Privacy Policy

1. Who we are

Movena ApS, registered in Denmark, is the data controller for personal data of our direct users (the people who sign up for an account). For personal data that our customers (moving companies) upload about their own end-customers, Movena acts as a data processor.

Contact: support@movena.io.

2. What we collect

Account data: name, email, password hash, company, role.

Usage data: log files, IP address, browser, pages visited, error reports.

Customer-uploaded data: leads, contacts, addresses, quotes, jobs, files, communication. We process this on behalf of the moving company that uploaded it.

Billing data: handled by our payment processor (Stripe). We store only the minimum needed to associate a subscription with an account.

3. Why we use it

• To provide, maintain, and improve the service.
• To authenticate users and prevent abuse.
• To send service-related emails (quote acceptances, password resets, billing).
• To comply with legal obligations.

We do not sell personal data. We do not use your data to train AI models without explicit consent.

4. Legal basis (GDPR)

We process personal data on the basis of contract performance (delivering the service to you), our legitimate interests (improving the product, security), legal obligations (accounting, tax), and consent where required (e.g. optional marketing).

5. Sharing with subprocessors

We use trusted third parties to operate the service:

• Supabase (database and authentication hosting, EU region).
• Cloudflare (edge compute and CDN).
• Resend (transactional email delivery).
• Stripe (subscription billing).
• Google Maps Platform (address autocomplete and distance calculation).

Each subprocessor is bound by a Data Processing Agreement and processes data only on our instructions. A current list is available on request.

6. International transfers

Data is primarily stored in the EU. Where transfers outside the EU/EEA occur (e.g. through a subprocessor), we rely on EU Standard Contractual Clauses or equivalent safeguards.

7. Retention

Account and customer data is retained for as long as your account is active. After termination, we delete or anonymise personal data within 90 days, except where we are required to retain it longer for legal or accounting reasons (e.g. invoices for 5 years per Danish bookkeeping law).

8. Your rights

Under GDPR you have the right to:

• access the personal data we hold about you;
• request correction or deletion;
• object to or restrict processing;
• data portability;
• withdraw consent where processing is based on consent;
• complain to the Danish Data Protection Agency (Datatilsynet).

To exercise these rights, email support@movena.io. If your request concerns data uploaded by a moving company that uses Movena, we'll forward it to them as the controller of that data.

9. Security

We use industry-standard safeguards: encrypted transport (TLS), encryption at rest, row-level security in the database, role-based access controls, and audit logging. No system is perfectly secure; we'll notify affected users without undue delay if a breach occurs.

10. Cookies

We use only essential cookies required to keep you signed in and remember your preferences. We do not use advertising or cross-site tracking cookies.

11. Changes to this policy

We'll post material changes here and notify account holders by email at least 30 days before they take effect.