Privacy Policy

Moves Social Inc. ("Moves," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services, including our website, mobile applications, and related features. By using Moves, you consent to the data practices described in this policy.

Account Information

When you create an account, we collect your username, phone number (required for verification), and optionally your email address. Your password is hashed using Argon2 and is never stored in plaintext.

Move & Location Data

When you create or interact with events on the platform ("moves"), we collect details including titles, descriptions, dates, times, and location information such as place names, addresses, and geographic coordinates.

Messages & Chat Data

We store messages you send in group and direct chats, including text content, reactions, poll responses, and image attachments.

Financial Data

When you use cost-splitting features, we store expense amounts, currencies, split details, settlement records, and your Stripe account identifier. Payment processing is handled by Stripe — we do not store your credit card numbers or bank account details. For more information, see Stripe's Privacy Policy.

Google Calendar Data

If you choose to connect your Google Calendar, we request read-only access to import your calendar events into Moves. During the connection process, we also receive your Google account identifier and email address via OpenID Connect. We store imported event details (titles, times, descriptions, locations, and timezones), Google calendar and event identifiers, sync tokens, and OAuth tokens in encrypted form. Imported events remain in Moves even if you later disconnect the integration. You can disconnect Google Calendar at any time from your account settings, which stops future syncing.

We use Google Calendar data to operate the calendar synchronization feature within Moves. We do not use Google Calendar data for advertising, do not share it with third-party advertisers, and do not use it to train generalized AI or machine learning models. Authorized personnel may access Google Calendar data only when necessary to operate, support, debug, or secure the Service, or to comply with law. We do not transfer Google Calendar data to third parties except as necessary to operate the Service.

You can disconnect Google Calendar at any time from your account settings. You may also delete imported events from your calendar within Moves; deleting an imported event removes it from Moves but does not affect the original event in Google Calendar.

Moves' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Push Notification Data

If you enable push notifications in a web browser, we store your browser push endpoint URL, encryption keys (encrypted at rest using AES-256-GCM), and browser/device identifier. If you enable push notifications in the Moves iOS app, we store the Apple Push Notification service (APNs) device token issued by iOS along with a device identifier, so we can deliver notifications to your device. You can disable push notifications at any time from your device or browser settings; doing so stops future delivery and we remove the corresponding token on our next sync.

Cookies & Local Storage

We use a session cookie ("moves_session") for authentication. We also store preferences in your browser, such as theme, calendar display settings, location filters, and your last-used location. Some preferences are stored as cookies and may be sent to our servers to personalize your experience; others are stored only in your browser's local storage.

Usage Data

We collect session information and basic device/browser type for service operation. IP addresses may appear in server logs and infrastructure provider logs (such as our CDN and reverse proxy) for security, abuse prevention, and operational debugging, and may be retained by those providers under their own retention policies. We do not currently use third-party advertising or behavioral analytics services. If we introduce product analytics or error monitoring tooling in the future, we will update this Privacy Policy and describe what is collected.

• Provide, maintain, and improve the Moves platform
• Send you notifications via SMS, push notifications, or email based on your preferences
• Process payments and cost settlements through Stripe
• Synchronize your calendar events when you opt into Google Calendar integration
• Detect and prevent fraud, spam, and abuse
• Comply with legal obligations

Your content is not used to train third-party AI. We do not sell or share your messages, moves, descriptions, images, or other user-generated content with third parties for use in training generalized AI models, such as large language models or image generators. We may use internal machine-learning techniques — including recommendation, ranking, search, personalization, spam and abuse detection, and content categorization — to operate, improve, and secure the Service. Models trained this way are used only within Moves and are not distributed externally.

We rely on third-party service providers to operate Moves. Each provider processes data on our behalf under their own privacy and security policies. Service providers we currently use include, among others:

• Twilio — SMS verification during registration
• Mapbox — Location search and map display
• Google — Calendar synchronization (when opted in)
• Stripe — Payment processing for cost settlements
• Cloudflare — CDN, DDoS protection, and secure tunneling

We may add or change service providers as the Service evolves. We will update this Privacy Policy when we make material changes to the categories of providers we rely on.

