Introduction
This Privacy Policy explains how [COMPANY LEGAL NAME] (“Movables,” “we,” “us”) collects, uses, shares, and protects personal information in connection with the Movables websites, applications, and services (the “Service”).
1. Our role: controller vs. processor
- For Operator account data (the businesses that use Movables), we act as a controller — we decide how that data is used to provide the Service.
- For Renter data an Operator collects through the Service (their customers’ names, contact details, and booking information), the Operator is the controller and we act as a processor handling that data on the Operator’s behalf. If you are a Renter, please also contact the Operator you booked with regarding your data.
2. Information we collect
- Account & business information: name, email, phone, business name, location/service area, timezone, and settings you configure.
- Renter & booking information (entered by Operators or submitted through a storefront): customer name, email, phone, delivery address, event dates, items, quotes, messages, and agreement status.
- Payment information: processed by Stripe. We receive limited details such as payment status, amounts, and card brand/last four — not full card numbers.
- Communications: messages you exchange through the Service’s chat, email, and SMS features, and inquiries you send us.
- Usage & device data: log data such as IP address, browser/device type, pages viewed, and timestamps, collected to operate, secure, and improve the Service (including rate limiting and abuse prevention).
- Cookies: essential cookies needed to sign in and keep you logged in (see “Cookies” below).
3. How we use information
- To provide, maintain, and secure the Service and your account.
- To process bookings, payments, agreements, and communications you initiate.
- To generate AI-assisted quotes, replies, and suggestions that you review before use.
- To prevent fraud and abuse, enforce our Terms, and comply with legal obligations.
- To send service-related notices, and — where permitted — product updates.
- To analyze and improve the Service.
4. Legal bases (where applicable)
Where the GDPR or similar laws apply, we rely on: performance of a contract (to provide the Service you request); legitimate interests (to secure and improve the Service and prevent abuse); consent (where required, e.g. for certain communications); and legal obligation (to comply with the law).
6. Cookies
We use essential cookies only — for example, to authenticate you and keep you signed in. These are necessary for the Service to function and do not require consent under most laws. We do not currently use advertising or third-party analytics cookies. If that changes, we will update this policy and provide any consent controls the law requires.
7. Data retention
We retain personal information for as long as needed to provide the Service, comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When no longer needed, we delete or de-identify it. Operators may delete records within the Service; residual copies may persist in backups for a limited period.
8. Security
We use technical and organizational measures — including encryption in transit, access controls, and scoped credentials — to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your rights & choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and delete and the right not to be discriminated against for exercising them; we do not sell or “share” personal information for cross-context behavioral advertising.
To exercise a right, contact us at [legal@yourdomain.com]. If your request concerns data an Operator controls (Renter data), we will refer you to, or act on the instructions of, that Operator. We may need to verify your identity before acting.
10. International data transfers
We and our providers may process information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers.
11. Children’s privacy
The Service is not directed to children under 13 (or the age required by local law), and we do not knowingly collect their personal information. If you believe a child provided us information, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new date and, for material changes, provide additional notice where required.
13. Contact
For privacy questions or to exercise your rights, contact [COMPANY LEGAL NAME] at [legal@yourdomain.com], or [COMPANY MAILING ADDRESS].