Privacy Policy

This Privacy Policy explains how Movari ("we", "our", "us") collects, uses, discloses, and protects personal information when you use the Movari mobile application and related services (the "App" or "Service"). We are committed to privacy-by-design and collect only the data needed to deliver fitness and wellness features safely and effectively.

By creating an account or using Movari, you agree to this Privacy Policy. If you do not agree, please do not use the App.

1. Who we are

Movari is a fitness and wellness application operated by Radical App Foundry.

Radical App Foundry is the data controller responsible for your personal information under applicable privacy laws, including the Protection of Personal Information Act (POPIA) in South Africa and, where applicable, the General Data Protection Regulation (GDPR) in the European Union and United Kingdom.

• Support Email: movari.fitness@gmail.com
• Privacy & Legal Enquiries: info@radicalappfoundry.co.za

2. Minimum age and younger users

You must be at least 13 years old to use Movari. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly.

Movari is not directed at children under 13. Users aged 13–17 may use the App, but we do not knowingly provide targeted marketing, advertising, or profiling to users under 18. Parents or guardians who believe a child under 13 has provided information to us should contact us at info@radicalappfoundry.co.za.

3. What data we collect

We collect the following categories of data when you use Movari:

• Account information: email address and authentication credentials, managed via Firebase Authentication.
• Profile information: name, age, sex, height, weight, fitness goals, and preferences you provide.
• Workout data: workout logs, routines, exercises, sets, reps, duration, and related activity records you enter.
• Nutrition data: meals, calories, macros, water intake, and nutrition logs you enter or generate.
• Meal photos: images you upload for AI meal scanning and nutrition analysis.
• Progress data: weight history, body measurements, progress metrics, mood check-ins, streaks, XP, and private progress photos you choose to store.
• Health integration data: step count information read from Apple Health (iOS) or Health Connect (Android), only if you enable the integration.
• Subscription information: subscription status and purchase history from Apple App Store or Google Play via RevenueCat. We do not receive payment card numbers.
• Device and app data: device type, operating system, app version, and push notification tokens (Firebase Cloud Messaging).
• Support communications: messages you send to our support team, including your name, email, optional phone or alternate email, message content, and timestamps.

Health-related data: Workout logs, nutrition data, body measurements, progress photos, and step count data (if enabled) may be considered health-related or sensitive personal information under some privacy laws. We process this data only to provide Movari's features to you, based on your use of the App and, where required by law, your consent (for example, when you enable Apple Health or Health Connect integrations or upload progress photos).

What we do not collect: Movari does not include buddy matching, community feeds, leaderboards, squads, direct messaging, or public social sharing in the current release. We do not collect contacts, precise location, web browsing history, or payment card data.

What we do not currently use: We do not include Firebase Analytics, advertising SDKs, or third-party ad tracking in the App. We do not sell your data to advertisers.

4. Where data comes from

• Directly from you when you create an account, log workouts or meals, upload photos, or contact support.
• Apple Health / Health Connect when you grant read-only permission for step count data.
• App stores (Apple / Google) provide purchase status to RevenueCat, which we use to manage subscription entitlements.
• AI services process meal photos and related inputs you submit, via our secure server-side systems, for nutrition analysis.
• Automatically for push notification delivery (FCM tokens) and basic device/app metadata needed to operate the Service.

5. How we use data

• App functionality: authentication, profiles, workout and nutrition logging, progress tracking, meal scanning, and subscription entitlements.
• AI features: analyse meal photos and provide nutrition guidance and meal planning using third-party AI services such as Google Gemini.
• Health integrations: display step count data synced from Apple Health or Health Connect when you enable them.
• Account management: manage subscriptions, receipts, and eligibility for Movari Pro.
• Push notifications: send reminders and updates you have opted into.
• Security and fraud prevention: protect accounts and the Service.
• Support and communications: respond to requests and important notices (e.g., policy or security updates).

