Retriever
Back to homeRetriever

Legal

Privacy Policy

Last updated: 27 June 2026

Who we are

Retriever Labs ("we", "us", "our") operates Retriever, a digital loyalty platform that lets cafés offer loyalty cards in Apple Wallet and Google Wallet (the "Service"), available at retrieverlabs.net. This policy is written for our Nepal-first launch, and we handle personal information in line with the Privacy Act, 2075 (2018) and the right to privacy under the Constitution of Nepal.

Information we collect

We collect only what we need to run the loyalty Service:

  • Café owners, managers and staff: name, email address, a hashed password, account role, branch assignments, invite status, email verification and login security status, and activity recorded through the Service.
  • Café and branch information: café name, branch names, branch addresses, branding (logo, colours and stamp icon), reward rules, poster reward text and, only if the café chooses to add it, map coordinates used to surface the loyalty pass near a branch.
  • Customers (loyalty members): first name, mobile phone number, wallet pass identifiers, brand-wide points/stamp balance, transaction and reward history, branch/staff attribution for scans and redemptions, and, only if you choose to provide it, the day and month of your birthday (never the year).
  • Billing: plan, local payment status, promo-code activation, renewal or expiry dates, receipts or account notes needed to manage billing. If we offer an online payment method, the payment provider handles the payment details; we do not store full card numbers or mobile-wallet credentials.
  • Support and contact: your name, email address, subject, message and related account context when you contact us through the support or contact forms. If you message us on WhatsApp, we may receive your WhatsApp profile name, phone number, message text and any café details you choose to send.
  • Technical: basic security and operational logs, device/browser data and essential cookies used to keep you signed in and protect the Service.
  • Marketing funnel: campaign source, promo code, page path, referrer, browser visitor identifier and button-click events so we can understand whether public campaigns lead to setup, WhatsApp enquiries or signup.

How we use your information

We use personal information to: create and update your loyalty card in Apple/Google Wallet; let café teams award and redeem points when you visit; show your balance and progress; provide branch scanners, branch posters, owner and manager dashboards, staff activity reports and branch movement insights; operate, secure and improve the Service; manage local billing and promo-code activation; respond to support and WhatsApp setup messages; and send essential service emails such as account confirmation, invites, password resets and login security codes. Where a café sends an announcement to members who have joined its program, that message is delivered through your saved wallet pass. We do not sell your personal information.

Your QR code and wallet pass

Your loyalty card displays a QR code that encodes only an opaque internal identifier for your membership. It does not contain your name, phone number, or any financial information. Café staff scan it to look up your account and update your brand-wide balance. Branch posters may show a specific branch name and address, but the QR still joins the same café loyalty program. The pass itself is stored on your device by Apple Wallet or Google Wallet, subject to their own privacy policies. If a café provides branch locations, the pass may include those coordinates so that Apple Wallet or Google Wallet can surface the card on your device when you are near a branch. This proximity is handled on your device by Apple/Google - we do not collect or track your location.

Who we share it with

We share personal information only with the service providers that help us run the Service, and only as needed:

  • Your café: the café whose program you joined can see your membership, brand-wide balance and visit history. Owners can see the full café account; branch managers and team members receive access based on the roles assigned by the owner or a permitted manager. A branch scanner can record which branch and team member handled a scan or redemption. Each café can only see its own members.
  • Hosting and infrastructure providers: to run the application and to host our database, authentication and file storage.
  • Apple Wallet & Google Wallet: to create and update your pass.
  • Payment and billing providers: to handle café billing where applicable, such as online payments, receipts or local payment coordination.
  • An email delivery provider: to send transactional emails such as confirmations and password resets.
  • WhatsApp and Meta:if you choose to contact us through WhatsApp, WhatsApp and Meta process your account information and messages under WhatsApp's own terms and privacy policy. Your messages may also be visible to the people who help manage Retriever support.
  • A mapping/geocoding provider: if a café enters its address, we send that address to a geocoding service to convert it into map coordinates for the wallet pass.

Some of these providers may process data outside Nepal. We take reasonable steps to ensure they protect your information consistently with this policy. We may also disclose information where required by law.

How long we keep it

We keep your information for as long as your account, membership, or the café's account is active and as needed to provide the Service. If you ask us to delete your data, or a café closes its account after confirmation, we will delete or de-identify personal information within a reasonable period, except where we must retain it to meet legal, accounting, security or dispute-resolution obligations. Installed wallet passes may remain on a customer's device until the customer removes them, but they stop receiving Retriever updates after the related account is closed.

Security

We protect your information with measures including encryption in transit, tenant isolation, role-based account and branch access, hashed passwords, optional login security codes, and restricted internal access. We do not store full card numbers or mobile-wallet credentials. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information from misuse, loss and unauthorised access.

If something goes wrong (data breaches)

If a data breach occurs that is likely to result in serious harm, we will act to contain and investigate it and notify the affected café and affected individuals without undue delay, along with any authority that applicable law requires us to inform. We will tell you what happened, what information was involved, and the steps you can take to protect yourself. Any liability we have is governed by our Terms of Service and by your rights under the Consumer Protection Act, 2075 (2018) and the Privacy Act, 2075 (2018), which we do not seek to exclude.

Your rights and choices

You can ask us to:

  • access the personal information we hold about you;
  • correct information that is inaccurate or out of date;
  • delete your account and personal information; and
  • stop receiving café announcements by removing the pass from your wallet or asking the café to remove your membership.
  • stop WhatsApp setup messages by replying in WhatsApp or using WhatsApp's block controls.

To make a request, email us at support@retrieverlabs.net or contact us through our contact page. You can also ask the café you joined to update or remove your membership.

Children

The Service is intended for use by café businesses and their adult customers. It is not directed at children, and we do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided us information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date below, and significant changes will be communicated where appropriate.

Contact us

Questions or complaints about privacy? Email us at support@retrieverlabs.net or reach us through our contact page. If you are not satisfied with our response, you may pursue the matter through the appropriate authority or the courts of Nepal under the Privacy Act, 2075 (2018).