PRIVACY AT MOVLI
Privacy Policy
Movli is built for families with children aged 3 to 9. We collect only the data needed to operate the service safely, personally and reliably. We do not sell personal data or show advertising.
Last updated: 6 June 2026
This policy covers the Movli app, movliacademy.com and direct contact with Movli. A parent or legal guardian creates and controls the account; a child never contracts with Movli directly.
1. Who is responsible?
Movli Academy B.V., Voltastraat 1, 3817 KL Amersfoort, the Netherlands, is the data controller. Questions and privacy requests can be sent to hello@movliacademy.com.
2. Data we process
- Parent account: email address, account ID, authentication information and account dates.
- Child profile: first or preferred name, age, selected language and profile settings.
- Movli use: selected and completed sessions, duration, preferences and progress.
- Subscription: product, status, term and technical customer ID. Payment-card data is processed by Apple or Google and is not received by Movli.
- Personalised voice: the first name and fixed session text needed to produce spoken guidance, plus generated audio where this feature is active.
- Support and website: messages you send, waitlist details you submit and necessary technical logs used for security and troubleshooting.
3. Purposes and legal bases
- Contract: account management, child profiles, sessions, personalisation, subscriptions and support.
- Legitimate interests: security, abuse prevention, reliable operation and improvement using aggregated or minimised data.
- Consent: where legally required, including non-essential cookies, marketing or certain device permissions. Consent can be withdrawn at any time.
- Legal obligation: accounting, tax, consumer law and valid requests from competent authorities.
4. Children’s privacy
Movli directs contractual and account functions to adults. The parent creates the child profile and controls access, correction and deletion. We do not ask for a child’s surname, address, school, photograph, precise date of birth or location.
Where processing relies on consent and the user is below the applicable digital age of consent, we obtain permission from the parent or legal guardian. We do not use children’s data for advertising, behavioural profiling, sale or marketing audiences.
5. Who receives data?
We disclose data only to suppliers needed to provide Movli under appropriate terms. These may include Supabase for authentication, database and storage; RevenueCat for subscription status; Apple and Google for distribution and payment; and a voice provider such as ElevenLabs or OpenAI if personalised audio is activated. Suppliers may not use the data for their own advertising.
We may disclose data when required by law, during a corporate reorganisation with safeguards, or at your explicit request. We never sell or rent personal data.
6. International transfers
Some suppliers may process data outside the European Economic Area or the UK. We use a valid transfer mechanism, such as an adequacy decision or approved standard contractual clauses, and assess supplementary safeguards where needed.
7. Retention
- Account and child-profile data: while the account exists, then deleted or anonymised unless law requires retention.
- Session history and personalisation: while needed for the service or until you delete the profile or account.
- Support messages: normally no more than 24 months after the request is closed.
- Financial records: for the period required by Dutch tax law, generally 7 years.
- Security logs and backups: for the shortest practical period under a limited rolling schedule.
8. Your rights
You may request access, correction, deletion, restriction, portability or object to processing. You may also withdraw consent. Contact hello@movliacademy.com; we may request reasonable evidence of identity and parental authority.
You may complain to the Dutch Data Protection Authority, the UK Information Commissioner where applicable, or the supervisory authority where you live or work. We would appreciate the chance to resolve the issue first.
9. Security and changes
Measures include access controls, encrypted connections, secure authentication and database policies restricting users to their own data. No system is risk-free; if a breach is legally reportable, we will act as required.
We will notify you in the app, by email or on this page before material changes take effect. The date above identifies the current version.