Retriever

Legal

Privacy Policy

Last updated: 15 June 2026

Who we are

Retriever Labs ("we", "us", "our") operates Retriever, a digital loyalty platform that lets cafés offer loyalty cards in Apple Wallet and Google Wallet (the "Service"), available at retrieverlabs.net. We are based in Australia and handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you are in the EU/UK, we also aim to meet the relevant requirements of the GDPR/UK GDPR.

Information we collect

We collect only what we need to run the loyalty Service:

  • Café owners and staff:name, email address, a hashed password, your café's name and branding (logo, colours), account role, and (only if you choose to add it) your café's address and map coordinates, used to surface the loyalty pass near your shop.
  • Customers (loyalty members): your first name, mobile phone number, your points/stamp balance and transaction history, and (only if you choose to provide it) the day and month of your birthday (never the year).
  • Billing: subscription and payment details for café owners are processed by Stripe. We do not see or store your full card number.
  • Technical: basic security and operational logs, and essential cookies used to keep you signed in.

How we use your information

We use personal information to: create and update your loyalty card in Apple/Google Wallet; let café staff award and redeem points when you visit; show your balance and progress; operate, secure and improve the Service; process café subscriptions; and send essential service emails (such as account confirmation and password resets). Where a café sends an announcement to members who have joined its program, that message is delivered through your saved wallet pass. We do not sell your personal information.

Your QR code and wallet pass

Your loyalty card displays a QR code that encodes only an opaque internal identifier for your account. It does not contain your name, phone number, or any financial information. Café staff scan it to look up your account and update your balance. The pass itself is stored on your device by Apple Wallet or Google Wallet, subject to their own privacy policies. If a café provides its location, the pass may include those coordinates so that Apple Wallet or Google Wallet can surface the card on your device when you are near the shop. This proximity is handled on your device by Apple/Google — we do not collect or track your location.

Who we share it with

We share personal information only with the service providers that help us run the Service, and only as needed:

  • Your café: the café whose program you joined can see your membership, balance and visit history. Each café can only see its own members.
  • Hosting and infrastructure providers: to run the application and to host our database, authentication and file storage.
  • Apple Wallet & Google Wallet: to create and update your pass.
  • A payment processor: to handle café subscription billing (it processes payment details; we do not store full card numbers).
  • An email delivery provider: to send transactional emails such as confirmations and password resets.
  • A mapping/geocoding provider: if a café enters its address, we send that address to a geocoding service to convert it into map coordinates for the wallet pass.

Some of these providers may process data outside Australia. We take reasonable steps to ensure they protect your information consistently with this policy. We may also disclose information where required by law.

How long we keep it

We keep your information for as long as your account (or the café's account) is active and as needed to provide the Service. If you ask us to delete your data, or a café closes its account, we will delete or de-identify your personal information within a reasonable period, except where we must retain it to meet legal or accounting obligations.

Security

We protect your information with measures including encryption in transit and at rest, row-level database security that isolates each café's data, hashed passwords, and restricted internal access. We never store payment card numbers — card payments are handled by our payment processor, Stripe. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information from misuse, loss and unauthorised access.

If something goes wrong (data breaches)

If a data breach occurs that is likely to result in serious harm, we will act to contain and investigate it and, in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), notify the affected individuals and the café, along with the Office of the Australian Information Commissioner (OAIC). We will tell you what happened, what information was involved, and the steps you can take to protect yourself. This commitment is about timely notification and remediation; it does not by itself create a right to monetary compensation. Any liability we have is governed by our Terms of Service and by your rights under the Australian Consumer Law and the Privacy Act, which we do not seek to exclude.

Your rights and choices

You can ask us to:

  • access the personal information we hold about you;
  • correct information that is inaccurate or out of date;
  • delete your account and personal information; and
  • stop receiving café announcements (by removing the pass from your wallet).

To make a request, contact us through our support page. You can also ask the café you joined to update or remove your membership.

Children

The Service is intended for use by café businesses and their adult customers. It is not directed at children, and we do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided us information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date below, and significant changes will be communicated where appropriate.

Contact us

Questions or complaints about privacy? Reach us through our support page. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Back to home