Plain-English summary: Muvtrak collects the minimum data needed to run the app. We do not sell your data. We do not share it with advertisers. Your inspection photos and reports belong to you — we store them securely so you have them when you need them.
1. Who we are
Muvtrak ("Muvtrak", "we", "us", or "our") is a security deposit protection app operated by Olawale Fagade. Contact: hello@muvtrak.com.
This Privacy Policy explains how we collect, use, and protect information when you use the Muvtrak iOS app, Android app, or web app at muvtrak.com (collectively, the "Service").
2. Information we collect
Information you provide directly:
- Account: Email address and display name. If you sign in with Google, we receive your name and email from Google.
- Property data: Address, property type, room configuration, and details you enter when creating a property.
- Inspection data: Checklist responses, condition notes, comments, and your digital signature.
- Photos: Images you take or upload during inspections. Stored in encrypted cloud storage linked to your account.
- Payment: We do not store card details. Payments are processed by Stripe (web) and Apple or Google (in-app purchases). We receive only a transaction confirmation and subscription status.
Information collected automatically:
- GPS location: One location coordinate per property at the time of creation to associate your inspection with a place. We do not track your location continuously.
- Device metadata: Device type and capture time (server-side UTC, not device clock) attached to each photo to create a tamper-evident timestamp.
- Crash reports: Anonymous crash data via Sentry — device type, OS version, and stack trace only. Does not include your name, email, or inspection content.
- Usage analytics: Anonymised event data (e.g. "inspection started", "PDF generated") via PostHog to improve the product. We do not build advertising profiles.
3. How we use your information
- To create and maintain your account
- To generate, store, and deliver signed inspection reports
- To send signature request emails to parties you invite
- To enforce free vs paid feature access via subscription status
- To diagnose crashes and fix bugs
- To understand product usage and prioritise improvements
- To send transactional emails (confirmation, password reset, inspection signed). We do not send marketing emails without your explicit opt-in.
4. How we protect your data
- All data is stored in Supabase (AWS infrastructure) with AES-256 encryption at rest and TLS 1.3 in transit.
- Photos are stored in Supabase Storage with signed, time-limited access URLs — files are inaccessible without a valid signed URL.
- Generated PDF reports are SHA-256 hashed on creation. Any subsequent alteration to the file is detectable.
- Passwords are never stored in plaintext. Supabase Auth uses industry-standard hashing.
- Internal access to user data is restricted to what is necessary to operate the service.
5. Data sharing and disclosure
We do not sell your data. We do not share it with advertisers. We share data only in these limited circumstances:
- Parties you explicitly invite: When you send a signature request, the recipient gets a time-limited link to view and sign your report. They do not access your account or other properties.
- Service providers: Supabase (database and storage), Stripe (payments), OpenAI (AI features — prompts are not used to train OpenAI models per our data processing agreement), Sentry (crash reporting), PostHog (analytics). Each receives only the minimum data necessary.
- Legal obligations: If required by law, court order, or to protect the rights and safety of users or the public.
- Business transfer: In the event of a merger or acquisition, your data may transfer to the new entity, subject to the same protections described here.
6. Data retention
- Paid accounts: Inspection data and photos are retained indefinitely while your account is active.
- Free accounts: Inspection data is retained for 12 months. You will receive an email reminder before deletion.
- Account deletion: All personal data, inspection records, and photos are permanently deleted within 30 days. Anonymised analytics events are retained.
7. Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your data, and to opt out of analytics tracking. To exercise any of these rights, email hello@muvtrak.com with the subject "Privacy Request", or use our Delete Account page. We will respond within 30 days.
8. Children's privacy
Muvtrak is not directed at children under 13. We do not knowingly collect personal information from children. Contact us at hello@muvtrak.com if you believe a child has provided personal information and we will delete it promptly.
9. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Updated" date above. For material changes, we will notify you by email or in-app notification.
10. Contact
Questions about this Privacy Policy? Email hello@muvtrak.com with the subject "Privacy Inquiry".
Note: This policy was prepared for informational purposes. Muvtrak recommends consulting a qualified attorney to confirm compliance with all applicable laws before public launch.