We do not sell your personal data. We may share your information only in the following circumstances:

• With the third-party service providers listed above, solely to operate the service
• When required by law, regulation, legal process, or governmental request
• In connection with a merger, acquisition, or sale of assets, in which case you will be notified. Any transfer of data received from Google APIs will only occur with your explicit prior consent

Sessions expire after 7 days of inactivity. Different categories of data are retained under different policies, described below. When you delete your account, your personal profile data is removed from active product-facing systems, except where we retain specific data for safety, legal, financial, evidence-preservation, or operational reasons as described in the subsections that follow.

Profile data removed on account deletion

When you delete your account, the following data is removed from our active database: your username, phone number, email address, hashed password, push notification subscriptions, Google Calendar connection and encrypted OAuth tokens, notifications, presence data, friendships, friend requests, group memberships, and Stripe Connect account identifier. Removal in the active database is processed at the time of deletion; see “Backups” below for the disaster-recovery retention window.

Shared content (retained)

Events you organized, messages you sent, cost-split records, and groups you created are retained after account deletion. This is because other users have a legitimate interest in the history of events they attended, conversations they took part in, and balances that affect their own accounts. Your name is replaced with “Deleted User” and your avatar no longer appears next to this content once your profile is removed. This retention is based on the legitimate interests of other users under GDPR Article 6(1)(f) and the exceptions to the right to erasure under Article 17(3).

If you want specific personal details you included in a free-text message or description to be redacted, contact [email protected]. We will redact on a case-by-case basis.

Uploaded media (retained)

Images you upload to Moves (including avatars, chat attachments, move covers, and group images) are retained in our content storage after account deletion. Once your account is deleted, these images are no longer associated with your profile and are not displayed under your identity, but the underlying files are retained so that shared content remains visible to other users where appropriate, content-hash deduplication continues to function, and any safety reports filed before deletion can still be reviewed. If you want a specific uploaded image removed, contact [email protected] and we will evaluate the request.

Financial records (retained 7 years)

Payment intents, cost records, and settlement history are retained for a minimum of seven years after account deletion for tax, accounting, and legal reasons, and for dispute defense. These records contain amounts, Stripe identifiers, and references to the tombstoned account, but no personal data beyond the account identifier itself. Stripe independently retains financial records under its own retention policy; see Stripe's Privacy Policy.

Moderation and safety records (retained)

If your account has been banned for violating our community guidelines, we retain a limited moderation record that includes a snapshot of your basic profile data (username, email, phone number, creation date) at the time of the ban, along with a keyed cryptographic fingerprint of your phone number. This record survives account deletion and is used to enforce the ban, prevent re-registration by banned users, and defend against legal claims. This retention is based on our legitimate interests in safety and the exceptions under GDPR Article 17(3)(b) and (e). We do not snapshot or retain this data for users who have not been actioned by moderators.

Reports you file or that are filed against you

When you report content or a user, we retain a record of the report including a minimal snapshot of the reported user's visible profile (username and avatar) and the specific content you reported. For reports involving high-severity categories (child safety, credible threats of violence, or illegal activity), we additionally retain the reported user's email address and phone number at the time of the report as evidence for use in moderation and, where applicable, law enforcement response.

Dismissed reports are retained for up to one year, depending on category. Reports in child safety, threats of violence, or illegal activity categories are retained indefinitely. Reports that result in moderation action against the subject user are retained indefinitely as evidence. Reports awaiting review are retained until they have been reviewed.

Evidence preservation for child safety reports

United States federal law (18 U.S.C. § 2258A) requires us to preserve the contents of any report we submit to the National Center for Missing & Exploited Children (NCMEC) CyberTipline, together with associated visual depictions and digital files, for at least one year after submission. When you file a report in a child safety category, our records retain the report itself — including a snapshot of the subject user's profile and the specific content referenced in the report — indefinitely. Uploaded media referenced in such reports is also retained, as described in “Uploaded media” above, so that the evidence remains available for review and law enforcement response. Access to preserved child-safety records is restricted to authorized personnel with a need to know, and such records are not shared with any party except the law enforcement agency designated by NCMEC, or as otherwise required by law.

