← Back to Home

Privacy Policy

Effective date: 2026-01-13

This Privacy Policy explains how Mova (the “Service”) collects, uses, shares, and protects information when you use the Service.

1. Information We Collect

  • Account information: If you create an account, we process identifiers such as your email address and authentication identifiers provided by our authentication provider (e.g., Firebase Authentication).
  • Learning and usage data: We may collect/apply data you generate while using the Service, such as lesson progress, streaks, XP, preferences (including notification preferences), and feature usage.
  • Analytics data (optional): If you opt in to analytics, we collect usage events to understand feature performance and improve the Service.
  • Device and log data: We may receive device, browser, and log information such as IP address, timestamps, and error logs for security and reliability.
  • Push notification data: If you enable push notifications, we may process a push token (e.g., an FCM token) and your notification preferences.
  • Local storage/offline data: The Service may store data locally on your device (for example, using IndexedDB) and may cache resources using a service worker to enable offline use.

2. Payments

If you purchase a subscription, web payments are processed by Stripe and mobile payments are processed by Apple App Store or Google Play in-app purchases. We do not store your full payment card details. We may receive and store limited payment-related information such as billing status, customer identifiers, and subscription state.

3. How We Use Information

We use information to:

  • Provide, operate, and maintain the Service (including offline functionality).
  • Personalize content and improve learning features.
  • Process subscriptions and manage Pro access.
  • Send service-related messages (e.g., account, security, or subscription notices).
  • Send push notifications if you opt in, and respect your notification preferences and browser settings.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (EEA/UK)

If you are located in the EEA/UK, we process personal data under one or more legal bases, such as: (a) performance of a contract (providing the Service); (b) legitimate interests (security, analytics, improvements); (c) consent (where required, e.g., for certain notifications); and (d) compliance with legal obligations.

5. How We Share Information

We may share information with:

  • Service providers: Vendors who help us operate the Service (for example, Firebase for authentication and data storage, Stripe for web payments, and Apple/Google for mobile payments).
  • Compliance and safety: If required by law, or to protect the rights, safety, and security of users, the public, or the Service.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets.

6. Cookies and Similar Technologies

The Service may use cookies and similar technologies. Some are necessary for basic functionality. Others may be used for security, performance, and understanding usage. Depending on your location and settings, optional analytics are only enabled with your consent.

7. Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion of your account data as described below.

8. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission or storage is 100% secure.

9. Your Choices and Rights

  • Access & update: You may access and update certain information through your account.
  • Notifications: You can enable/disable notifications in-app and in your browser/device settings.
  • Deletion: You may request deletion of your account and associated data by visiting our account deletion page or using the in-app deletion flow in Settings, then Account, then Delete Account. We will respond within 30 days.
  • Data export: You may request a copy of your data in-app from Settings, then Account, then Export Data.
  • EEA/UK rights: Where applicable, you may have rights to access, correct, delete, restrict, object, and data portability, and to withdraw consent.
  • California rights: Where applicable, you may have additional rights. We do not sell personal information as that term is defined under certain privacy laws.

10. Children’s Privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction to consent to data processing). If you believe a child has provided personal data, contact us and we will take appropriate steps.

11. International Data Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date. If changes are material, we will provide reasonable notice.

13. Contact

If you have questions about this Privacy Policy, contact us at support@mova.app.