Privacy Policy
Last updated on 03 Mar, 2026
Movarro UF (“Movarro,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have regarding your data when you use our website, desktop app, and related services (collectively, the “Services”). Because our Services process audio and transcripts from live calls, this Policy includes specific provisions about audio capture, consent, model training, vendor processing, international transfers, and data subject rights under the EU General Data Protection Regulation (GDPR).
Movarro is the data controller for personal data collected through the Services unless a separate written agreement specifies otherwise. For data protection inquiries, or to request our Data Processing Agreement (DPA), contact: info@movarro.com.
1. Information We Collect
2. How We Use Your Information
3. Sharing & Disclosure of Information
4. Data Retention & Deletion
5. Data Security
6. Google User Data Disclosure
7. Your Rights
8. Children's Privacy
9. International Data Transfers
10. Consent Logging, Model Training & Use of Customer Data
11. Changes to This Policy
12. Contact Us
1. Information We Collect
A. Account Information
We collect registration and account data such as your name, email address, company name, billing information, and account preferences. If you sign in with Google, we receive only the Google account data necessary for authentication (your name, email, and profile picture if available). We do not access your Gmail, Google Drive, Calendar, or other Google content beyond authentication scope.
B. Usage Data
We collect analytics and diagnostics including interactions with our App and website (screens viewed, features used), preferences, crash logs, device type, operating system, IP address, and performance metrics necessary to operate and improve the Services.
C. Call Data (Core Service)
We process audio streams, real‑time transcripts, and AI-generated suggestions to provide the live transcription and coaching features. Call data may include personal data and business information disclosed during calls. We only process call data after the user has confirmed, via the in‑app consent prompt, that required participant consent has been obtained. (See “Consent Logging” below.) By default, Movarro will NOT use your individual call audio, transcripts, or personalization inputs to train our base models or generate additional model weights unless you expressly opt in. If you opt in, you grant Movarro a limited license to use anonymized or aggregated versions of such data for model improvement (see “Model Training & Use of Customer Data” below).
D. Cookies & Tracking
We use session cookies, authentication tokens, and analytics cookies to keep users signed in and to understand product usage and performance. You can control cookie settings via your browser and account preferences.
2. How We Use Your Information
We use personal data to operate and improve the Services. Where applicable, we identify the legal basis for processing under GDPR:
Provision of the Service (live transcription, AI coaching, personalization): lawful basis — performance of a contract with you and/or our legitimate interests in operating the Services.
Audio capture and profiling/personalization that involves automated decision‑making or profiling beyond the immediate session: lawful basis — your explicit consent; we will obtain consent via the App.
Model training, aggregated research, and product improvement using customer call content or personalization inputs: lawful basis — explicit opt‑in consent (default: OFF). Enterprise customers may negotiate different terms contractually.
Payment processing and billing: lawful basis — performance of a contract and legal obligations.
Legal compliance, fraud prevention, safety: lawful basis — legitimate interests and legal obligations.
You may withdraw consent at any time for processing based on consent; withdrawal does not affect processing performed prior to withdrawal.
3. Sharing & Disclosure of Information
We share personal data only in limited circumstances:
Service Providers and Processors: We use third‑party processors to provide the Services (e.g., transcription providers, AI inference, hosting, and payment processors). Current examples include AssemblyAI, Deepgram, Google (Gemini), Vercel, and Stripe. We share data with processors only as necessary and subject to contractual Data Processing Agreements requiring appropriate security and processing restrictions.
International Transfers: Some processors are located outside the EEA. Where transfers occur, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses) and other lawful mechanisms. You can request copies of our SCCs or DPAs at info@movarro.com.
Legal Compliance: We may disclose personal data to comply with law, regulation, or valid legal process, or to protect the rights, property, or safety of Movarro and our users.
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity; we will provide notice where required.
We do not sell personal data or Google user data.
4. Data Retention & Deletion
Account Data: We retain account information as long as your account is active and as necessary to provide the Services or comply with legal obligations (such as tax rules).
Call Audio & Transcripts: Raw audio and identifiable transcripts are retained for the period necessary to provide the Service and support (standard retention: up to 30 days from the session date). After 30 days, identifiable raw audio and transcripts will be permanently deleted unless you actively choose to retain them in your account or opt in to allow their use for model improvement.
