Last Revised: January 6, 2021

When you use the Thrive ZP Challenge App (the “App”) owned by Thrive Global Holdings, Inc. (“Thrive Global”), you trust us with your information. We use your information to provide, maintain, protect, and improve the App and App-related services we provide (collectively, the “Thrive ZP Services”), as that term is defined by our Terms of Service found at, including use of the Thrive ZP website, use of the App, phone and email communications with us, social media interactions on our website and other third party websites, and the viewing of our online advertisements, materials, emails, or content. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. 

Users in different regions might be subject to different data protection standards. This document has a section dedicated to European Union consumers and their privacy rights, as well as a section dedicated to California consumers and their privacy rights. 

This Privacy Policy applies to all Thrive ZP Services we provide. Thrive Global provides other products and services in addition to the Thrive ZP Services, which they are covered by a different privacy policy and different terms and conditions

What information we collect

We may collect your personal or contact information, information about your use of the Thrive ZP Services, including your responses and information about your device or platform on which you access the App (together, your “Information”).

  1. Information you provide.Personal and contact Information. When you use the Thrive ZP Services, including when you install the App, contact us, or use the App, we may collect a variety of information about you including personal and contact information or a record of issues you have faced in your use of the Services. 
  2. Use Information. As part of the Thrive ZP Services, we may collect, store, and analyze your Information—including your use of the App, challenge activity and results, and information related to your participation in contests or promotions, whether provided by us or third parties.
  3. Information we get from your use of the Thrive ZP Services. Cookies and other similar technologies. In order to improve and enhance your experience and the overall quality of the Thrive ZP Services, we may use “cookies”, or other similar technologies, to identify your browser or device and keep track of the times you use the Thrive ZP Services. The Thrive ZP website may also use web beacons or cookies to target advertising when you visit third party websites (such as Facebook), but the web beacons and cookies do not transmit personally identifiable information and our website does not collect personally identifiable information. You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note that by doing so, you may not be able to use the full functionality of our website. 
  4. Do Not Track signals. At this time the Thrive ZP website does not respond to Do Not Track (DNT) signals.
  5. Mobile Device Data. We may collect limited information from your mobile device when you use our App, mobile websites, or access the Thrive ZP Services from your mobile browser. Such information may include information related to your activation and use of the App, your mobile device type and operating system version, mobile device ID, mobile advertising IDs, IP addresses or network connections, location information obtained from your IP address or GPS, date and time stamps of your use of the Thrive ZP Services and third party applications, SD card content, and accounts associated with your device.

How we use your Information

We will ask for your consent before using your Information for a purpose other than those set out in this Privacy Policy.

  1. Use to provide Thrive ZP Services. Your Information may be used or disclosed to facilitate the provision of the App or other Thrive ZP Services such as responding to questions or concerns, administering contests or promotions, judging entries, and contacting potential winners.
  2. Use to improve Thrive ZP Services. We may use your Information to improve our App and other Thrive ZP Services, to help solve any issues you might be facing, to offer you tailored content, or to inform you about changes or improvements to the App or other Thrive ZP Services.
  3. Use for client relations, promotions, and marketing. We may use portions of your Information to create promotional materials, advertise the Thrive ZP Services, or provide feedback to our clients or partners.

Disclosure of your Information

We may disclose your Information to trusted third parties, clients, or partners as part of the Thrive ZP Services or during the course of our business. Any disclosure of your Information will comply with the terms of this Privacy Policy. We will ask for your consent before disclosing your Information for a purpose other than those set out in this Privacy Policy.

  1. Disclosure for client relations, promotions, and marketing. As part of the Thrive ZP Services, your Information—including your use of the App, the information you input, and your participation in the promotions of third party advertisers—may be disclosed to third parties including prospective or current clients, which may include your employer. We may also disclose aggregated information about User participation, the number of entries in third party advertisers’ promotions and contests, and User responses to our clients or participating sponsors.
  2. Disclosure by law. We may disclose your Information if required to do so by law, at the request of a third party, or if we believe that disclosure is reasonable to (1) comply with the law, a request or order from law enforcement, or any legal process; (2) protect or defend Thrive Global, or a third party’s rights or property; or (3) to protect someone’s health or safety, such as when harm or violence against any person (including you) is threatened.
  3. Disclosure to protect abuse victims. We reserve the right, but have no obligation to, disclose your Information if we suspect or have reason to suspect that your Information pertains to a party who may be a victim of abuse in any form. Your Information may be disclosed to authorities that we deem appropriate to handle such disclosures, such as law enforcement agencies, child protection agencies, or court officials.
  4. Disclosure to trusted third parties by Thrive Global. We may provide your Information to our affiliates or other trusted businesses or persons if we believe such a disclosure is reasonably required by business needs. For example, we may disclose your Information for external processing or to utilize the services of technology assistants or customer care providers. However, all third parties with access to your Information will comply with the terms of this Privacy Policy and other appropriate confidentiality and security measures.
  5. Disclosure to third party products or advertisers. The Thrive ZP Services, including the App, may enable you to interact with or contain links to third party websites, mobile software applications, advertisements that are delivered directly to you from third party advertisers, and services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the practices or the content of these Third Party Services. Please be aware that the Third Party Services may collect personal information from you, use your IP address to target rewards or promotions and may download cookies to your device (computer or mobile phone). They may also use other technologies which personalize and measure the effectiveness of their ads, promotions, or other services. Cookies from third party advertisers are not covered under this Privacy Policy, nor do we control the practices of third parties. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you chose to interact with or use.

