← Back to Moveflow

Moveflow Privacy Policy

Last updated: October 31, 2025

Introduction

Moveflow Technologies Inc. ("Moveflow," "we," "our," or "us") provides transportation management system services including a mobile application for drivers (iOS and Android) and web-based dispatcher dashboard and APIs under the moveflow.ai domain (collectively, the "Services"). This Privacy Policy describes how we collect, use, share, retain, and protect personal information when you use our Services.

This policy applies to individuals who use our Services, including drivers, dispatchers, administrators, and other personnel at companies that subscribe to Moveflow. When we process personal information on behalf of our business customers, those customers act as data controllers and we act as a data processor. This policy explains both our practices as a controller and our obligations as a processor.

If you have questions or wish to exercise your privacy rights, contact us at info@moveflow.ai or use the contact form on our website at moveflow.ai.

1. Information We Collect

We collect the following categories of personal information to provide and improve our Services:

1.1 Account and Profile Information

We collect information you provide when creating or managing accounts, including names, email addresses, phone numbers, company affiliations, employee identification numbers, job titles, profile photos, and authentication credentials. Company administrators provide additional information including company name, physical addresses, tax identification numbers, time zones, and operational bases.

1.2 Operational and Assignment Data

We collect and process load information, assignment details, pickup and delivery locations, materials descriptions, quantities, weight specifications, scheduling windows and appointment times, status updates you submit reflecting assignment progress, and timestamps for all operational records. This information enables coordination between drivers, dispatchers, and customers.

1.3 Precise Location Data (Sensitive Personal Information)

Important: Location data is classified as sensitive personal information under applicable privacy laws and receives enhanced protection.

We collect precise geolocation data while GPS tracking is active for an assignment. This includes latitude and longitude coordinates, timestamps for each location reading, device-provided accuracy estimates, movement speed and direction, and trip routing information. Location tracking occurs only during active operations as determined by your company and can be managed through duty status controls in the mobile application.

Purposes for Location Collection: We use location data exclusively for legitimate business purposes including real-time fleet visibility and dispatch coordination, route optimization and delivery time estimation, electronic logging device compliance with Federal Motor Carrier Safety Administration regulations, automated mileage tracking for payroll and reimbursement, safety monitoring and emergency assistance, customer shipment tracking and delivery confirmation, and operational analytics for route efficiency improvement.

Location Data Retention: We retain precise location data for six months after trip completion to support operational needs, regulatory compliance, and dispute resolution. After this period, location data is aggregated for analytics purposes with all personally identifying information removed, or deleted entirely.

Your Location Data Rights: You have enhanced rights regarding location data including the ability to limit use and disclosure for purposes beyond those disclosed here (available to residents of California, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Massachusetts, Tennessee, Kentucky, and Indiana). You may request access to your location history, request deletion subject to regulatory retention requirements, and control location permissions in your device settings. Note that disabling location tracking may prevent certain Service functionality from operating properly.

1.4 Communications and Device Data

We collect push notification tokens (e.g., Apple Push Notification service and Firebase Cloud Messaging) to deliver operational notifications, and limited technical information such as app version and error logs to operate and secure the Services and to provide support.

We do not collect or use the Apple Advertising Identifier (IDFA) or other identifiers for cross‑app tracking, and we do not track you across apps or websites owned by other companies.

1.5 Technical and Usage Data

We automatically collect technical information including IP addresses, browser types, referring and exit pages, timestamps, and clickstream data. We use cookies and similar technologies on our web properties as described in Section 10 below.

1.6 Information from Third Parties

We may receive information from authentication providers when you use single sign-on features, mapping and geocoding services to validate addresses and optimize routes, and your employer or the company that provides you access to our Services.

2. How We Use Information

We use the information described above for the following purposes, each tied to specific legal bases under applicable privacy laws:

Service Provision and Performance (Legal Basis: Contract Performance): We use your information to provide the core TMS functionality including creating and managing user accounts, assigning loads and coordinating dispatch operations, enabling real-time GPS tracking for active hauls, delivering operational notifications about assignment updates and system messages, processing status updates and confirmations, generating reports and analytics for fleet management, and facilitating communication between drivers, dispatchers, and customers.

