Movmo Privacy Policy

Effective date: 14 August 2025
Last updated: 14 August 2025

This Privacy Policy explains how Movmo LLC (“Movmo”, “we”, “us”, “our”) collects, uses, discloses, and protects Personal Data in connection with our websites (including movmo.com), applications, and brokerage/marketplace services for international trade (collectively, the “Services”). It also describes the rights and choices available to individuals regarding their Personal Data.

Movmo operates globally and serves primarily business users (buyers, sellers, brokers, and service providers involved in logistics, inspection, and payments). We aim to comply with applicable privacy laws, including the EU/EEA General Data Protection Regulation (“GDPR”), the UK GDPR, and U.S. state privacy laws such as the California Consumer Privacy Act as amended by the CPRA (“CCPA/CPRA) and comparable state laws (e.g., in Colorado, Connecticut, Virginia, Utah).

If anything here conflicts with a mandatory local privacy rule that applies to you, that local rule prevails.

1) Who we are and how to contact us

Controller: Movmo LLC (a Georgian entity)
Registered/Business location: Batumi, Georgia (postal address available upon request)
Email (privacy): privacy@movmo.com

EU/UK representative (if required): [To be appointed]. Until then, EEA/UK data subjects may contact us directly at privacy@movmo.com.

Data Protection Officer (DPO): [To be appointed]. Contact via privacy@movmo.com.

2) Scope & roles

This Policy applies to Personal Data processed by Movmo as:

• Controller: when we decide why/how Personal Data is processed (e.g., operating the platform, verifying accounts, fraud prevention, marketing).

• Processor/Service Provider: in limited cases when we process Personal Data strictly on behalf of an enterprise customer or partner under a separate agreement. In those cases, that customer’s or partner’s privacy notice governs and we follow their instructions.

3) Definitions

• Personal Data / Personal Information: Information that identifies or relates to an identified or identifiable individual.

• Sensitive Personal Data: A subset of Personal Data given extra protection by law (e.g., government IDs, financial account numbers).

• Process/Processing: Any operation on Personal Data (collection, storage, use, disclosure, etc.).

4) What we collect

We collect the categories of Personal Data below. Exact data depends on how you use the Services.

1. Identity & contact data
   Names, business role/title, company name, email addresses, phone numbers, postal addresses, country, language.

2. Account & profile data
   Login credentials, role/permissions, profile photos/avatars, preferred currency/incoterms/ports, saved settings, preferences.

3. Verification & compliance data (KYB/KYC/AML/CTF)
   Company registration/ownership documents, commercial invoices, bills of lading, customs docs, certificates, sanctions/PEP screening results, tax/VAT IDs, government-issued IDs (for authorized signers), proof of operations, bank account details for payouts (IBAN/SWIFT), and related correspondence.

   We minimize and securely store these items due to legal and fraud-prevention obligations.

4. Transaction & deal data
   Listings (offers/inquiries), proposals, counterparty names, negotiation history, pricing/terms, delivery/packaging details, inspection findings, logistics milestones, escrow instructions, payment confirmations, and invoices.

5. Communications & content
   Messages and attachments exchanged via in-app chat or email notifications; support requests; feedback; call notes where applicable.

6. Usage & technical data
   Device info (type, OS, browser), IP address, approximate location (derived from IP), pages viewed, session timestamps, referring/exit pages, actions/events (e.g., clicks), error logs, and diagnostic data.

7. Cookies and similar technologies
   See Section 12 for details.

8. Marketing & CRM data
   Email preferences, campaign interactions (opens/clicks), lead source, event/conference participation.

Sources of Personal Data

• Directly from you (forms, uploads, chat, calls).

• Your organization or colleagues (e.g., when a colleague adds you as a team member).

• Counterparties and professional service providers (e.g., inspectors, customs brokers, banks, insurers).

• Compliance partners and public sources (sanctions lists, corporate registries).

• Analytics, support, and security tools (to generate usage/diagnostic data).

Children: Our Services are for businesses and not intended for individuals under 18. We do not knowingly collect children’s data.

5) Why we process Personal Data (purposes) & legal bases

A. Service delivery & platform operations

• Create/manage accounts; authenticate users; enable listings, negotiations, and messaging; provide dashboards and notifications.

• Legal bases (EEA/UK): Contract performance; Legitimate interests.

B. Payments, escrow & settlements

• Coordinate payments/payouts; work with PSPs, EMIs, banks, and escrow partners; prevent double-spend and reconcile transactions.

• Legal bases: Contract; Legitimate interests; Legal obligations (financial/recordkeeping).

C. Verification, compliance & risk management

• KYB/KYC/AML/CTF screening; sanctions/PEP checks; fraud/threat detection; auditing.

• Legal bases: Legal obligations; Substantial public interest (where applicable); Legitimate interests.

D. Customer support & communications

• Respond to inquiries, send transactional notices (e.g., company verified, offer verified, new proposal), and service updates.

• Legal bases: Contract; Legitimate interests.

E. Security & integrity

• Monitor and secure accounts; detect, prevent, and respond to security incidents; maintain logs; debug and repair errors.

• Legal bases: Legitimate interests; Legal obligations.

F. Analytics & product improvement

• Measure usage; improve UX; develop new features; quality assurance.

• Legal bases: Legitimate interests; Consent (where required for cookies/SDKs).

G. Marketing (business-to-business)

• Send optional updates, newsletters, event invites; personalize content; measure campaign performance.

• Legal bases: Consent where required; otherwise Legitimate interests (B2B context). You can opt out anytime.

H. Corporate events

• Mergers, acquisitions, financing, or asset transfers.

