Retaino policy
Retaino Privacy Policy
Effective 2026-05-14, version 2026-05-14
Retaino Privacy Policy
Last updated: 2026-05-14
This policy explains how Retaino handles personal data when you visit the website, sign in, manage organizations, import customer data, prepare campaigns, send SMS messages, and measure recovered bookings.
Controller and contact
Retaino is the controller for account, website, billing, and product operations data described in this policy. When a customer imports contact, campaign, or booking data, the customer is the controller and Retaino acts as processor under the Data Processing Agreement.
Contact us at hello@retaino.com for privacy requests or questions.
Data we collect
Account and authentication data
We process email addresses, names, organization membership, roles, and authentication identifiers needed to create and protect accounts through Clerk.
Customer and campaign data
We process imported customer records, phone numbers, email addresses, booking metadata, campaign content, consent evidence, opt-out status, and campaign readiness information provided by the customer.
SMS delivery and reply data
We process recipient phone numbers, sender numbers, message bodies, provider message identifiers, delivery status data, inbound replies, opt-out events, timestamps, and related technical metadata needed to send SMS campaigns, handle replies, and maintain suppression records.
Booking and reporting data
We process booking imports, attribution signals, campaign events, recovered booking counts, revenue summaries, and related reporting data.
Payment data
Stripe processes checkout and payment records. Retaino receives the payment status and plan information needed to provide access and account administration.
Technical data
We process request metadata, device and browser information, security logs, error details, and cookie consent records needed to operate and protect the service.
Why we use the data
| Purpose | Legal basis |
|---|---|
| Create and secure accounts and organizations. | Contract and legitimate interests in account security. |
| Provide customer reactivation, SMS campaigns, opt-out handling, and reporting. | Contract or documented customer instructions. |
| Confirm payments and manage plan access. | Contract and legal obligations for payment records. |
| Maintain reliability, investigate errors, and prevent abuse. | Legitimate interests in operating a secure service. |
| Remember cookie choices and optional preferences. | Legal obligation and consent where required. |
Processors
We use service providers for authentication, database hosting, frontend hosting, API hosting, payments, background job orchestration, SMS delivery, inbound reply processing, delivery event processing, and opt-out handling.
Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, export, or object to the processing of your personal data. You may also withdraw consent where processing depends on consent.