opt out of certain uses or disclosures of personal information, including targeted advertising or the sale or sharing of personal information, as those terms are defined by applicable law. We do not sell mobile phone numbers or SMS opt-in or consent data.

If you would like to exercise a privacy right, please contact us through the contact information below. We may need to verify your identity before completing your request. You may also designate an authorized agent to submit a request where allowed by law. We will not discriminate against you for exercising privacy rights.

If you are a European resident, you also have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

For additional information about U.S. consumer privacy rights, you may visit the Federal Trade Commission’s privacy and security resources at https://www.ftc.gov/business-guidance/privacy-security/consumer-privacy and the California Attorney General’s CCPA resources at https://oag.ca.gov/privacy/ccpa.

7. Data Retention

When you place an order or book a session at Grotto through the Site, we will maintain your Order Information and Waiver Information for our records unless and until you ask us to delete this information, subject to legal, tax, accounting, operational, dispute-resolution, and safety obligations. Mobile numbers and SMS consent records are retained as described in Section 10 (SMS / Text Messaging Program).

8. Minors

Accounts, memberships, and online purchases are not intended for individuals under the age of 18. Minors may access or use Grotto premises or services only if permitted by applicable facility rules, waivers, membership terms, and staff instructions, including any direct-supervision requirements.

9. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. For example, we rely on service providers that support secure authentication, payment processing, booking management, and message delivery. However, no website, platform, or method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

10. SMS / Text Messaging Program

Grotto operates an SMS messaging program for customers and account holders. There are two categories of messages:

Transactional messages (required at account signup): booking confirmations, appointment reminders, account and security notices, and customer-support replies. Transactional SMS consent is required when creating an account so we can operate your account and bookings, but you may opt out later as described below. If you opt out of transactional SMS, some account or booking communications may be sent by email or handled through customer support instead.

Marketing messages (optional): events, new experiences, and special offers. Consent to marketing SMS is not required to create an account, book a session, make a purchase, or receive Grotto services. You can opt in or out at any time.

How we collect consent. During our account signup process, after you create an account and verify your email, you are asked to enter your mobile number and presented with two separate, unchecked-by-default consent checkboxes, one for transactional messages and one for marketing messages. The transactional message checkbox must be checked to complete account signup. The marketing message checkbox is optional. The consent area discloses message frequency, that message and data rates may apply, and instructions to reply STOP to opt out and HELP for help, along with links to our Terms & Conditions at https://grottobaths.com/terms-and-conditions and this Privacy Policy. You opt in to each category by checking the corresponding box and submitting the form.

Your choices. You may opt out of marketing messages at any time by replying STOP to any marketing message or by updating your preferences in your account settings. Opting out of marketing does not end transactional messages. You may opt out of transactional SMS after signup by replying STOP to a transactional message, updating your account settings where available, or emailing hello@grottobaths.com; closing your account will end all messaging. Reply HELP to any message for assistance, or contact hello@grottobaths.com.

Carriers and delivery. Message frequency varies based on your account activity and the categories of messages you have agreed to receive. Message and data rates may apply, depending on your mobile carrier and plan. Carriers are not liable for delayed or undelivered messages.

Sharing of mobile information. We do not sell, rent, or share mobile phone numbers or SMS opt-in or consent data with third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with our SMS / telephony provider for the sole purpose of delivering messages you have consented to receive. No mobile information will be shared with any third parties or affiliates for marketing or promotional purposes under any circumstances.

Retention. We retain mobile numbers and SMS consent records for as long as your account is active and for a reasonable period after closure to comply with legal, regulatory, and dispute-resolution obligations.

11. Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

12. Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at hello@grottobaths.com or by mail using the details provided below:

Grotto [Re: Privacy Compliance Officer] Contrast Therapy LLC 252 NW 29th Street, Miami FL 33127, United States