Compliance and Legal Obligations (Legal Basis: Legal Compliance): We process information to comply with Electronic Logging Device regulations under 49 CFR Part 395, maintain Hours of Service records as required by the Federal Motor Carrier Safety Administration, respond to legal requests and court orders, enforce our Terms of Service and other agreements, and comply with applicable federal, state, and local transportation regulations.

Business Operations and Improvement (Legal Basis: Legitimate Interests): We use information to maintain Service integrity and prevent fraud and misuse, provide customer support and respond to inquiries, conduct internal analytics to improve Service performance and features, perform system maintenance and security monitoring, and develop new features and functionality.

Safety and Security (Legal Basis: Legitimate Interests and Vital Interests): We process information to monitor driver safety and provide emergency assistance, prevent accidents through route optimization and alerts, protect against security threats and unauthorized access, investigate and respond to potential safety incidents, and maintain business continuity and disaster recovery capabilities.

With Your Consent (Legal Basis: Consent): For any processing not covered by the legal bases above, we will obtain your explicit consent. You may withdraw consent at any time by contacting info@moveflow.ai, though this may affect Service availability.

3. Sharing of Information

We do not sell personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising. We share information only as necessary to operate the Services and fulfill our obligations:

3.1 Service Providers Acting as Processors

We share information with service providers who process data on our behalf under written agreements and appropriate confidentiality and security obligations, consistent with applicable laws. These providers include cloud infrastructure and hosting, authentication and user‑management, push notification platforms (Apple Push Notification service and Firebase Cloud Messaging), mapping/geocoding/routing, SMS delivery (when you choose to send SMS through the Service), email and communication platforms, payment processors for billing operations, customer support and ticketing, security monitoring and incident response, and backup and disaster recovery services.

We maintain data processing agreements with all service providers that specify processing only on our documented instructions, confidentiality commitments, appropriate security measures, assistance with data subject requests, and data deletion or return upon contract termination. A current list of our sub-processors is available upon request by contacting info@moveflow.ai. We provide thirty days advance notice before adding or changing sub-processors to allow customers to object based on their compliance requirements.

3.2 Business Customers (Data Controllers)

When you access our Services through your employer or a company that subscribes to Moveflow, that company is the data controller and determines what data is collected and for what purposes. We process data on their behalf as a data processor. Your employer or the subscribing company has access to all information associated with your use of the Services, including your location data, operational records, and communications. Questions about how your employer uses this information should be directed to your employer's privacy contact.

3.3 Other Sharing Circumstances

We may disclose personal information when required by law including in response to subpoenas, court orders, or other legal processes, to regulatory authorities including the Federal Motor Carrier Safety Administration, Department of Transportation, state Attorney General offices, or other government agencies, to protect rights and safety including enforcing our agreements, protecting the rights, property, or safety of Moveflow, our users, or others, and responding to emergency situations involving danger of death or serious physical injury. In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity with notice provided to affected individuals.

4. Data Controller and Processor Relationships

Understanding Your Data Roles: Your company (e.g., your employer) determines how your information is used within Moveflow. Moveflow acts as a service provider processing information on behalf of your company under applicable U.S. privacy laws.

For Drivers and Dispatchers: Your employer controls your personal information including decisions about collection, use, retention, and deletion. While this policy describes our practices, your employer's privacy policy governs their use of your information. To exercise privacy rights, you should first contact your employer's privacy contact or human resources department. Moveflow will assist with technical implementation of requests as directed by your employer.

For Company Administrators: When your company subscribes to Moveflow, you act as the data controller for information about your drivers, dispatchers, and other users. Moveflow processes this information according to your instructions, our Terms of Service, and our Data Processing Agreement. You remain responsible for complying with privacy laws in your jurisdiction, providing appropriate privacy notices to your personnel, handling data subject requests from your personnel, and ensuring lawful processing of employee and contractor data.

