RELOAD

Privacy Policy

Effective date: 15 February 2026

PT Pelangi Bahagia Indonesia ("RELOAD", "we", "our", "us") operates the RELOAD Sanctuary mobile application and web platform ("Service"). This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

  • Account information: name, email address, phone number, password (stored hashed), date of birth, member ID.
  • Membership and gym data: passes purchased, class bookings, attendance records, billing history — synchronized from GymMaster.
  • Order data: items ordered, table number, order history, dietary preferences, BYO meal customizations.
  • Payment metadata: payment method, transaction ID, amount, timestamps. We do NOT store full card numbers — payment is processed by certified processors (QRIS, BCA VA, BRI VA, Kredivo, Stripe, ESB POS).
  • Device and usage data: device type, operating system, app version, IP address, language preference, push notification token, anonymous interaction analytics.
  • Communications: messages you send to support, feedback submissions, ratings.
  • Photos: optional profile photo when uploaded by you.

2. How We Use Your Information

  • To provide, operate and maintain the Service (process orders, manage memberships, book classes).
  • To process payments and prevent fraud.
  • To send transactional emails (order confirmations, receipts, booking reminders) via Resend.
  • To send push notifications about your orders and bookings (with your consent).
  • To improve the Service via aggregated, anonymized analytics.
  • To comply with legal obligations (Indonesian PDP Law No. 27/2022, EU GDPR where applicable).
  • To diagnose and fix technical errors via error monitoring (Sentry — optional, no PII).

3. Third-Party Services

  • GymMaster (membership management): receives your name, email, phone, member ID and payment events. https://www.gymmastersoftware.com
  • ESB POS (point-of-sale): receives orders and payment events. https://esb.co.id
  • Resend (email delivery): receives your email address and message body for transactional emails. https://resend.com
  • Sentry (error tracking, optional): receives anonymized error reports. PII is scrubbed before sending. https://sentry.io
  • Payment gateways (QRIS, Stripe, BCA, BRI, Kredivo): receive payment metadata; subject to their own privacy policies.
  • Object storage (Emergent): hosts uploaded files (profile photos, attachments) under encrypted access.

4. Data Storage, Security & Retention

  • Data is stored on encrypted MongoDB Atlas servers with TLS in transit and AES-256 at rest.
  • Passwords are stored using industry-standard hashing (bcrypt/scrypt) — we never store plaintext passwords.
  • Order history is retained for 7 years for tax compliance (Indonesian law).
  • Account data is retained while your account is active and up to 12 months after deactivation.
  • You can request earlier deletion at any time via the contact email below.
  • Authentication tokens stored on your device expire automatically and can be cleared by logging out.

5. Your Rights

  • Access: request a copy of all personal data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure ("right to be forgotten"): request permanent deletion of your account and data, subject to legal retention requirements.
  • Portability: receive your data in a machine-readable format (JSON).
  • Restriction: ask us to limit processing of your data.
  • Objection: opt out of marketing communications and analytics.
  • Withdraw consent: revoke consent for push notifications, marketing, or data sharing at any time.
  • To exercise any right, email privacy@reloadsanctuary.com. We respond within 30 days.

6. Children's Privacy

  • The Service is intended for users aged 18 and over. We do not knowingly collect data from children under 18.
  • Gym memberships and classes are restricted to adults per Indonesian fitness regulations.
  • If you become aware that a child has provided us with personal information, please contact us immediately for deletion.

7. Cookies & Local Storage

  • We use localStorage to persist your language preference, cart contents (30-min session), authentication token, and saved preferences.
  • No third-party advertising or tracking cookies are used.
  • You can clear localStorage at any time from your browser settings or by tapping "Logout".

8. International Transfers

  • Your data may be transferred to and processed in countries other than your own (Indonesia, EU, USA) where our service providers are located.
  • We ensure adequate protection via Standard Contractual Clauses (SCC) and equivalent safeguards.

9. Changes to This Policy

  • We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.
  • Material changes will be notified via push notification or email at least 14 days before they take effect.

10. Contact Us

  • Data Controller: PT Pelangi Bahagia Indonesia
  • Registered office: Jl. Suryo No. 32-34, Rawa Barat, Kebayoran Baru, Jakarta Selatan, DKI Jakarta 12180, Indonesia
  • Operating location (RELOAD Sanctuary): Jl. Canggu Padang Linjong No. 4, Canggu, Kuta Utara, Badung, Bali, Indonesia
  • Tax ID (NPWP): 39.365.769.7-012.000 · Business Reg. (NIB): 2106230141206
  • Privacy enquiries: privacy@reloadsanctuary.com
  • For complaints, you may also contact the Indonesian Personal Data Protection Authority (Kementerian Komunikasi dan Informatika).
© 2026 PT Pelangi Bahagia Indonesia · NPWP 39.365.769.7-012.000