Children’s Privacy

The Thrive ZP Services are not created for children. By using the Thrive ZP Services, including the App, you affirm that you are over thirteen years of age. If you are between the age of thirteen and eighteen years then, prior to using our Services, you must first review the terms of this Privacy Policy with your parent or guardian to make sure that you and your parent or guardian understand its terms and conditions and agree to them.

If you have reason to believe that a child under the age of 13 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.

Updating your Information and Preferences

You may update or delete your account or update your mailing preferences by contacting our support team at We will strive to quickly and efficiently update or delete your Information at your request—unless we have a legitimate business or legal reason to keep that information or unless requests require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Before acting on your request to update or delete your Information, we may ask you to verify your identity.

California Privacy Rights

The California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of their personal information to third parties for their direct marketing purposes. To make such a request, please send an email to (include My California Privacy Rights in the subject line). Please note that we are only required to respond to one request per customer per year.

European Union (EU) Users

Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Data Controller. Thrive Global Holdings Inc. is the data controller for processing Personal Data provided to us through the Services. To find out our contact details, please see the “Contact Us” section below.

You can also contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of your Personal Data. If you want to raise a question to Thrive, or otherwise exercise your rights in respect of your personal data (described below), please contact DPR Group as follows:

  • send an email to;
  • fill in the online form at, or
  • mail your inquiry to DPR Group at the most convenient of the addresses in the table below. Please ensure the post is addressed to ‘DPR Group’ and not to ‘Thrive Global Holdings, Inc.’ directly, to ensure that your communications are received by DPR Group. Please refer clearly to Thrive in your correspondence.
AustriaDPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
BelgiumDPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
BulgariaDPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
CroatiaDPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
CyprusDPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech RepublicDPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
DenmarkDPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
EstoniaDPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
FinlandDPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
FranceDPR Group, 72 rue de Lessard, Rouen, 76100, France
GermanyDPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
GreeceDPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
HungaryDPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary
IrelandDPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland
ItalyDPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy
LatviaDPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
LithuaniaDPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania
LuxembourgDPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
MaltaDPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
NetherlandsDPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
PolandDPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
PortugalDPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
RomaniaDPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania
SlovakiaDPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
SloveniaDPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
SpainDPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
SwedenDPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United KingdomDPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data that we hold about you:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we share your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
    • If we are processing your Personal Data for direct marketing.
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
  • Rights in relation to automated decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Data (including profiling) which produce a significant legal effect on you, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Legitimate Interest 

“Legitimate interest” means our interest in conducting our business, managing and delivering the best Services to you. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted to by law.


The Services are not directed to EU data subjects who are children who are under the age of 16. Thrive does not knowingly collect Personal Data from children who are under 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.

Publicly Posted Information

This Privacy Policy shall not apply to any information you post to the public areas of the Services. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.

Links to Other Websites

The App may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media services such as Facebook or Twitter (“Social Media Services”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.


You use Services at your own risk. Thrive takes steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should keep this in mind when disclosing Personal Data to us and take special care in deciding what information you disclose to us over the Internet or send to us via e-mail. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Participation in Thrive ZP Programs

In addition to the Thrive ZP Services, Thrive may offer certain programs for Thrive ZP users to participate in, such as webinars, events, stories, etc. (“Thrive ZP Program”). By participating in a Thrive ZP Program, you agree that (i) Thrive may copy, modify, display, distribute, or otherwise use, for any business purpose, any audio, pictures, video, information of or disclosed by you (including any health or personal information of yourself or your family whom you have valid authorization to do so), and/or other materials you submit to Thrive or otherwise are recorded by Thrive during the applicable Thrive ZP Program, and (ii) you release and hold harmless Thrive from any liability or damages that may arise from such use.


