Privacy policy

Movoia helps users organize trips together. Current features include trips, participants, invitations, costs, cost shares, payment progress, and settlement suggestions.

Movoia does not replace professional accounting, payment processing, tax advice, or legal review of financial claims.

For sign-in, Movoia processes email addresses and, where provided or stored in the account, names. Sign-in is passwordless through magic links.

Magic-link tokens and session tokens are not stored in plain text, but as hashes. Magic links are time-limited and single-use.

For signed-in sessions, Movoia sets a necessary HTTP-only session cookie named movoia-session. This cookie is required for sign-in and for protecting private trip areas.

When using Movoia, travel titles, destinations, travel dates, roles, memberships, invitations, and, where applicable, an invited person's email address are processed.

Users may enter personal data of other people, such as names or email addresses of fellow travelers, only if they are authorized to do so and may appropriately inform the affected person.

Before an invitation is accepted, Movoia only shows limited information such as trip name, destination, and inviter. Costs, balances, member lists, and internal IDs remain limited to private trip areas.

Movoia processes cost items, amounts, currencies, categories, payment states, cost shares, payment history, and settlement suggestions within a travel group.

These data points may be shared information for several participants. For deletion requests, account-related personal data may therefore be anonymized while shared trip and cost records remain available where other participants rely on them or legitimate interests apply.

Movoia sends emails for magic links and trip invitations. Delivery uses IONOS SMTP with the sender address info@movoia.app.

During email delivery, email address, sending time, system email content, and technical delivery information may be processed. Delivery and log data may also be processed by the email service provider.

Movoia uses necessary storage for sign-in, language, security, and privacy choices.

The movoia-session cookie serves the signed-in session. The movoia-locale cookie stores the preferred language. Cookie and privacy settings are stored locally in the browser so Movoia can respect your choice.

If you consent to analytics, Movoia stores a random visitor ID and a session ID locally in the browser. This is used to collect page views, active visits, referrer domains, coarse device/browser information, and campaign parameters where present. IP addresses are not stored. Marketing remains disabled unless a corresponding service is added and valid consent has been obtained.

When the website is accessed, technical access data may be processed by the web server and the Nginx reverse proxy. This may include IP address, access date and time, requested URL, HTTP status, referrer, and user agent.

Server logs are processed to ensure stability, analyze errors, and prevent abuse. They are regularly deleted after no more than 14 days unless longer retention is required to investigate a security incident.

Movoia is self-hosted in the operator's premises. The application runs as a Next.js application with a PostgreSQL database.

Backups are also stored in the operator's premises and are generally retained for 14 days.

The operator applies appropriate technical and organizational measures, including HTTPS operation through a reverse proxy, access restrictions, regular updates, and separate handling of production data and backups.

Personal data is generally processed within the self-operated Movoia infrastructure.

IONOS is used as the email service provider for system email delivery. Optional usage analytics is processed within the self-operated Movoia infrastructure. No external analytics, marketing, CDN, or monitoring providers are currently used.

Transfers to third countries are not currently intended. If service providers outside the EU or EEA are added in the future, the legal requirements will be reviewed beforehand and this privacy policy will be updated.

Processing for account, sign-in, trips, invitations, cost features, and group organization is generally performed for contract performance or pre-contractual steps under Article 6(1)(b) GDPR.

Security functions, server logs, abuse prevention, application stability, and protection of private trip areas are based on legitimate interests under Article 6(1)(f) GDPR.

Optional usage analytics is performed only on the basis of consent under Article 6(1)(a) GDPR and the rules for access to terminal equipment. If Movoia adds further non-necessary marketing services in the future, this will also only happen after valid consent.

Account, trip, membership, cost, and payment progress data are generally stored as long as the account or trip exists or the data is needed for collaborative travel organization.

Upon a deletion request, account-related personal data will be anonymized or deleted after review. Shared trip and cost records may be retained where other participants rely on them or legitimate documentation interests apply.

Magic links expire after a short time and are marked as used after use. Session data expires after the intended session duration. Analytics raw data is used for short-term website usage analysis and should be deleted or aggregated regularly. Server logs and backups are generally deleted after no more than 14 days unless longer retention is required due to a security incident or legal obligation.

Data subjects have rights under the GDPR, including rights of access, rectification, erasure, restriction of processing, data portability, and objection.

Requests can be sent to the contact address listed above. Appropriate identity verification may be required to process a request.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority.

Movoia currently does not use automated decision-making within the meaning of Article 22 GDPR and does not perform profiling.

This privacy policy will be updated if functions, service providers, technical processing, or legal requirements change. This applies in particular before paid premium features or further non-necessary analytics and marketing services are introduced.