Data Processing Agreements: We maintain comprehensive Data Processing Agreements with all business customers that include processing scope and instructions, security measures and safeguards, sub-processor lists and approval processes, data subject rights assistance procedures, breach notification protocols, audit rights, cross-border data transfer mechanisms including Standard Contractual Clauses where applicable, and liability and indemnification terms. If your company does not have a current DPA with Moveflow, please contact info@moveflow.ai to execute one.

5. Data Retention

We retain personal information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by data category:

Account and Profile Information: Retained for the duration of your account relationship plus ninety days after account closure to accommodate reactivation requests and finalize billing.

Operational and Assignment Data: Retained for seven years after transaction completion to comply with tax regulations, audit requirements, and legal claims statutes of limitation.

Location and Routing Data: Precise location data is retained for six months after trip completion for operational, regulatory, and audit purposes. After six months, location data is either aggregated with all personally identifying information removed for analytics purposes or deleted entirely. ELD-required location data is retained for six months per Federal Motor Carrier Safety Administration regulations.

Driver Qualification and Employment Records: Retained for three years after employment or contractor relationship ends to comply with Department of Transportation record-keeping requirements.

Communication Logs and Support Tickets: Retained for one year after case closure unless ongoing issues require extended retention.

Security Logs and Audit Trails: Retained for two years to support incident investigation and security monitoring.

Marketing and Analytics Data: Retained until you opt out of communications plus thirty days for verification, or for twenty-four months if no opt-out is received.

Backup Data: Information may persist in backup systems for up to ninety days after deletion from production systems. Backup data is logically isolated and inaccessible ("put beyond use") even if physically present, and will not be restored to production systems except in disaster recovery scenarios affecting all users.

When retention is no longer necessary, we securely delete or de-identify personal information in accordance with our data retention schedules. These schedules are reviewed annually and updated as legal requirements or business practices change.

6. Your Privacy Rights

Depending on your state or country of residence, you may have the following rights regarding your personal information. Because Moveflow typically processes information as a data processor on behalf of your employer, you should exercise these rights by contacting your employer's privacy contact or human resources department. Moveflow will assist with technical implementation as directed by your employer.

6.1 General Privacy Rights (Available in Most U.S. States)

Right to Know and Access: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collection and use, and the categories of third parties with whom we share it.

Right to Correction: You may request correction of inaccurate personal information we maintain about you.

Right to Deletion: You may request deletion of personal information we have collected from you, subject to certain exceptions for regulatory compliance, legal claims, security purposes, and contractual obligations.

Right to Opt Out of Sales and Sharing: We do not sell personal information or share it for cross-context behavioral advertising. No opt-out action is required. We honor universal opt-out signals including Global Privacy Control.

Right to Non-Discrimination: You have the right to exercise these privacy rights without receiving discriminatory treatment including denial of services, charging different prices or rates, providing different levels of service quality, or suggesting you will receive different prices or service levels.

6.2 Enhanced Rights for Location Data (All States)

Because precise geolocation is classified as sensitive personal information, you have additional rights to limit its use and disclosure for purposes beyond those disclosed in this policy. You may exercise these rights by contacting info@moveflow.ai or adjusting settings in the mobile application.

6.3 California-Specific Rights (Employees and Contractors)

Important for California Residents: California's Consumer Privacy Rights Act applies to employee, contractor, and business contact data without exemption. California drivers, dispatchers, and other personnel have full consumer privacy rights.

California residents may request a portable copy of personal information in a readily usable format, opt out of automated decision-making that produces legal or similarly significant effects (see Section 11 below for details), and limit use and disclosure of sensitive personal information including precise geolocation, Social Security numbers, and health information.

California Employee Privacy Notice: If you are a California-based employee or contractor accessing Moveflow through your employer, you have the right to know what personal information your employer collects about you through our Services, the purposes for collection, the categories of third parties receiving the information, and how to exercise your privacy rights. Your employer must provide you with a separate California Employee Privacy Notice at or before the time of data collection. If you have not received this notice, please contact your employer's human resources department.

