Privacy Policy

Your personal data is controlled by PT PMA Sarang Capital Group, a company incorporated under the laws of Indonesia, operating the Platform at getretreated.com.

For all data-related enquiries, contact us at hello@getretreated.com.

We collect the following categories of personal data:

• Account data: name, email address, username, profile photo, bio, and self-reported experience level and location.
• Booking data: retreat bookings, booking status, number of guests, and booking history.
• Payment data: payments are processed by Stripe. We do not store your full card number, CVV, or other sensitive payment credentials. We receive a payment reference and confirmation only.
• Behavioural data: retreats you have saved, tracked, or viewed; quiz responses; recommendations you have interacted with.
• Technical data: IP address, browser type, device information, and pages visited, collected automatically when you use the Platform.

We process your personal data for the following purposes:

• To create and manage your account and authenticate your identity.
• To process Bookings and send booking confirmations and transactional emails.
• To personalise your experience, including retreat recommendations based on your preferences and quiz responses.
• To improve the Platform through usage analytics and user feedback.
• To send marketing communications about retreats and platform updates — only where you have provided consent or where we have a legitimate interest.
• To comply with our legal and regulatory obligations.

We share your data with the following trusted third-party providers who process data on our behalf:

• Stripe — payment processing. Your payment information is handled directly by Stripe under their own privacy policy and PCI-DSS compliance framework.
• Supabase— cloud database and authentication infrastructure. Your account and booking data is stored on Supabase’s servers.
• Resend — transactional email delivery (booking confirmations, notifications). Your email address is shared with Resend solely to deliver emails you have requested or that relate to your Bookings.

Each of these providers operates under their own privacy policy and data processing agreements. We do not sell your personal data to any third party.

We use cookies and similar technologies on the Platform:

• Essential cookies: required for authentication and core Platform functionality. These cannot be disabled without affecting your ability to use the Platform.
• Analytics cookies: used to understand how visitors interact with the Platform and improve our services. These are only set with your consent where required by applicable law.

You can manage cookie preferences through your browser settings. Blocking essential cookies may prevent you from logging in or completing Bookings.

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data, subject to our legal retention obligations.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests, including for direct marketing purposes.

To exercise any of these rights, email us at hello@getretreated.com. We will respond within 30 days.

We retain your personal data for the following periods:

• Booking and payment records: 7 years from the date of the Booking, in accordance with tax and legal obligations.
• Account data: retained for as long as your account is active. Upon receiving a verified deletion request, we will delete your account data within 30 days, except where retention is required by law.
• Technical/analytics data: retained for up to 24 months on a rolling basis.

As an internationally operating platform, your data may be transferred to and processed in countries outside of Indonesia, including within the European Economic Area and the United States (via our third-party service providers). Where such transfers occur, we ensure appropriate safeguards are in place, including reliance on providers who maintain recognised data protection frameworks and contractual protections.

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@getretreated.com and we will delete it promptly.

For any privacy-related questions, requests, or complaints, please contact us at hello@getretreated.com.

If you are an EU/EEA resident and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.