Skip to content
Movana Wellness

Legal

Privacy Policy

Last updated: 13 June 2026

Draft for review. This document is provided as a professional starting point and must be reviewed by a qualified lawyer before launch.

This policy explains what personal data Movana Wellness collects, why we collect it, how we use and protect it, and the rights you have over it. We've written it to be compatible with the EU/UK GDPR, India's Digital Personal Data Protection Act 2023 (DPDP), and the California Consumer Privacy Act (CCPA).

1. Who we are

Movana Wellness (“Movana”, “we”, “us”) provides general wellness programs and printable products for desk workers. For privacy questions, contact us at privacy@movanawellness.com. If you are in a jurisdiction that requires a designated contact or grievance officer (for example under India’s DPDP Act), this address is the point of contact.

2. The data we collect

  • Account data: your email address, and optionally your name and region, when you sign up or join a waitlist.
  • Health screening data: if you complete our onboarding screening, your answers about injuries, conditions, pregnancy and pain levels. This is sensitive personal data and we treat it with extra care (see section 4).
  • Activity data: routines completed, program progress, posture and hydration check-ins, and streaks.
  • Purchase data: for digital products and subscriptions, your email and transaction details. Card payments are processed by our payment provider (Razorpay) — we do not store your full card details.
  • Communications: messages you send us via the contact form, and emails you provide for our newsletter.
  • Usage & device data: if you consent to analytics cookies, limited information about how you use the site.

3. Why we use it, and our legal bases

  • To provide the service (performance of a contract): delivering routines, tracking progress, and fulfilling purchases.
  • With your consent: sending marketing emails, storing and using your health screening answers, and loading analytics cookies. You can withdraw consent at any time.
  • Legitimate interests: keeping the service secure, preventing abuse, and improving our content — balanced against your rights.
  • Legal obligations: keeping records we are required to keep (for example, tax records for purchases).

4. Health data — special handling

Health screening answers are “special category” data under GDPR and “sensitive personal data” under comparable laws. We collect them only with your explicit consent, use them solely to make routines safer for you (for example, to flag movements you should avoid), and never sell them. You can delete this data at any time from your account or by contacting us.

5. Cookies and analytics

We use essential cookies needed to run the site, and — only if you accept — optional analytics cookies (PostHog) to understand how the site is used. No non-essential cookies load before you make a choice in our consent banner, and you can change your choice at any time. We honour “Do Not Track” and global privacy signals where required.

6. How we share data

We do not sell your personal data. We share it only with service providers (“processors”) who help us run Movana, under contracts that require them to protect it:

  • Supabase — database, authentication and file storage.
  • Razorpay — payment processing (UPI, cards, netbanking).
  • Resend — transactional and delivery emails.
  • PostHog — privacy-conscious product analytics (only with your consent).
  • Email marketing provider (e.g. Mailchimp or ConvertKit) — if you opt in to our newsletter.

7. International transfers

Your data may be processed in countries other than your own. Where it is, we rely on appropriate safeguards (such as standard contractual clauses) to protect it to the standard required by your local law.

8. How long we keep it

We keep personal data only as long as needed for the purposes above, or as required by law. When you delete your account, we delete or anonymise your personal data, except where we must retain limited records (for example, proof of a purchase for tax purposes).

9. Your rights

Depending on where you live, you have some or all of these rights:

  • access a copy of your personal data;
  • correct inaccurate data;
  • delete your data (“right to erasure”);
  • port your data to another service;
  • object to or restrict certain processing;
  • withdraw consent at any time;
  • under the CCPA, know what we collect and request deletion — we do not sell personal information;
  • under the DPDP Act, request correction and erasure, and raise a grievance with our contact above.

To exercise any right, email privacy@movanawellness.com. You can also delete your account and data directly from your account settings. We will respond within the time required by applicable law.

10. Data minimisation & security

We collect only what we need, and we protect it with industry-standard measures including encryption in transit, access controls and row-level security on our database. No system is perfectly secure, but we work to keep your data safe.

11. Children

Movana is not intended for children. We do not knowingly collect data from anyone under the age required for consent in their country (16 in much of the EU; 18 under India’s DPDP Act without verifiable parental consent).

12. Changes to this policy

We may update this policy from time to time. We’ll change the “last updated” date above and, for material changes, let you know.

13. Contact

Questions or requests? Email privacy@movanawellness.com.