Retava Logo Retava
Connect with Strava

Privacy Policy

Last updated: January 15, 2026

This Privacy Policy describes how Retava ("we", "us", or "our") collects, uses, and shares your personal information in accordance with the Australian Privacy Principles (APPs), the Privacy Act 1988 (Cth), and the General Data Protection Regulation (GDPR) for our European users.

1. Data Controller

For the purpose of the GDPR, Magenizr (ABN: 47 190 799 505) is the data controller of your personal data. Our registered address is in Bendigo, Victoria, Australia.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, password)
  • Strava data (activities, distance, elevation) when you connect your account
  • Merchant profile details (company name, brand, contact info)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Verify athletic achievements to unlock rewards
  • Communicate with you about updates and offers
  • Anonymize data for platform-wide statistics

4. Information Sharing

We do not sell your personal information. We may share information with merchants only when you unlock a reward, or with service providers who help us operate our Service.

5. Data Security

We take reasonable measures to protect your personal information from loss, theft, misuse, and unauthorized access.

6. Your Rights

Depending on your location (e.g., EU/UK or Australia), you have certain rights regarding your personal data:

  • Access: The right to request copies of your personal data.
  • Rectification: The right to request that we correct any information you believe is inaccurate.
  • Erasure: The right to request that we erase your personal data, under certain conditions.
  • Restrict Processing: The right to request that we restrict the processing of your personal data.
  • Object to Processing: The right to object to our processing of your personal data.
  • Data Portability: The right to request that we transfer the data that we have collected to another organization.

7. Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: For example, when you connect your Strava account.
  • Contract: To provide the services you signed up for.
  • Legitimate Interests: To improve our platform and maintain security.

8. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction. As we are based in Australia, your data will be processed there. We ensure appropriate safeguards are in place for such transfers, such as Standard Contractual Clauses (SCCs) as approved by the European Commission where applicable.

9. Right to Withdraw Consent

Where you have provided your consent for the processing of your data (e.g., connecting your Strava account), you have the right to withdraw this consent at any time. You can disconnect Strava in your account settings or by revoking access within the Strava platform itself.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].