This Privacy Policy ("Policy") explains how Renew BKK LLC, an Arizona limited liability company ("Renew BKK," "we," "us," or "our"), collects, uses, discloses, and protects information when you visit www.renewbkk.com (the "Site") or use our travel planning services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, you must not access or use the Service.
This Policy is incorporated by reference into our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.
1. Who we are and how to contact us
Renew BKK LLC is a limited liability company organized under the laws of the State of Arizona, United States.
Mailing address: 1110 W Elliot Rd #1027, Tempe, AZ 85284, United States
Email for privacy inquiries: privacy@renewbkk.com
General contact: hello@renewbkk.com
For all matters relating to this Policy, including data subject requests, complaints, or questions, you may contact us at the email addresses above. We respond to verified requests within 30 days, or sooner where required by applicable law.
2. Eligibility and age restriction
The Service is intended only for individuals who are at least 18 years of age. We do not knowingly collect, use, or disclose personal information from anyone under 18. By using the Service, you represent and warrant that you are 18 or older.
If we become aware that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@renewbkk.com.
3. Geographic scope
The Service is offered to residents of the United States (excluding the State of Washington and the State of Nevada) and Australia. We do not target, solicit, or knowingly accept users from Washington, Nevada, the European Union, the United Kingdom, the European Economic Area, Switzerland, China, or any other jurisdiction outside the United States and Australia. If you reside in Washington or Nevada, please do not submit personal information to us. If you are accessing the Service from any excluded jurisdiction, you do so on your own initiative and are responsible for compliance with local laws.
We do not intend to offer the Service to data subjects protected by the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR, the Washington My Health My Data Act, the Nevada Consumer Health Data Privacy law, or comparable laws in jurisdictions outside the eligible scope described above. To the extent any such individuals nonetheless access the Service, they should not submit personal information to us.
4. Information we collect
4.1 Information you provide directly
When you submit our intake form or otherwise interact with the Service, you may provide:
- Identifiers: first name, last name (optional), email address, country of residence, and (for paid services) billing name and address.
- Trip information: travel timing, length of stay, number of travelers, trip style preferences, lodging preferences, neighborhood preferences, food and activity interests, pacing preferences, and booking style preferences.
- Wellness interest indicators: general categories you indicate interest in exploring during your trip (for example, "longevity," "recovery," or "general wellness"). These categories are general lifestyle indicators and are not health information, medical history, diagnostic data, treatment records, or protected health information.
- Free-text notes: any optional comments you provide in open-ended form fields.
- Communication content: the content of emails, WhatsApp messages, or other messages you send to us, and any voice content shared during a Concierge Call.
- Payment information: for paid services, payment is processed by our third-party payment processor (currently Stripe, Inc.). We do not store full payment card numbers on our systems. We receive only confirmation of payment, the last four digits of the card, the card brand, and the billing zip code.
- Marketing preferences: your email opt-in choice and any subsequent opt-outs.
4.2 What you should not provide
The intake form is not designed to collect sensitive health information. You should not provide medical history, current medications, diagnoses, lab results, mental health information, sexual or reproductive health information, biometric data, genetic data, or any information you would consider protected health information under U.S. or Australian law. If you nonetheless provide any such information, you do so voluntarily and at your own risk, and we will treat that information under this Policy. We do not act as a HIPAA-covered entity or business associate, and the Service is not designed to handle protected health information under the U.S. Health Insurance Portability and Accountability Act.
4.3 Information collected automatically
When you use the Site, we and our service providers automatically collect:
- Device and browser information: IP address, device type, browser type and version, operating system, screen resolution, and language settings.
- Usage information: pages viewed, time spent on each page, click paths, referring URL, exit URL, and session duration.
- Marketing attribution data: UTM parameters, click identifiers (such as Meta's
fbclidparameter), and other campaign tracking identifiers passed to us through URLs. - Cookie and pixel data: as described in Section 7 below.
4.4 Information from third parties
We may receive limited information from:
- Advertising platforms: aggregated and anonymized performance data from Meta Platforms, Inc. and other ad networks where we run paid campaigns.
- Payment processors: transaction confirmation and the limited card information described above.
- Email service providers: delivery, open, and click-through data on emails we send you.
- Analytics providers: aggregated session and behavior data.
5. How we use information
We use the information described above for the following purposes:
- To provide the Service: generate your personalized trip plan, deliver it to you by email, schedule and conduct your Concierge Call (if purchased), and provide ongoing Trip Companion support (if purchased).
- To make warm introductions to clinics or other partners: with your consent, we will email a clinic, hotel, spa, gym, or other lifestyle partner to introduce you. If you gave us permission to share your intake responses with partners (by checking the partner-sharing consent box on our intake form), we may include relevant information from those responses — such as your travel dates, trip length, and the wellness interest categories you indicated — so the partner can prepare for your conversation. If you did not check that box, we will share only your first name and email address. You can withdraw permission for future sharing at any time by emailing privacy@renewbkk.com.
- To communicate with you: send you the trip plan, transactional confirmations, customer service responses, and (if you opt in) marketing emails about Renew BKK.