• Legal bases: Legitimate interests; Legal obligations.

Where processing is based on consent, you may withdraw it at any time (it won’t affect past processing).

6) When we disclose Personal Data

We disclose Personal Data to:

• Counterparties involved in a deal (to the extent necessary for negotiations, contracting, logistics, inspection, and delivery).

• Brokers and Movmo staff/contractors supporting a transaction (“high-touch” model).

• Payment, escrow & financial partners (PSPs/EMIs/banks) for processing payments and payouts.

• Verification & compliance providers for KYB/KYC/AML/CTF checks.

• Logistics, inspection, customs & insurance partners to arrange and verify shipments.

• Service providers / processors: hosting, analytics, security, support tooling, communications (e.g., email/SMS), CRM.

• Professional advisors: auditors, accountants, lawyers, insurers.

• Authorities: if required by law, legal process, or to protect rights, safety, or property.

• Corporate transaction counterparties: as part of due diligence and post-closing integration.

We require recipients acting on our behalf to follow appropriate confidentiality, security, and data protection obligations.

We do not “sell” Personal Information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. If this ever changes, we will update this Policy and provide opt-out mechanisms as required.

7) International data transfers

Movmo operates globally (including Georgia) and uses service providers and partners located worldwide. Where required, we implement appropriate safeguards for cross-border transfers, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission,

• UK International Data Transfer Addendum (IDTA), and

• Additional technical/organizational measures (e.g., encryption, access controls).

You can request a copy of relevant transfer safeguards via privacy@movmo.com (subject to redactions).

8) Data retention

We retain Personal Data only as long as needed for the purposes set out in this Policy, including to comply with legal, accounting, or reporting requirements. Typical periods include:

• Account & profile data: For the life of the account and up to 3 years after closure (for queries/disputes).

• Deal & transaction records: Up to 10 years after completion (to meet commercial, tax, audit, and contract obligations).

• KYB/KYC/AML/CTF records: At least 5 years after the business relationship ends (or longer if law requires).

• Marketing data: Until you opt out or after a period of inactivity (commonly 2–3 years).

• Logs & diagnostics: Typically 12–24 months, unless needed longer for security or legal reasons.

When retention periods expire, we delete or irreversibly anonymize the data.

9) Security

We use administrative, technical, and physical safeguards appropriate to the risks (e.g., access controls, encryption in transit and at rest where applicable, least-privilege practices, monitoring, and vendor due diligence). No system is perfectly secure; if we detect a data incident affecting you, we will notify you and regulators as required by law.

10) Automated decision-making & profiling

We may use limited automation (e.g., risk signals, sanctions screening, anomaly detection). These processes support human decision-making; they are not solely determinative of outcomes like account termination or deal blocking, except where required by law (e.g., sanctions).
EEA/UK: You may request human review, express your point of view, and contest decisions that significantly affect you.

11) Your privacy rights

EEA/UK (GDPR)

You have the right to request:

• Access to your Personal Data and a copy;

• Correction of inaccurate or incomplete data;

• Deletion (“erasure”) in specified cases;

• Restriction of processing;

• Portability of data you provided (in a structured, machine-readable format);

• Objection to processing based on our legitimate interests (and to direct marketing at any time);

• Withdrawal of consent where processing relies on consent.

We will respond within one month (extendable by two months for complex requests). You can also lodge a complaint with your local data protection authority.

U.S. (including California)

Depending on your state, you may have the rights to:

• Know/Access categories and specific pieces of Personal Information;

• Delete Personal Information (with exceptions);

• Correct inaccuracies;

• Opt out of sales or sharing for cross-context behavioral advertising (not applicable as we do not sell/share in that way);

• Limit use/disclosure of Sensitive Personal Information (we only use SPI for necessary purposes);

• Non-discrimination for exercising rights.

We will verify your identity before fulfilling requests and respond within 45 days (extendable as permitted).

How to exercise your rights (all regions):
Email privacy@movmo.com or submit our Data Rights Request Form at movmo.com/privacy-request (URL placeholder). Authorized agents may submit requests where permitted by law.

Marketing opt-out: Use the unsubscribe link in emails or email privacy@movmo.com.
Cookies: See Section 12 for controls.

“Shine the Light” (CA Civil Code §1798.83): We do not share Personal Information with third parties for their own direct marketing. You may still contact privacy@movmo.com with questions.

12) Cookies & similar technologies

We use cookies, SDKs, and similar technologies to operate and improve the Services.

Types:

• Strictly necessary (authentication, security, load balancing).

• Functional (remember settings like language).

• Analytics (measure usage, improve the product).

• Communications & support (chat widgets, ticketing).

• Marketing (B2B campaign analytics—used only with appropriate legal basis).

Controls:

• Browser settings can block or delete cookies (may impact functionality).

• Where required, we present a cookie banner/manager for consent preferences.

• Do Not Track (DNT): We do not respond to DNT signals, but you can use the controls above.

13) Third-party links & services

Our Services may link to third-party sites or integrate third-party tools. Their privacy practices are governed by their own policies. Review those policies before providing them with Personal Data.

14) Changes to this Policy

We may update this Policy to reflect changes in laws, technologies, or our operations. We will post updates here and adjust the “Last updated” date. For material changes, we may provide additional notice (e.g., email, in-app notice). Continued use of the Services after the effective date means you accept the revised Policy.

15) Contact

If you have questions, concerns, or complaints about this Policy or our data practices, contact:
Email: privacy@movmo.com
Postal: Movmo LLC, Batumi, Georgia (full postal address available upon request)

You may also have the right to lodge a complaint with your local supervisory authority (EEA/UK) or attorney general (U.S. states).