Privacy Policy
Last updated: February 7, 2026
GoMovia is built with privacy at its core. We collect only the minimum information needed to provide the Service — no ads, no tracking, no data selling. You can use many features without sharing personal health details, and visitors can access shared plans without creating an account at all.
GoMovia ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform at gomovia.com (the "Service"). By using the Service, you consent to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
We ask for very little personal information. Most fields below are optional, and health filtering conditions are never treated as medical records — they are simple search filters you can change or remove at any time.
| Data Type |
When Collected |
Purpose |
| Full name |
Account registration |
Display name, plan attribution |
| Phone number |
Account registration (required) |
Account identification, login |
| Email address |
Account registration (optional) |
Account recovery, notifications |
| Password |
Account registration |
Authentication (stored as bcrypt hash only) |
| Exercise plans and goals |
Plan creation |
Service functionality |
| Health filtering conditions (fitness level, health considerations) |
Wellness wizard (optional) |
Exercise search filtering and suggestions |
| Professional credentials |
Professional account verification |
Identity verification |
1.2 Information Collected Automatically
| Data Type |
Purpose |
| Device fingerprint (browser type, screen size, timezone) |
Guest session continuity, security |
| IP address |
Rate limiting, abuse prevention |
| Exercise session data (start time, completion, duration) |
Progress tracking |
| Cookies and session tokens |
Authentication, maintaining login state |
1.3 Information We Do NOT Collect
- We do not collect payment or financial information (the Service is currently free).
- We do not collect biometric data.
- We do not track your location via GPS.
- We do not use advertising or analytics trackers (no Google Analytics, no Facebook Pixel, no third-party tracking scripts).
- We do not store medical records or protected health information (PHI). Health filtering conditions are simple search preferences, not clinical data.
- We do not sell or share your personal information with data brokers or advertisers.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Create accounts, manage plans, track exercise sessions, and deliver content.
- Personalize your experience: Offer exercise suggestions based on your goals and filtering conditions.
- Ensure security: Authenticate users, prevent fraud, detect abuse, and enforce rate limits.
- Improve the Service: Analyze aggregate, anonymized usage patterns to enhance features.
- Communicate with you: Send account-related notifications (if you provided an email).
3. How We Share Your Information
We do not sell your personal information. We may share your information in these limited circumstances:
- With your Professional: If you access a plan created by a Professional, they can see your exercise session data (completion, duration) to monitor your progress. They cannot see your password, email, or phone number unless you shared it directly.
- Service providers: We use Supabase for database hosting. Your data is stored in Supabase-managed databases with encryption at rest.
- Legal requirements: We may disclose information if required by law, subpoena, court order, or governmental request.
- Business transfers: If GoMovia is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Guest and Visitor Privacy
Visitors who use the Service with a plan code (without creating an account) should be aware:
- We collect a device fingerprint (a hash derived from your browser settings) to maintain your session. This is not personally identifiable.
- Your exercise session data (completion, timing) may be visible to the Professional who created the plan.
- When a plan expires, your access to that plan's data ends.
- If you create an account later and link the plan, your session history may be associated with your account.
5. Data Security
We implement industry-standard security measures to protect your information:
- Passwords are hashed using bcrypt (a one-way, salted hashing algorithm). We never store plaintext passwords.
- Session cookies are set with HttpOnly, SameSite, and Secure (in production) flags.
- HTTPS is enforced in production with HSTS headers.
- Security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection) are applied to all responses.
- Rate limiting is applied to login and signup endpoints to prevent brute-force attacks.
- JWT tokens are used for API authentication with short expiration times.
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
- Account data: Retained as long as your account is active. You may request deletion at any time.
- Guest session data: Retained for the duration of the plan. After a plan expires, associated guest data may be deleted within 90 days.
- Exercise session data: Retained as long as the associated plan and account exist.
- Server logs: IP addresses in rate-limiting logs are stored in memory only and are not persisted.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your account and associated data.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to the processing of your data in certain circumstances.
To exercise any of these rights, contact us at gomoiva.team@gmail.com. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Opt out of the sale of your personal information (we do not sell personal information).
- Not be discriminated against for exercising your privacy rights.
9. International Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:
- Our legal basis for processing your data is your consent (provided at signup) and the legitimate interest of providing the Service.
- Your data may be transferred to and stored on servers in the United States. By using the Service, you consent to this transfer.
- You have the right to lodge a complaint with your local data protection authority.
10. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at gomoiva.team@gmail.com.
11. Cookies
We use the following cookies:
| Cookie |
Type |
Purpose |
Duration |
| session |
Essential |
Maintains your login state |
24 hours |
| access_token |
Essential |
API authentication |
1 hour |
| refresh_token |
Essential |
Token renewal |
24 hours |
We do not use advertising or tracking cookies. All cookies are essential for the Service to function.
12. Third-Party Links
The Service may contain links to third-party websites or embedded content (e.g., YouTube videos). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
- Email: gomoiva.team@gmail.com