← Back to Home

Privacy Policy

Effective date: 2026-01-13

This Privacy Policy explains how Mova (the “Service”) collects, uses, shares, and protects information when you use the Service.

1. Information We Collect

  • Account information: If you create an account, we process identifiers such as your email address and authentication identifiers provided by our authentication provider (e.g., Firebase Authentication).
  • Learning and usage data: We may collect/apply data you generate while using the Service, such as lesson progress, streaks, XP, preferences (including notification preferences), and feature usage.
  • Analytics data (optional): If you opt in to analytics, we collect usage events to understand feature performance and improve the Service.
  • Device and log data: We may receive device, browser, and log information such as IP address, timestamps, and error logs for security and reliability.
  • Push notification data: If you enable push notifications, we may process a push token (e.g., an FCM token) and your notification preferences.
  • Local storage/offline data: The Service may store data locally on your device (for example, using IndexedDB) and may cache resources using a service worker to enable offline use.

2. Payments

If you purchase a subscription, payments are processed by our third-party payment processor (e.g., Stripe). We do not store your full payment card details. We may receive and store limited payment-related information such as billing status, customer identifiers, and subscription state.

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Service (including offline functionality).
  • Personalize content and improve learning features.
  • Process subscriptions and manage Pro access.
  • Send service-related messages (e.g., account, security, or subscription notices).
  • Send push notifications if you opt in, and respect your notification preferences and browser settings.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (EEA/UK)

If you are located in the EEA/UK, we process personal data under one or more legal bases, such as: (a) performance of a contract (providing the Service); (b) legitimate interests (security, analytics, improvements); (c) consent (where required, e.g., for certain notifications); and (d) compliance with legal obligations.

5. How We Share Information

We may share information with:

  • Service providers: Vendors who help us operate the Service (for example, Firebase for authentication and data storage, and Stripe for payment processing).
  • Compliance and safety: If required by law, or to protect the rights, safety, and security of users, the public, or the Service.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets.

6. Cookies and Similar Technologies

The Service may use cookies and similar technologies. Some are necessary for basic functionality. Others may be used for security, performance, and understanding usage. Depending on your location and settings, optional analytics are only enabled with your consent.

7. Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion of your account data as described below.

8. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission or storage is 100% secure.

9. Your Choices and Rights

  • Access & update: You may access and update certain information through your account.
  • Notifications: You can enable/disable notifications in-app and in your browser/device settings.
  • Deletion: You may request deletion of your account and associated data by contacting us at support@mova.app. Please include the email address associated with your account and the subject line "Data Deletion Request." We will respond within 30 days.
  • EEA/UK rights: Where applicable, you may have rights to access, correct, delete, restrict, object, and data portability, and to withdraw consent.
  • California rights: Where applicable, you may have additional rights. We do not sell personal information as that term is defined under certain privacy laws.

10. Children’s Privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction to consent to data processing). If you believe a child has provided personal data, contact us and we will take appropriate steps.

11. International Data Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date. If changes are material, we will provide reasonable notice.

13. Contact

If you have questions about this Privacy Policy, contact us at support@mova.app.