M0VE

Privacy Policy

Last updated April 2026 (rev. 2)

This Privacy Policy explains how The Invenio Group B.V (“M0VE”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use the M0VE mobile app, website, and related services (collectively, the “Service”).

Please read this policy carefully. By using the Service you confirm that you have read and understood how we process your personal data.

1. Who we are

The data controller responsible for your personal data is:

The Invenio Group B.V
Oosthavendijk 46A
3241LK Middelharnis
The Netherlands
Trade register number: 88868303
VAT number: NL864805664B01
Privacy contact: privacy@movenutrition.app

We are registered in the Netherlands and subject to the General Data Protection Regulation (GDPR) as implemented under Dutch law. Our lead supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

2. Data we collect and why

The sections below set out each category of personal data we collect, the lawful basis we rely on under GDPR Article 6 or Article 9, and the purpose for which we process it.

Account information

Data: Email address, display name, Firebase authentication identifier.

Lawful basis: Contract (Article 6(1)(b)) — necessary to create and maintain your account.

Athlete profile

Data: Sport type, nutrition goal, training thresholds (FTP, threshold pace), activity level, work type, BMR formula preference.

Lawful basis: Contract (Article 6(1)(b)) — necessary to calculate your personalised daily nutrition targets.

Body metrics

Data: Body weight, height, date of birth, gender, body fat percentage (optional).

Lawful basis: Contract (Article 6(1)(b)) for weight and height used in calorie calculations. Where these metrics are processed as health data under GDPR, we rely on your Explicit Consent (Article 9(2)(a)) — see Section 3.

Nutrition and food logs

Data: Meals, food items, quantities, calorie and macro values, hydration records, and sweat test results you enter into the app.

Lawful basis: Contract (Article 6(1)(b)) — core service functionality.

Training data

Data: Workout type, date, duration, distance, heart rate, power output, and active calories — imported from connected services you authorise (Strava, Intervals.icu, Apple Health, Apple Watch).

Lawful basis: Contract (Article 6(1)(b)) — used to adjust your daily nutrition targets based on training load. You initiate each connection via OAuth or in-app authorisation.

Menstrual cycle data

Data: Last cycle start date and cycle length, used to calculate your current cycle phase and apply phase-appropriate nutrition adjustments.

Lawful basis: Explicit Consent (Article 9(2)(a)) — this is special category health data. It is processed only where you have given explicit, informed, and freely withdrawable consent. See Section 3 and Section 5 for full details.

Usage and diagnostic data

Data: Device type, operating system version, app version, crash reports, screen views, app lifecycle events, and product analytics events (such as features used, training sessions planned, and navigation patterns).

Lawful basis: Legitimate Interests (Article 6(1)(f)) — we have a legitimate interest in maintaining the stability of and improving the Service. Analytics events are not combined with your food logs, health data, or other sensitive data, and are not used for advertising or cross-service profiling.

Support communications

Data: Your name, email address, and the content of messages you send through our support form or by email.

Lawful basis: Legitimate Interests (Article 6(1)(f)) — necessary to respond to your enquiry and maintain records of support interactions.

Coach-athlete data

Data: If you connect to a coach within the app, your nutrition logs and daily targets are visible to that coach through the M0VE coach dashboard.

Lawful basis: Contract (Article 6(1)(b)) — you explicitly authorise each coaching connection within the app and can remove it at any time.

3. Special category health data

GDPR Article 9 requires a higher level of protection for certain categories of personal data. For M0VE, this includes:

  • Menstrual cycle data — cycle start dates and length used to phase-adjust your nutrition targets.
  • Body and fitness data processed in a health context — where body weight, height, body fat percentage, or fitness metrics are processed as part of a health or nutrition management service, they may constitute health data under applicable law.

We rely on your explicit consent (Article 9(2)(a)) to process this data. That consent is:

  • Collected through an affirmative in-app action at the point you enable the relevant feature.
  • Specific to the purpose stated at the point of collection.
  • Freely given — enabling or withholding this consent does not affect your access to other features of the Service.
  • Withdrawable at any time without detriment. To withdraw consent for menstrual cycle data, disable cycle tracking or delete your cycle data in the app. To withdraw consent for body metrics, remove that data from your profile. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. Apple HealthKit

If you grant permission on iOS, M0VE reads the following data types from Apple HealthKit:

  • Workout type, duration, distance, and active energy burned
  • Heart rate (average and maximum, where available)
  • Cycling power (where available)

This data is used solely to calculate your daily calorie and nutrition targets and to display your workout history within the app.

We will not use HealthKit data for advertising, marketing, or with data brokers — ever. We will not share HealthKit data with any third party except as strictly necessary to deliver the core nutrition calculation service to you. HealthKit data is not stored in iCloud by M0VE. HealthKit data is not used to build profiles for any purpose other than your own nutrition management within the Service.

You can revoke HealthKit access at any time in iOS Settings › Privacy & Security › Health › M0VE.

5. Menstrual and reproductive health data

We treat menstrual cycle data as among the most sensitive data we hold. The following rules apply without exception:

  • Menstrual cycle data is never shared with any third party — including advertisers, analytics platforms, data brokers, or law enforcement — except where we are legally compelled by a court order we cannot lawfully resist.
  • Menstrual cycle data is not sent to any AI system, including Anthropic’s API, for any purpose.
  • Menstrual cycle data is not used for advertising, marketing, analytics, or profiling of any kind.
  • Menstrual cycle data is stored in Firebase Firestore on Google Cloud servers in the United States, protected by encryption at rest and in transit (see Section 9 on international transfers).
  • You can delete your menstrual cycle data independently of your account at any time within the app. Deletion removes the data from our active systems within 30 days, and from backup archives within 60 days.