Your access to and use of the Services is subject to any additional terms applicable to such Services that may be posted on the Services from time to time, including without limitation, Thrive’s Terms and Conditions Agreement at


The Services and our business may change from time to time. As a result we may change this Privacy Policy at any time and when we do we will post an updated version on this page and change the Last Updated date above, unless another type of notice is required by the applicable law. You should consult this Privacy Policy regularly for any changes. By continuing to use the Site and the App or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.

Privacy Shield

The European Court of Justice (the highest court in the EU) had struck down the Privacy Shield process as a complaint mechanism by which EU personal data may be transferred from the EU to the USA. 

Thrive Global was using Privacy Shield enrolment with the FTC as the method by which we ensured the data transfers are GDPR-compliant, Thrive had to cease to do so and replace it with another mechanism. Thrive is currently using the Standard Contractual Clauses (SCCs) for EU to USA data transfers as an alternative to Privacy Shield.

Data Transfer Outside of the European Economic Area (EEA)

Thrive Global’s main administrative offices are based in the USA and that’s where we process personal information collected through our Apps.  When you provide personal information to us, we request your consent to transfer that personal information to the USA. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our websites and Apps.  We also enter into Standard Contractual Clauses agreement with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

By agreeing to our Privacy Policy, if you are an EU resident, you are also agreeing to the Standard Contractual Clauses as the Data Exporter and Thrive Global as the Data Importer.

International Users

Thrive is based in the United States. If you are accessing our Services from the European Union or other regions with laws governing data collection and use, please note that your Personal Data will be transmitted to our servers in the United States as necessary to provide you with the Services that you requested, administer our contract with you or to respond to your requests as described in this Privacy Policy, and the data may be transmitted to our service providers supporting our business operations (described above). The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. 

Legal Basis

This privacy statement has been prepared based on provisions of multiple legisations, including the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Health Information Technology for Economic and Clinical Health Act (HITECH), and Art. 13/14 of regulation (EU) 2016/679 General Data Protection Regulation (GDPR). 

Data Protection Officer

The DPO shall be the HIPAA Privacy Officer. 

California Consumer Privacy Act (CCPA)

California’s “Do Not Sell My Info” Law

Thrive Global does not sell your personal information for payment or other monetary consideration. However, because California law broadly defines a “sale” of your personal information to include the act of making cookie and other similar data available to third party advertising and analytics providers when you use Thrive Global Services (even though we never receive any money in exchange), we are required to disclose those practices here.

Notices to California Residents

Your California Privacy Rights – California Consumer Privacy Act (“CCPA”)

If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), beginning January 2020 you have certain rights with respect to that information. In particular, you have a right to request that we provide you with the following information:

  1. The categories and specific pieces of personal information we have collected about you.
  2. The categories of sources from which we collect personal information.
  3. The purposes for collecting, using, disclosing, or selling personal information.
  4. The categories of third parties with which we share or disclose personal information.
  5. The categories of personal information disclosed about you for a business purpose
  6. The categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for the categories of third parties to which the personal information was sold and the business or commercial purpose for selling personal information.

You also have a right to:

  1. Receive explicit notice of further sale of personal information about a consumer that has been sold to a third party by a business and an opportunity to exercise the right to opt-out of such further sale;
  2. Opt-out from the sale of personal information, which you can exercise by visiting our section above entitled “California’s Do Not Sell My Info Law”;
  3. Request that we delete personal information under certain circumstances, subject to a number of exceptions;
  4. Not be discriminated against for exercising rights set out in the CCPA.

How to Exercise Your Rights Under CCPA

To exercise your rights under CCPA, please send an email to

A California resident who has provided Personal Data, as defined under California Civil Code section 1798.83, to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Data was disclosed in the preceding calendar year, as well as a list of the categories of Personal Data that were disclosed. California Customers may request further information about our compliance with this law by emailing Please note that we are required to respond to one request per California Customer each year, and we are not required to respond to requests made by means other than through this email address.


By using the Thrive ZP Services, you accept the terms of and agree to comply with this Privacy Policy. We may amend or modify this Privacy Policy at any time, for any reason, without notice or liability. Changes are effective immediately upon posting to the Thrive ZP Services website and App ( It is your responsibility to review this Privacy Policy prior to use of the Thrive ZP Services. Your continued use of the Thrive ZP Services now, or following the posting of any changes, indicates your acceptance.


Please feel free to contact us if you have any questions about Thrive’s Privacy Policy or the information practices of the Services. You may contact us as follows: You may send an email to (include Privacy Policy in your subject line) or send mail to:

Thrive Global Holdings, Inc.

Privacy Team

599 Broadway

6th Floor

New York, NY 10012

Tel: 1-888-700-8474

If you are an individual in the EU, you can also contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation. Please read the European Union (EU) Users section above to learn how to contact DPR Group.

Download Thrive ZP Today

Start your well-being journey today. We’ll be here for you every step of the way.

iOS Download

Android Download