6.4 State-Specific Requirements

The following states have comprehensive privacy laws with similar but not identical rights: Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Massachusetts, Tennessee, Kentucky, and Indiana. Residents of these states should review their state Attorney General website for specific information about exercising privacy rights. Contact info@moveflow.ai to exercise rights under your state law, and we will coordinate with your employer as needed.

6.5 Exercising Your Rights

To exercise any privacy right, contact info@moveflow.ai with your request. Because Moveflow processes most information as a data processor for your employer, we will coordinate with your employer to fulfill requests. We may ask you to verify your identity through reasonable means before responding. We will respond within forty-five days for general requests and fifteen days for opt-out requests. If we need additional time, we will notify you of the extension and the reason. We do not charge fees for reasonable requests, though we may charge a reasonable fee or decline excessive, repetitive, or manifestly unfounded requests.

Appeals Process: If we deny your request in whole or in part, you have the right to appeal the decision. Submit appeals to info@moveflow.ai within sixty days of the denial. We will respond within thirty days. If we deny your appeal, we will provide information about how to contact your state Attorney General to submit a complaint.

7. Data Security

We implement technical and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit using TLS 1.2 or higher for all data transmissions, encryption at rest for sensitive data including location information and authentication credentials, access controls limiting personnel access based on job function and need-to-know principles, multi-factor authentication for administrative access, regular security monitoring and intrusion detection, vulnerability scanning and penetration testing conducted at least annually, security incident response procedures with defined escalation paths and notification protocols, employee security awareness training provided annually to all personnel and quarterly to those handling sensitive data, data backup and disaster recovery procedures tested at least semi-annually, and vendor security assessments before onboarding third-party processors.

We maintain security documentation including our Information Security Policy, Incident Response Plan, and vendor security assessment criteria. These documents are available to business customers upon request for compliance verification purposes.

Limitations: No security system is perfectly secure. We cannot guarantee absolute security of personal information. You are responsible for maintaining the confidentiality of your account credentials and for any activities under your account. Notify us immediately at info@moveflow.ai if you suspect unauthorized access to your account.

8. Data Location and International Transfers

We process and store information primarily in the United States using cloud infrastructure provided by reputable service providers with data centers located in the U.S. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For European Economic Area, United Kingdom, and Switzerland Users: If we process personal information of individuals in the EEA, UK, or Switzerland, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission for transfers from the EEA to the United States, adequacy decisions where available, and supplementary measures including encryption with keys held outside the U.S., data minimization to limit data transferred, pseudonymization where feasible, and access controls limiting U.S.-based access to necessary personnel.

We conduct Transfer Impact Assessments for all cross-border data flows to document destination country law evaluation, government access risk assessment, supplementary technical and organizational measures implemented, and ongoing monitoring procedures. These assessments are available to customers upon request.

9. Mobile Platform Permissions and Requirements

Our mobile application requires certain device permissions to function properly. We request these permissions only when needed for specific features and provide clear explanations before requesting access.

9.1 Location Permissions

iOS: We first present an in‑app education screen explaining why location access is needed. The app then requests "While Using the App" permission. Immediately after, iOS may show a system prompt to upgrade to "Always Allow" so background location can be recorded during active assignments. You can choose "Keep While Using" or "Change to Always Allow," and you can update these settings at any time in iOS Settings. Location collection occurs only during active operations.

Android: We request foreground location permission first and, when needed for active assignment tracking, request background location access with a prominent in‑app disclosure explaining background collection and its purposes. You can change permissions at any time in Android Settings. Location collection occurs only during active operations.

Disabling Location Access: You can modify location permissions in your device settings at any time. Disabling location access may limit certain features, including real‑time tracking during active assignments.

9.2 Notification Permissions

We request permission to send push notifications for operational messages including new assignment alerts, status update confirmations, route changes and updates, system maintenance notifications, and emergency or safety alerts. You can disable notifications in your device settings at any time, though this may delay important operational communications.

