Privacy Policy

Movento is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and applicable data protection law.

Last updated: April 2, 2026

Data Controller

  • Movento - contact@movento.com
  • For any questions about your data, contact us at: privacy@movento.com
  • You may also exercise your rights via our contact form.

Data We Collect

  • Identity data: first name, last name, email address, password (hashed).
  • Location data: manually entered city for search, GPS points from activity routes.
  • Usage data: activities created and joined, chat messages, language preferences.
  • GPX files: route tracks voluntarily uploaded.
  • Technical data: session cookies, authentication token (httpOnly), IP address (server logs).

Legal Basis for Processing

  • Contract performance (Art. 6.1.b GDPR): account creation and management, participation in activities.
  • Consent (Art. 6.1.a GDPR): analytics cookies, optional communications.
  • Legitimate interest (Art. 6.1.f GDPR): platform security, abuse prevention, service improvement.

Purposes of Processing

  • User account management and authentication.
  • Organisation and display of sporting activities.
  • Push notifications (with your consent on mobile).
  • Platform improvement through anonymised usage analysis.
  • Compliance with legal obligations.

Data Retention

  • Account data: retained until you delete your account.
  • Activities and messages: deleted in cascade upon account deletion.
  • Server logs: maximum 90 days.
  • You can delete your account at any time from your profile.

Data Sharing

  • We never sell your data to third parties.
  • Hosted on OVH VPS (France, EU) data stored in Europe.
  • Push notifications via Expo / Firebase Cloud Messaging (transfers outside the EU covered by EU standard contractual clauses).
  • Google OAuth authentication: subject to Google's Privacy Policy.

Your GDPR Rights

  • Right of access: obtain a copy of your data (Art. 15).
  • Right to rectification: correct inaccurate information (Art. 16).
  • Right to erasure: delete your account and all your data (Art. 17), available in your profile.
  • Right to data portability: receive your data in a structured format (Art. 20), contact us.
  • Right to object and restriction of processing (Art. 21-22) - contact us.
  • Right to lodge a complaint with your national supervisory authority.

Cookies

  • Essential cookies: authentication session (httpOnly, required for operation).
  • Preference cookies: selected language (stored locally).
  • Analytics cookies: only with your explicit consent via the banner.
  • You can change your preferences at any time by clicking 'Manage cookies' in the footer.

Security

  • JWT tokens stored in httpOnly cookies (not accessible via JavaScript).
  • Passwords hashed with bcrypt.
  • Communications encrypted via HTTPS/TLS.
  • No absolute guarantee is possible, we will notify you without delay in the event of a data breach.