- To process payments: for paid services, with our payment processor.
- To run, improve, and secure the Service: internal analytics, debugging, fraud prevention, and quality assurance.
- To advertise the Service: measure ad performance, attribute conversions, and serve and optimize ads on platforms including Meta. We may share hashed contact information with advertising platforms to build "lookalike" or matched audiences as described in Section 6.
- To comply with law and protect rights: respond to lawful requests, enforce our Terms of Service, defend ourselves in disputes, and protect the safety, rights, or property of Renew BKK or others.
We do not use information for automated decision-making that produces legal or similarly significant effects on you.
6. How we share information
We do not sell personal information for money. We share information only as described below.
6.1 Service providers
We share information with vendors who process information on our behalf to operate the Service. These include:
- Airtable, Inc.: customer relationship and lead management database.
- Resend, Inc.: transactional and marketing email delivery.
- Stripe, Inc.: payment processing for paid tiers.
- Hotjar Ltd.: session recording and behavior analytics on the Site.
- Meta Platforms, Inc.: advertising performance measurement and audience matching (see Section 7).
- Perspective Software GmbH: intake form delivery.
- Google LLC: business email (Google Workspace) and, where used, analytics.
- Cloud hosting providers (such as Vercel, Inc. or comparable services) for Site delivery.
- WhatsApp / Meta Platforms, Inc.: messaging during Trip Companion service, if purchased.
Each of these providers is contractually obligated to use information only to provide services to us and to maintain commercially reasonable security measures. Their privacy practices are governed by their own policies, which we encourage you to review.
6.2 Clinic and lifestyle partner introductions
When you ask to be introduced to a clinic, spa, gym, hotel, or other lifestyle partner, the information we share with that partner depends on the consent you provided on our intake form.
If you did not check the partner-sharing consent box, we will share only your first name and email address. The partner will reach out to you directly, and any further information you share with them is at your sole discretion.
If you checked the partner-sharing consent box, we may share with the partner the relevant categories of information you provided to us in the intake form, including your travel dates, length of stay, number of travelers, wellness interest categories, trip style preferences, and any specific questions or notes you wrote into the form. We share only what is reasonably necessary for the partner to prepare for your conversation.
Regardless of consent, we will never share your payment information, marketing attribution data, browsing history, or the content of communications you sent us outside the intake form.
Once we transmit information to a partner, the partner becomes an independent controller of that information. The partner's collection, use, and retention of that information is governed by the partner's own privacy policy. We are not responsible for the partner's privacy practices.
You may withdraw consent for future partner sharing at any time by emailing privacy@renewbkk.com or by replying to any communication from us. Withdrawal is forward-looking only and does not retrieve information already transmitted to a partner.
6.3 Affiliate and partner relationships (material disclosure)
Renew BKK has financial relationships with some of the clinics and other businesses we may recommend or introduce you to. Specifically, we may receive an affiliate commission, referral fee, or other compensation if you book or purchase services from certain partners after we introduce you. We disclose these relationships in our Terms of Service and at the point of introduction where required. Compensation does not change the price you pay. We only recommend partners we believe are reputable based on the vetting standards described in our Terms of Service, but we make no guarantee about any partner's services, outcomes, or conduct.
6.4 Legal and protective disclosures
We may disclose information if we believe in good faith that disclosure is necessary to:
- comply with applicable law, regulation, legal process, or governmental request;
- enforce our Terms of Service or investigate potential violations;
- detect, prevent, or address fraud, security, or technical issues;
- protect against harm to the rights, property, or safety of Renew BKK, our users, or others.
6.5 Business transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. Any acquirer will be bound by this Policy or will provide notice of any material change.
6.6 Aggregated and de-identified information
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for any lawful business purpose, including marketing and analytics.
6.7 No sale or "sharing" for cross-context behavioral advertising under California law
We do not sell personal information in exchange for monetary consideration. However, our use of advertising technologies such as the Meta Pixel may be considered "sharing" of personal information for cross-context behavioral advertising under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and may constitute "targeted advertising" under similar laws in other U.S. states. California residents and other applicable U.S. residents may exercise the right to opt out of such sharing as described in Section 9.
7. Cookies, pixels, and similar technologies
7.1 What we use
The Site uses cookies, pixels, web beacons, session recording scripts, and similar technologies to operate the Site, measure usage, attribute marketing performance, and serve advertising.
The technologies in use include:
- Strictly necessary cookies required for Site functionality.
- Analytics cookies and scripts including Hotjar, which records mouse movement, clicks, scroll behavior, and form interactions on the Site.
- Advertising and conversion tracking pixels including the Meta Pixel and the Meta Conversions API. The Meta Pixel collects browsing activity on the Site, including page views, button clicks, and form submissions, and may match this activity to your Meta account if you are logged in to a Meta product.
- Hashed contact information that we may upload to advertising platforms (such as Meta) to build matched, custom, or lookalike audiences. Email addresses we upload are hashed using industry-standard one-way hashing.
