Privacy policy
Moveat is a tracking tool for sports coaches and their clients. This policy explains what we collect, why, and how long we keep it. Body photos, weight and measurements are health data. They belong to the client, they are stored in the European Union, and they are never public. Nothing is sold.
Who publishes Moveat
Moveat (wemoveat.app) is published by Metropole Inv. SRL, a company registered in Belgium under company and VAT number 0633.543.622, with its registered office at Avenue Charles Woeste 119, 1090 Brussels, Belgium. Metropole Inv. SRL also trades under the name Pixel Noir.
For any question about this policy or about your data, write to contact@wemoveat.app. We answer at that address.
Two kinds of data, two different roles
Moveat is used by two kinds of people, and the law does not treat them the same way. Read this section first: everything else follows from it.
For the coach account itself (email address, name, login, subscription and billing), Metropole Inv. SRL is the controller. We decide what is collected and why, and you deal directly with us.
For everything a coach records about a client (questionnaire, check ins, weight, measurements, photos, diet, training programme, messages), the coach is the controller and Metropole Inv. SRL is a processor within the meaning of article 28 of the GDPR. The coach decides which clients to invite, what to ask them and what to write. We only store and display that data on the coach's behalf. We never use it for our own purposes.
In practice: if you are a client and you want to see, correct or delete your data, ask your coach first. If your coach does not answer, write to us and we will help.
Health data and explicit consent
Body photos, weight, body measurements, injuries, allergies and how a client feels are health data. Article 9 of the GDPR treats them as a special category and forbids processing them unless a specific condition applies.
The condition we rely on is the explicit consent of the client, under article 9.2.a of the GDPR. That consent is given to the coach, not to us.
This is the coach's responsibility, and it is not a formality. Before inviting a client, the coach must clearly tell that client which data will be collected, including the three body photos, and obtain a free, specific, informed and explicit consent. The coach must be able to prove that consent, and must allow the client to withdraw it at any time. A coach who invites a client without that consent is in breach of the GDPR and of our terms.
A client may refuse the photos and still be tracked on weight and measurements. Consent can be withdrawn at any time, which stops any further processing and, on request, leads to erasure.
What we collect from a coach
We collect only what is needed to open and run the account.
- Identification: email address and name, plus a password stored as a cryptographic hash by Supabase Auth. We never see the password itself.
- Subscription: plan (free or paid), status, start and end of the current period, and the customer and subscription identifiers issued by Mollie.
- Payment: the payment is made on Mollie. We never receive and never store card numbers.
- Technical logs: connection and error logs needed to keep the service running and secure.
What a coach records about a client
This data is entered by the client or by the coach. The coach is the controller. We list it in full so that nobody is surprised.
- Identity: first name, last name, email address used for the invitation.
- Questionnaire: age, sex, height, current weight, goal, activity level, experience, number of training days, food preferences, number of meals, allergies, disliked foods, injuries, free notes.
- Check ins: date, weight, body measurements, fatigue, stress, motivation, sleep, adherence to the diet and to the training, free comments.
- Photos: up to three body photos per check in (front, side, back).
- Coaching: the diet, the macros and the training programme written by the coach.
- Messages exchanged between the coach and the client inside the application.
- Push subscription, only if the person turned notifications on.
Why we process it, and on what legal basis
Each purpose has one basis, and only one.
- Running the coach account and giving access to the application: performance of the contract, article 6.1.b.
- Charging the subscription and issuing invoices: performance of the contract, article 6.1.b, and legal obligation for accounting records, article 6.1.c.
- Storing and displaying the client's check ins, photos, diet and programme: on the coach's instructions, on the basis of the explicit consent the coach obtained from the client, article 9.2.a.
- Keeping the service secure, preventing abuse, fixing bugs: legitimate interest, article 6.1.f.
- Sending push notifications: consent, given by turning them on.
How photos are stored and served
Photos are the most sensitive thing in this application, and they are treated as such.
They live in a private storage bucket. There is no public URL. They are not indexed by search engines and they cannot be found by guessing an address.
When a coach or a client opens a photo, the server issues a signed link that works for a short time and then stops working. Nobody else can open that link once it has expired.
Only the client who uploaded the photo and the coach who invited that client can see it. No other coach and no other client can, because every database read is filtered by row level security rules that check who is asking.
We do not use photos to train any model. We do not publish them. We do not show them to anyone outside the coach and the client.
Who else touches the data
We use four service providers, and only four. They are our subprocessors within the meaning of article 28.4 of the GDPR, and they act only for the purposes below.
- Supabase: database, authentication and photo storage. The data is hosted in the Frankfurt region, in Germany, inside the European Union.
- Vercel: hosting and delivery of the application itself.
- Mollie: payment and subscription management, established in the Netherlands, inside the European Union.