Backup & Logs: Backups and logs may exist for a limited period for security and operation (generally purged within 90 days), except where longer retention is required by law.
Deletion Requests: You may request deletion of your personal data by contacting info@movarro.com. We will respond to deletion requests in accordance with applicable law and will purge backups according to our retention schedule. Deletion requests will not affect processing performed prior to deletion.
When we refer to anonymization, we mean applying technical measures to remove or obscure personal identifiers so the data can no longer reasonably be attributed to an identifiable person. While we employ best‑effort anonymization techniques, absolute irreversibility cannot be guaranteed in every scenario.
5. Data Security
We implement administrative, technical, and physical safeguards to protect personal data, including TLS encryption in transit, AES-256 encryption at rest, role‑based access controls, multi‑factor authentication for production systems, and logging and monitoring. Our processors maintain security certifications where available (e.g., SOC2, ISO27001). We periodically perform security testing and vulnerability assessments. While we use reasonable safeguards, no system can be guaranteed to be 100% secure. In the event of a personal data breach, we will notify affected users and supervisory authorities as required by law.
6. Google User Data Disclosure
In compliance with Google OAuth and API policies:
Movarro only uses Google user data to authenticate your account and identify you.
Google user data is not transferred, sold, or used for advertising, profiling, or unrelated analytics.
Google user data is not shared with third parties except as necessary to operate our Services (e.g., authentication backend).
Google user data is stored securely, encrypted, and can be deleted upon request.
We will promptly notify users of any material changes to how Google user data is used.
7. Your Rights
If you are located in the EU/EEA, you have rights under the GDPR, including:
Access: request a copy of personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion of your personal data in certain circumstances.
Restriction: request restriction of processing in certain situations.
Object: object to processing based on legitimate interests or profiling.
Withdraw Consent: withdraw consent where processing is consent‑based.
Portability: receive a machine‑readable copy of data you provided.
To exercise these rights, contact info@movarro.com with sufficient detail to locate your account. We will verify your identity and respond within applicable legal timeframes (generally one month). You may also lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY).
8. Children's Privacy
Our Services are not directed to children under 13. Where local law sets a higher digital consent age (for example, 16 in some EU countries), we will comply with that requirement. Users between 13–17 may use the Service only with verified parental or guardian consent where permitted by law. We do not knowingly collect personal data from children below the applicable minimum age; if we learn we have done so, we will promptly delete the data.
9. International Data Transfers
We may process and store personal data in countries outside your residence (for example, the United States) where our processors operate. For transfers outside the EEA, we implement appropriate safeguards such as EU Standard Contractual Clauses or other lawful mechanisms. You may request details of the transfer safeguards by emailing info@movarro.com.
10. Consent Logging, Model Training & Use of Customer Data
Before any audio capture begins, the App requires a click‑to‑accept confirmation that the user has obtained any required consent from call participants. We store consent metadata for each session, including: user account ID, session ID, timestamp (UTC), IP address, client app version, consent text version, and whether the user opted in to model training. We retain consent logs for at least one (1) year to respond to legal or regulatory inquiries.
Default Policy: By default, Movarro will NOT use your individual call audio, transcripts, or personalization inputs to train our base models or generate additional model weights.
Opt‑In for Model Improvement: If you explicitly opt in via the App or by contract (Enterprise customers), you grant Movarro a limited, worldwide, royalty‑free, non‑exclusive license to use anonymized or aggregated versions of your data to improve the Services. At the point of opt‑in we will disclose the purposes and types of data used and the anonymization measures employed.
Revocation: You may withdraw consent for model training at any time via account settings or by contacting info@movarro.com. Revocation is prospective and will not undo training already performed.
Enterprise Options: Enterprise customers may negotiate contractual protections including “No‑Training” agreements, dedicated models, or data residency requirements.
We will enter into Data Processing Agreements with customers and processors where required by law. If you are a business customer and need a DPA, no‑training assurances, or specific data residency terms, contact us at info@movarro.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy at https://movarro.com/privacy and update the “Last Updated” date. We will provide notice in the App or by email for material changes. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.
12. Contact Us
If you have questions, wish to exercise your rights, or request our DPA or transfer safeguards, contact:
E: info@movarro.com
A: Hantverkargatan 67-69, Stockholm, Sweden