6. AI food processing

M0VE uses Anthropic’s Claude AI to power two features: AI food logging (describing a meal in plain language) and AI recipe building (generating a portioned meal from ingredients you list).

What data is sent to Anthropic:

  • AI food logging: The text description you type, plus your body weight (used to contextualise serving size estimates).
  • AI recipe building: The ingredient list you provide, your target meal type and macro targets for that meal, your body weight, sport type, and dietary preferences.

What Anthropic does not receive: Your email address, display name, account identifier, food log history, menstrual cycle data, or workout history.

Anthropic processes this data as a data processor on our behalf. Under Anthropic’s commercial API terms, your inputs are not used to train Anthropic’s models. Anthropic does not retain API inputs beyond the time required to process the request.

Lawful basis: Contract (Article 6(1)(b)) — AI food parsing is a core feature of the Service.

Anthropic is a US-based company. Data sent to their API is transferred to the United States under Standard Contractual Clauses (see Section 9).

Automated decisions: AI-generated nutritional values are presented to you for review and can be edited or overridden before being logged. No automated decisions with legal or similarly significant effects are made about you.

7. Third parties we work with

We do not sell your personal data. We share data only with the following named parties, each of whom processes data on our behalf under a Data Processing Agreement:

Google / Firebase

Authentication, database (Firestore), and crash reporting (Crashlytics). Your account data, profile, food logs, and training data are stored in Firestore. Google LLC, United States.

Vercel

Hosting for the M0VE website and server-side API. Vercel Inc., United States.

Anthropic

AI language model for food parsing and recipe building (see Section 6). Anthropic PBC, United States.

PostHog

Product analytics. We use PostHog’s EU Cloud — your analytics data is stored and processed within the EEA. PostHog does not receive your food logs, health data, menstrual cycle data, or personal identifiers. PostHog B.V., The Netherlands.

Loops

Transactional email delivery — account notifications and support replies. Loops, United States.

Strava

When you connect Strava, we receive completed activity data under the scopes you authorise via Strava’s OAuth flow. Strava Inc., United States.

Intervals.icu

When you connect Intervals.icu, we read planned sessions and completed workout data. Intervals.icu, New Zealand.

Apple

HealthKit data is read locally from your device under iOS permissions you grant. Apple does not receive data from M0VE.

Coaches you authorise

If you connect to a coach within the app, that coach can view your nutrition logs, targets, and compliance data through the M0VE coach dashboard. You can remove the connection at any time.

Legal and corporate disclosures

We may share data where required by law, to comply with a legal obligation, to protect the rights or safety of users, or in connection with a merger or acquisition.

8. Advertising and tracking

M0VE does not engage in cross-app or cross-website tracking. We do not use advertising SDKs, data brokers, or ad-targeting platforms. Health and fitness data, body metrics, menstrual cycle data, and food logs are never used for advertising purposes.

9. International data transfers

We are based in the Netherlands. Several of our processors are based in the United States. We ensure these transfers are lawful by relying on Standard Contractual Clauses (SCCs) approved by the European Commission:

  • Google / Firebase — SCCs + Google Cloud Data Processing Addendum
  • Vercel — SCCs via Vercel’s Data Processing Addendum
  • Anthropic — SCCs via Anthropic’s Data Processing Addendum
  • Loops — SCCs
  • Strava — SCCs under Strava’s API partner terms

You can request a copy of the relevant transfer safeguards by contacting us at privacy@movenutrition.app.

10. How long we keep your data

  • Account data: Duration of your account, plus 30 days after deletion.
  • Athlete profile and body metrics: Duration of your account. Deleted within 30 days of account deletion.
  • Food and nutrition logs: Duration of your account. Deleted within 30 days of account deletion.
  • Training data: Duration of your account. Deleted within 30 days of account deletion.
  • Menstrual cycle data: Duration of your account, or until you delete it within the app.
  • Sweat test results: Duration of your account. Deleted within 30 days of account deletion.
  • Crash and diagnostic logs: 90 days.
  • Support communications: Two years from the date of last contact.
  • Backup copies: Deleted data may persist in encrypted backup archives for up to 60 days before permanent removal.

11. Your rights

Under GDPR, you have the following rights in relation to your personal data. Contact us at privacy@movenutrition.app or use our support form. We will respond within one month of receiving your request.

Right of access (Article 15)

You can request a copy of the personal data we hold about you.

Right to rectification (Article 16)

You can correct inaccurate personal data. Most profile data can be updated directly in the app.

Right to erasure (Article 17)

You can delete your account and all associated data directly within the app (Account › Delete account). We will permanently delete your data within 30 days.

Right to restriction of processing (Article 18)

You can request that we restrict processing of your data in certain circumstances.

Right to data portability (Article 20)

You can request your data in a structured, machine-readable format. Contact us to request a data export.

Right to object (Article 21)

You can object to processing based on our legitimate interests.

Right to withdraw consent

Where we rely on your consent, you can withdraw it at any time without detriment. Withdrawal does not affect the lawfulness of prior processing.

Rights related to automated decision-making (Article 22)

M0VE does not make solely automated decisions that produce legal or similarly significant effects about you.

12. Complaints

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with a supervisory authority:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
autoriteitpersoonsgegevens.nl

We would appreciate the opportunity to resolve your concerns directly. Please reach out to us at privacy@movenutrition.app first.

13. Security

We use industry-standard technical and organisational measures to protect your data, including TLS encryption in transit and AES-256 encryption at rest via Firebase and Google Cloud infrastructure.

14. Children

The Service is not directed to children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@movenutrition.app.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page and, where required by law, notify you in the app or by email.

16. Contact

The Invenio Group B.V
Oosthavendijk 46A
3241LK Middelharnis
The Netherlands
privacy@movenutrition.app