1. Information We Collect

a. Personal Information

When you register for Retenga, we collect:

• Name
• Email address
• Phone number (optional)
• Country and postal code
• Business code (to link you to a merchant)

Birthday Rewards (Optional): If you opt in to birthday rewards, we will collect and store your birth date. This is used only to notify participating merchants when to send you birthday offers. You may opt out and request deletion of your birth date at any time through your account settings.

If you sign in using a social login, we may receive limited profile information (such as name or email) from that service.

b. Transaction and Loyalty Data

When you earn or redeem loyalty points or stamps, we collect:

• Merchant name and location
• Date, time, and total amount of transaction
• Loyalty points or rewards earned/redeemed
• Transaction IDs (from PoS or payment provider)

Retenga does not store or see credit card numbers or other payment details. Payments and authorizations are handled entirely by the PoS system.

c. Device and Usage Information

We collect only what is necessary to operate the app:

• Device model and operating system
• App version and language
• IP address and approximate region (not stored)
• In-app actions (e.g., login, reward claim)
• Diagnostic logs to improve stability

d. No Cookies or Trackers

Retenga does not use cookies, tracking pixels, advertising trackers, or third-party analytics. Push notifications are delivered via Firebase Cloud Messaging (FCM) solely to provide requested loyalty updates and do not include analytics or tracking identifiers.

2. Legal Basis for Processing

Under PIPEDA, GDPR, and UK GDPR, we process your information on the following lawful bases:

• Consent: When you sign up or opt in to communications or birthday rewards.
• Contract: To provide the loyalty services you request.
• Legal Obligation: To comply with applicable laws or tax requirements.
• Legitimate Interest: To improve the Service and prevent fraud, while respecting your privacy.

Under CCPA/CPRA, you may request to know, access, correct, or delete your information, and to opt out of any sale or sharing of data (see Section 9).

3. How We Use Information

• Operate and maintain your loyalty account
• Calculate and track rewards and redemptions
• Send notifications and account updates
• Improve app performance and security
• Support participating businesses in managing their programs
• Comply with legal requirements

Retenga only accesses data from connected PoS platforms (including Clover) that is necessary to provide loyalty and rewards functionality, such as transaction totals, timestamps, and customer identifiers. Data accessed via PoS APIs is used solely to operate the Service for the associated merchant and is not repurposed, sold, or combined with third-party datasets for unrelated uses.

We may use aggregated or anonymized data for statistical purposes. This data cannot identify you personally.

4. Marketing Communications and Consent

At signup, users choose which communications to receive:

• SMS or Email: Sent directly by the participating business, not by Retenga.
• Push Notifications: Sent through Retenga’s FCM infrastructure on behalf of the business.

You may update or withdraw consent at any time via your app settings.

5. Data Security

• Encrypted connections (HTTPS/TLS)
• Secure OAuth and API-key authentication for partner integrations
• Restricted access to databases
• Regular security reviews and staff confidentiality agreements

While we take careful measures to protect your information, no system is completely secure. We cannot guarantee absolute protection but will act promptly and responsibly in the event of any breach.

6. Data Breach Response

If a data breach occurs that poses a risk of harm, we will:

• Notify affected users and the Office of the Privacy Commissioner of Canada (OPC) as required by PIPEDA;
• Where relevant, notify EU/UK authorities under GDPR and affected users within 72 hours;
• Investigate and remediate the breach to prevent recurrence.

7. How We Share Information

• Participating Businesses: To manage loyalty programs and redeem rewards.
  • Businesses can view emails and phone numbers only if you provided them at account creation.
  • Birth dates remain hidden; merchants see only reward claims, not birthday details.
• Payment and PoS Partners: Square, Shopify, Stripe, Lightspeed (X-Series), Clover (for secure transaction syncing).
• Retenga does not access or retrieve data from Clover (or other PoS providers) outside of an authorized merchant relationship.
• Service Providers: Hosting, email, or support services under confidentiality agreements.
• Legal Authorities: When required by law or to protect rights and safety.

We do not sell personal information.

8. Business Transfers

If Retenga is involved in a merger, acquisition, restructuring, or bankruptcy, your information may be transferred to the new owner to continue operations. In such a case, we will notify you and ensure the successor is bound by privacy commitments consistent with this Policy.

9. “Do Not Sell or Share My Personal Information”

Retenga does not sell or share personal information as defined by the CCPA/CPRA. If this ever changes, we will provide a clear opt-out mechanism and update this policy before collecting or sharing such information.

10. Data Retention

• Duration: We retain your data while your account remains active and for a reasonable period afterward to fulfill legal requirements.
• End-User Requests: If you leave a program or close your account, you may request data deletion.
• Anonymized Data: May be retained for statistical purposes. Businesses cannot re-identify you; Retenga can only do so within its secure database as needed for support or compliance.

For merchants, Retenga will provide access to business-related data for a reasonable period following termination to allow for data export, reconciliation, or compliance obligations.

We respond to all access or deletion requests within 30 days.

11. International Transfers

Data may be stored and processed in Canada, the United States, or other jurisdictions where our partners operate. We use contractual and technical measures to maintain protections equivalent to Canadian and European standards.

12. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction or deletion
• Withdraw consent to processing
• Request a copy of your data in portable format
• File a complaint with a supervisory authority

Merchant Data Rights

Merchants using Retenga have the right to access, export, and request deletion of data associated with their business, including customer loyalty records and transaction summaries processed via Clover and other connected PoS platforms.

Upon termination of a merchant’s agreement with Retenga, merchants may request a copy of their data for a reasonable period following termination, subject to legal and regulatory obligations.

Retenga will delete or anonymize merchant data upon request, except where retention is required by law or necessary to resolve disputes or comply with regulatory obligations.

In Canada, complaints may be directed to:
Office of the Privacy Commissioner of Canada (OPC)
https://www.priv.gc.ca

13. Age Requirement

Retenga is intended for users aged 13 and older. During registration, you will be asked to confirm you meet this age requirement.

We do not collect or store your date of birth for age verification purposes.

Birthday Rewards (Optional): If you choose to receive birthday rewards from participating merchants, you may provide your birth date. This information is stored securely and used only to send birthday offers. You may opt out and request deletion of your birth date at any time through your account settings.

We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will promptly delete their account and associated data.

If you are a parent or guardian and believe your child under 13 has created an account, please contact us at [email protected] and we will remove it immediately.

Note: Age-restricted purchases (alcohol, tobacco, cannabis, etc.) are governed by the merchant’s policies and applicable laws. Merchants are responsible for verifying customer age at the point of sale.

14. Changes to This Policy

We may update this Policy to reflect operational, legal, or regulatory changes. The latest version will always be available at retenga.com/privacy-policy with the effective date clearly shown.

15. Contact Us

If you have questions or wish to exercise your rights, please contact us:

Email: [email protected]
Address: Retenga, Calgary, Alberta, Canada