Legal bases (where applicable): performance of a contract (to provide the Service), legitimate interests (to improve and secure the Service), consent (where required — including health integrations, push notifications, and processing of health-related data where applicable), and legal obligation.

We do not use your personal information for targeted advertising or sell your data to advertisers.

6. AI, nutrition outputs, and medical disclaimer

Movari uses third-party artificial intelligence services, including Google Gemini, to provide meal scanning, nutrition guidance, and meal planning.

How AI processing works:

• When you use AI meal scanning, your meal photo and related inputs are sent from the App to our secure server-side systems (Google Cloud / Firebase Cloud Functions).
• Our servers then transmit the data to Google Gemini for analysis. Data is encrypted in transit using HTTPS/TLS.
• Google processes the data to return nutrition estimates to Movari. We use Google's API services under terms that restrict use of API-submitted data for model training.
• We do not allow AI providers to use your meal photos or nutrition data to train their general-purpose models.
• We do not publish or share your meal photos publicly through Movari.
• Data sent to Google Gemini for inference may be retained by Google under Google's privacy policy. We do not control Google's retention of data processed through their API.

AI-generated nutrition outputs are estimates only. Movari:

• is not a medical device;
• does not provide medical advice, diagnosis, or treatment recommendations;
• should not replace advice from qualified healthcare professionals.

You should review AI suggestions before relying on them and consult a qualified healthcare professional for medical or dietary decisions.

7. Data sharing and processors

We do not sell personal data. We use trusted service providers ("processors") to operate the Service. These providers only process data on our behalf under agreements and appropriate safeguards:

Provider	Purpose
Google Firebase / Google Cloud (Authentication, Firestore, Cloud Storage, Cloud Functions, Cloud Messaging)	Hosting, authentication, database, file storage, notifications
RevenueCat	Subscription management and entitlements from app stores
Google Gemini	AI-powered meal scanning and nutrition analysis via our server-side systems
Apple Health / Health Connect	Read-only step count data when you enable integration
Apple App Store / Google Play	Process payments and subscriptions under their own privacy policies

Your use of third-party services may also be governed by their own terms and privacy policies. Movari is not responsible for third-party practices outside our control.

8. International transfers

Your data may be processed in data centres outside your country, including in the United States and other locations where Google Cloud and our other providers operate.

Where required by applicable law (including the GDPR), we rely on appropriate safeguards for international transfers, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• data processing agreements with our service providers; and
• industry-standard technical and organisational security measures.

You may contact us for more information about the safeguards we use for international transfers.

9. Data retention

We retain personal information only for as long as necessary to provide the Service and fulfil the purposes described in this policy.

9.1 While your account is active

• Account and profile data: retained while your account is active.
• Workout, nutrition, and progress data: retained while needed to provide features to you.
• Private progress photos: retained while your account is active and stored privately within your account.
• Meal photos: meal photos linked to food log entries older than 180 days are automatically deleted from storage via a scheduled weekly cleanup that processes all eligible photos per user. The food log entry itself (without the image) may be retained. This cleanup only runs while your account exists.

9.2 When you delete your account

When you delete your account through Profile → Settings → Delete Account, we permanently and promptly delete your account and associated personal data from our active Firebase systems, including:

• your Firebase Authentication account;
• your user profile and Firestore data (workouts, food logs, nutrition data, progress entries, meal plans, and related subcollections);
• all files in your Firebase Storage folder, including meal photos, progress photos, and profile photos; and
• support tickets linked to your account.

There is no post-deletion retention of meal photos or progress photos in our active systems.