7.2 Your choices
You can control cookies through your browser settings. You can opt out of interest-based advertising by visiting:
- Digital Advertising Alliance: optout.aboutads.info
- Network Advertising Initiative: optout.networkadvertising.org
- Meta ad preferences: facebook.com/ads/preferences
Disabling cookies may make parts of the Site unusable. Where required by law (currently not in Arizona, but applicable to certain visitors), we present a cookie consent interface.
8. How we secure information
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include:
- TLS/HTTPS encryption for data in transit on the Site;
- access controls limiting employee and contractor access to information on a need-to-know basis;
- contractual obligations on our service providers requiring reasonable security measures;
- routine review of our security practices.
No security measure is perfect. Despite these safeguards, no system can be guaranteed to be completely secure. We cannot and do not guarantee the security of information transmitted to or from us, and you transmit information to us at your own risk. If we become aware of a breach affecting your personal information, we will notify you as required by applicable law.
9. Your rights and choices
Depending on where you reside, you may have the rights described below. We honor all rights granted by applicable law. To exercise any right, email privacy@renewbkk.com with the subject line "Privacy Request" and provide enough information for us to verify your identity. We will respond within the time required by applicable law (generally 30 to 45 days).
9.1 Rights available to all users
Regardless of where you reside, you may:
- request access to the personal information we hold about you;
- request correction of inaccurate personal information;
- request deletion of personal information;
- opt out of marketing emails by clicking "unsubscribe" in any marketing email or contacting us directly;
- withdraw consent for any future sharing of your information with partners under Section 6.2;
- close your inquiry by asking us to stop processing your information.
9.2 California residents (CCPA/CPRA)
California residents have the right to:
- know what personal information we collect, the sources, the purposes, and the categories of recipients;
- request access to and a copy of personal information collected in the prior 12 months;
- request deletion of personal information, subject to legal exceptions;
- correct inaccurate personal information;
- opt out of "sale" or "sharing" of personal information (we do not sell, but we may "share" through advertising pixels as described in Section 6.7);
- limit the use of sensitive personal information (we do not use sensitive personal information for purposes that would trigger this right);
- non-discrimination for exercising rights.
To opt out of "sharing" for cross-context behavioral advertising, email privacy@renewbkk.com with the subject "Do Not Share My Personal Information" or set your browser's Global Privacy Control signal, which we honor as a valid opt-out request.
You may designate an authorized agent to exercise rights on your behalf. We may require verification of the agent's authority.
9.3 Other U.S. state residents
Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, New Jersey, and other states with comprehensive privacy laws have rights similar to those described in Section 9.2, to the extent those laws apply. We honor verified requests under all applicable U.S. state privacy laws. If your state grants the right to appeal a denied request, you may submit an appeal to privacy@renewbkk.com with the subject "Privacy Appeal."
9.4 Australian residents (Privacy Act 1988)
If you reside in Australia, you have rights under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), including:
- the right to access personal information we hold about you;
- the right to correct inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information;
- the right to opt out of direct marketing.
We handle personal information in accordance with the APPs. If you believe we have breached the APPs, you may complain to us at privacy@renewbkk.com. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).
We may transfer your personal information to recipients in the United States and other countries to provide the Service. By submitting personal information to us, you consent to the transfer, and you acknowledge that recipients in those countries may not be subject to the same privacy protections as in Australia.
9.5 Identity verification
To protect your information, we may require you to verify your identity before responding to a rights request. Verification may include matching information you provide against information already in our records.
10. Data retention
We retain personal information only for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:
- Active leads and customers: retained for the duration of the relationship, plus 24 months after last engagement, then deleted or anonymized.
- Inactive leads with no purchase: intake form responses deleted after 12 months of no engagement; basic record (email, opt-in/opt-out status) retained as needed for suppression and legal compliance.
- Customers who purchased a paid tier: transactional records retained for at least 7 years to comply with U.S. tax and accounting requirements.
- Email marketing suppression list: retained indefinitely to honor opt-outs.
- Hotjar session recordings: retained per Hotjar's defaults, generally 365 days.
After the applicable retention period, we delete, anonymize, or aggregate personal information so it can no longer be associated with you.
11. International data transfers
We are based in the United States. If you reside outside the United States, your information will be transferred to, processed in, and stored in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers. We rely on appropriate safeguards where required by applicable law.
12. Third-party links and services
The Site and the trip plans we deliver may contain links to third-party websites, applications, or services, including the websites of clinics, hotels, spas, restaurants, and booking platforms. We are not responsible for the privacy practices or content of those third parties. Their collection and use of your information is governed by their own privacy policies, which we encourage you to review before engaging with them.
13. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. For material changes, we will provide reasonable notice, including by email if we have your address on file or through a notice on the Site. Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes.
14. Contact and complaints
For all privacy-related inquiries, requests, or complaints:
Email: privacy@renewbkk.com
Mail: Renew BKK LLC, 1110 W Elliot Rd #1027, Tempe, AZ 85284, United States
If you are not satisfied with our response, residents of certain jurisdictions may have the right to complain to a regulator, including the California Privacy Protection Agency (cppa.ca.gov), other applicable U.S. state attorneys general, or the Office of the Australian Information Commissioner (oaic.gov.au).