- Infomaniak: sending of service emails, such as a client invitation or a check-in reminder. Infomaniak is established in Switzerland, a country recognised by the European Commission as offering an adequate level of protection. Only the recipient address and the content of the message pass through it. No photo, no measurement, no health data is ever sent by email.
Where the data is stored
The database, the authentication service and the photo bucket are hosted in the Frankfurt region, in Germany, inside the European Union.
We have set up no transfer of your data outside the European Union.
We do not sell data, we do not rent it, and we do not share it with advertisers. There is no advertising in Moveat.
Our commitments as a processor
For client data, these commitments form the processing agreement between the coach, as controller, and Metropole Inv. SRL, as processor, under article 28 of the GDPR. Accepting the terms of use makes them binding on both sides.
- We process client data only on the documented instructions of the coach. Using the application is the instruction. We do not use client data for our own purposes, ever.
- Everyone with access to the data is bound by confidentiality.
- We apply appropriate technical and organisational security measures, as required by article 32.
- We use only the subprocessors listed above. If we add one, we tell coaches before it starts processing, and a coach who objects may terminate the subscription without penalty.
- We help the coach answer requests from clients who exercise their rights, and we help the coach comply with articles 32 to 36, in particular in the event of a personal data breach.
- We notify the coach without undue delay if we become aware of a personal data breach affecting client data.
- When the contract ends, we delete the client data as described under retention. We keep no copy beyond what the law requires of us.
- We make available the information needed to demonstrate compliance with article 28, and we allow audits carried out by the coach or by an auditor the coach appoints, within a reasonable scope and frequency.
How long we keep the data
We do not keep data because it might be useful one day.
- Active account: the data stays as long as the account exists.
- Deleted account: everything is erased within 30 days of the deletion request.
- Deleted client: the check ins, the diet, the messages and the photos of that client are deleted with the client.
- Photos: they never outlive the client record they belong to.
- Billing records: kept for 7 years, because Belgian accounting law requires it. This retention cannot be waived.
How we protect the data
The measures below are the ones actually in place. We do not claim any certification we do not hold, and Moveat does not use end to end encryption.
- All traffic between your device and Moveat travels over HTTPS.
- Passwords are never stored in clear text. They are hashed by Supabase Auth.
- Data at rest is encrypted by the Supabase infrastructure.
- Row level security rules isolate every coach and every client at the database level. A coach cannot read another coach's clients even if a bug reaches the database.
- Photos sit in a private bucket, served only through short lived signed links.
- Every write goes through a server route that validates the input and checks who is asking. The browser never writes to the database directly.
- API routes are rate limited to slow down abuse.
Cookies
Moveat uses only essential cookies. There are two of them.
The first is the authentication session cookie set by Supabase, which keeps you logged in. Without it, the application cannot know who you are.
The second stores your language preference, so the interface opens in the right language.
There is no analytics cookie, no advertising cookie, no tracker of any kind, and no third party audience measurement. That is why Moveat shows no cookie banner: none is required for strictly necessary cookies.
Push notifications
Push notifications are optional and turned off by default. Nothing is sent unless you explicitly turn them on and your browser or phone asks you to confirm.
If you turn them on, we store the subscription your browser gives us, which identifies the device to notify. It is used only to send Moveat notifications, for example when a check in arrives or a diet is updated.
You can turn notifications off at any time, in the application or in the settings of your browser or phone.
Your rights
Under the GDPR you have the following rights. They are free to exercise, and we answer within one month.
- Access: obtain a copy of the data we hold about you.
- Rectification: correct data that is wrong or out of date.
- Erasure: have your data deleted, subject to our legal duty to keep billing records.
- Restriction: ask us to freeze processing while a point is being settled.
- Portability: receive your data in a structured, commonly used, machine readable format.
- Objection: object to processing based on legitimate interest.
- Withdrawal of consent: withdraw your consent at any time, without affecting what was lawfully done before you withdrew it.
How to exercise your rights
If you are a coach, write to contact@wemoveat.app. We are the controller for your account, so we handle your request ourselves.
If you are a client, your coach is the controller. Ask your coach, who has the tools to correct or delete your data inside the application. If the coach does not answer, or refuses without a reason, write to contact@wemoveat.app and we will act to make the right effective.
We may ask for a reasonable proof of identity before acting, so that nobody else can obtain or delete your data in your name.
Complaints
If you believe your data is being handled unlawfully, you can lodge a complaint with the Belgian supervisory authority: Autorité de protection des données, Rue de la Presse 35, 1000 Brussels, Belgium. Its website is autoriteprotectiondonnees.be.
You can also lodge a complaint with the supervisory authority of the country where you live.
We would rather hear from you first. Write to contact@wemoveat.app and we will try to settle the matter.
Changes to this policy
If we change this policy in a way that matters, for example by adding a subprocessor or a new purpose, we inform coaches by email before the change takes effect.
The date at the top of this page always shows the current version.