Limited exceptions after deletion:

• Deletion feedback: If you choose a reason when deleting your account, we may retain a de-identified record containing only a reason category (for example privacy or expensive) and the date — no name, email, account identifier, or free-text explanation. This is used only for product improvement and is not used for marketing.
• Third-party provider retention: Some data processed by third-party services may be retained under their own policies after your account is deleted from Movari. This includes:
  • Google Gemini — meal photos and text sent for AI analysis are processed by Google under Google's API terms and retention policies. We do not control Google's retention of inference data.
  • RevenueCat — your RevenueCat customer record is deleted via our server when you delete your account, and the App signs out of RevenueCat locally so the profile is not recreated on this device. This does not cancel an active Apple or Google subscription — cancel that in your app store settings.
  • Firebase / Google Cloud — server logs, error logs, and infrastructure backups may retain residual data for a limited period under Google's provider policies. We do not configure or enforce a specific backup purge period in the App.
• Legal and security obligations: We may retain limited records where required by law, to resolve disputes, enforce our terms, or prevent fraud and abuse.

9.3 Support communications

Support messages are retained for as long as needed to resolve your enquiry and for a reasonable period thereafter for quality and legal purposes. Support tickets linked to your account are deleted when you delete your account.

10. Account deletion

You may permanently delete your account at any time through Profile → Settings → Delete Account in the App.

Deletion permanently removes your account, profile, logs, photos, and other data from our active Firebase systems as described in Section 9.2. Residual copies may persist in third-party provider systems or infrastructure logs for a limited period under those providers' policies.

If you select a reason during deletion, a de-identified reason category and date may be retained for product improvement only — see Section 9.2.

You can also submit a deletion request via our Data Deletion page if you cannot access the app. For more information, see our Terms of Use.

11. Your rights

Depending on where you live, you may have the right to:

• Access: Request a copy of your personal data we hold.
• Correction: Update or correct inaccurate information in your profile.
• Deletion: Delete your account and associated data in-app (Profile → Settings → Delete Account), or submit a request via our Data Deletion page.
• Withdraw consent: Revoke Apple Health, Health Connect, or push notification permissions through your device settings.
• Object or restrict: Object to or restrict certain processing where applicable by law.
• Portability: Request export of your data in a portable format where applicable.
• Complaint: Lodge a complaint with your local data protection authority where applicable.

To exercise these rights, contact us at info@radicalappfoundry.co.za or movari.fitness@gmail.com. We will respond within the timeframes required by applicable law.

12. Security

• All data in transit uses HTTPS/TLS.
• We rely on Google Cloud/Firebase security controls, authentication, and role-based access.
• Progress photos and health-related data are stored privately and are not shared publicly through Movari.
• We maintain least-privilege access and monitor for abuse.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work to protect your information using industry-standard measures.

13. Push notifications

Movari may send push notifications for reminders, progress updates, and service notices. You can disable notifications at any time through your device settings or in-app preferences.

14. Cookies & SDKs

Our mobile app uses SDKs to provide core functionality. These include:

• Firebase — authentication, database, storage, cloud functions, and push messaging;
• RevenueCat — subscription and entitlement management.

We do not use Firebase Analytics, advertising SDKs, or third-party ad tracking in Movari.

15. Data Safety summary (Google Play mapping)

• Collected: Name, Email address, Health and fitness data (workouts, nutrition, body measurements, step count if enabled), Photos you upload, Purchase history, App interactions (support tickets and in-app usage necessary to operate the Service), Device/app metadata and push tokens.
• Not collected: Precise location, contacts, messages, calendar, web browsing, payment card data, public social profile data, or cross-app advertising identifiers.
• Encrypted in transit: Yes. Sharing: No sale of data; processors only.
• Deletion: In-app account deletion (Profile → Settings → Delete Account) or request via our Data Deletion page.

16. Changes to this policy

We may update this policy as our Service evolves. Material changes will be communicated in-app or on this page, and we will update the "Last updated" date. Continued use of Movari after changes take effect means you accept the revised policy.

17. Contact

• Support Email: movari.fitness@gmail.com
• Privacy & Legal Enquiries: info@radicalappfoundry.co.za
• In-App Support: Profile → Help & Support

Movari · Bundle ID: com.raf.movari · © 2026 Radical App Foundry