Legal holds

If your account is subject to an active legal hold (e.g., a subpoena, preservation letter, or ongoing litigation), deletion will be refused until the hold is lifted. You will be notified if this applies to your deletion request.

Backups

Our operational database backups are retained for up to 30 days for disaster recovery purposes. Deleted profile data may continue to exist in backup archives during this window. Backups are only used for disaster recovery, not for operational access, and any deletions are re-applied upon restore. After 30 days, deleted profile data is no longer recoverable from any system we control.

Application logs

Structured application logs may contain internal account identifiers (UUIDs) for debugging and security purposes but do not contain your name, phone number, email, or password. Logs are retained for a limited operational window and are not used for analytics.

• Account deletion: You can delete your account at any time from the Danger Zone section of your account settings. Deletion is processed immediately in our active database and cannot be undone. Profile data is removed from active product-facing systems; shared content, uploaded media, financial records, and the other categories described in Section 5 are retained on the timelines stated there. Backup archives may retain deleted profile data for up to 30 days, as described under “Backups” in Section 5.
• SMS: Reply STOP to opt out of SMS messages at any time
• Google Calendar: Disconnect from your account settings at any time
• Notifications: Manage your notification preferences in settings
• Data access or other requests: For access, correction, portability, or other privacy requests that cannot be handled in-app, contact us at [email protected].

Depending on where you live, you may have additional rights under state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and similar laws in other states. To the extent these laws apply to you, you may have the right to:

• Know what personal information we have collected about you, the categories of sources it was collected from, the purposes for which we use it, and the categories of third parties (if any) we share it with.
• Access a copy of the personal information we hold about you in a portable format.
• Correct inaccurate personal information we hold about you.
• Delete personal information we have collected from you, subject to the retention exceptions described in Section 5.
• Opt out of sale or sharing of your personal information for cross-context behavioral advertising. We do not sell your personal information and we do not share it for cross-context behavioral advertising, so there is nothing to opt out of, but we honor browser-level opt-out signals such as Global Privacy Control where applicable.
• Limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond what is reasonably necessary to operate the Service.
• Non-discrimination. We will not deny you service, charge different prices, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before fulfilling the request. You may designate an authorized agent to submit requests on your behalf; we will require written authorization and may ask you to verify the agent's authority.

Moves is operated from the United States and our infrastructure is primarily located there. If you use the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and in other countries where our service providers operate. These jurisdictions may have data protection laws that differ from the laws of your jurisdiction. Where required, we rely on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses, to protect personal data transferred outside your country.

We implement appropriate technical measures to protect your information, including encrypted storage for sensitive tokens (AES-256-GCM), Argon2 password hashing, HTTPS-only connections, and HttpOnly session cookies. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Breach notification. In the event of a confirmed data breach affecting your personal information, we will notify affected users and, where required, the relevant supervisory authorities in accordance with applicable law (including, where applicable, notification to EU supervisory authorities within 72 hours under GDPR Article 33). Notifications will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps we are taking in response.

If you believe your account has been compromised, contact us immediately at [email protected] so we can help secure it.

Moves is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

Moves contains user-generated content, real-time chat, image sharing, in-person event coordination, and cost-splitting features. If you are between 13 and the age of majority in your jurisdiction, you should use the Service only with the involvement of a parent or guardian. We may add additional safety controls, age-appropriate defaults, or restrictions for users in this age range over time.

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. For material changes that meaningfully affect how we collect, use, or share your data, we will provide additional notice before the changes take effect, for example via in-app notice or email where available. Your continued use of Moves after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at [email protected], or by mail at:

Moves Social Inc.
625 Kenmoor Ave SE, Ste 350, PMB 669136
Grand Rapids, MI 49546-2395
United States