9.3 Other Permissions

The app may request camera access for photo capture (delivery confirmation, damage documentation), photo library access for uploading images, microphone access if voice features are enabled, and contacts access if contact synchronization features are used. Each permission request includes an explanation of why the permission is needed and how it benefits you.

9.4 App Privacy Labels

Our iOS App Store listing and Android Google Play listing include comprehensive privacy labels detailing all data collection, use, and sharing practices. These labels are updated whenever our data practices change. We encourage you to review the privacy labels before installing or updating the application.

10. Cookies and Web Tracking Technologies

We use cookies and similar tracking technologies on our web properties including the Moveflow website, customer dashboard, and support portal. This section explains what technologies we use and how you can control them.

10.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the Services to function and cannot be disabled. They include session management cookies that keep you logged in, security cookies that protect against cross-site request forgery and other attacks, and load balancing cookies that distribute traffic across servers.

Functional Cookies: These cookies enable enhanced functionality including your preferences such as language and time zone settings, dashboard layout and view preferences, and saved filter and search settings.

Analytics Cookies: These cookies help us understand how users interact with our Services including pages visited and features used, session duration and navigation paths, error messages and technical issues, and performance metrics. We use this information to improve the Services and fix technical problems.

10.2 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, and be notified when new cookies are set. Note that disabling strictly necessary cookies will prevent the Services from functioning properly. Instructions for managing cookies in common browsers are available at your browser's help center.

Universal Opt-Out Signals: We honor Global Privacy Control and similar universal opt-out preference signals. When we detect these signals, we do not set optional cookies for analytics or functional purposes and do not share information with third parties for cross-context advertising (though we do not engage in such sharing in any case).

10.3 Third-Party Analytics and Tools

We use third-party analytics services to help us understand Service usage. These services may collect information about your use of our Services and other websites over time. We have configured these services to respect user privacy choices and honor Do Not Track signals where technically feasible.

11. Automated Decision-Making and Profiling

We use automated systems and algorithms to optimize Service functionality and operational efficiency. This section explains how these systems work and your rights regarding automated decision-making.

11.1 Automated Systems We Use

Dispatch and Assignment Algorithms: We use automated systems to suggest optimal driver assignments for loads based on factors including current location and proximity to pickup points, available hours of service and regulatory compliance status, vehicle type and capacity requirements, historical performance and completion rates, and route efficiency calculations. These suggestions assist dispatchers in making assignment decisions but do not automatically assign loads without human review and approval.

Dynamic Routing Optimization: Our routing algorithms automatically calculate optimal delivery sequences considering real-time traffic conditions, delivery time windows and appointment schedules, distance and fuel efficiency, and road restrictions and vehicle limitations. Drivers can view suggested routes and choose whether to follow them.

Performance Analytics: We generate automated reports and metrics analyzing delivery completion rates, on-time performance, route efficiency, and safety indicators including hard braking, speeding, and other driving behaviors. These analytics support fleet management decisions but do not automatically trigger employment actions without human review.

11.2 Your Rights Regarding Automated Decisions

California CPRA Automated Decision-Making Technology Rights: If you are a California resident and we use automated systems to make or substantially assist in making decisions that produce legal or similarly significant effects concerning you (including employment decisions, compensation changes, or disciplinary actions), you have the right to receive notice before such systems are used, opt out of automated decision-making in favor of human review, request information about the logic involved in automated decisions, and request human review of automated decisions affecting you.

Currently, our automated systems provide suggestions and analytics to support human decision-making. Final decisions about employment matters, compensation, discipline, and similar significant matters are made by humans at your employer. If this changes, we will provide advance notice and information about your opt-out rights.

Other State Rights: Colorado, Connecticut, Virginia, Oregon, and other states provide similar rights to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Contact info@moveflow.ai to exercise these rights.

12. California Privacy Disclosures (CCPA/CPRA)

This section provides specific disclosures required under California law.

No Sale or Sharing: We do not sell personal information as defined by California law. We do not share personal information for cross-context behavioral advertising. No opt-out action is required, though we honor Global Privacy Control and other universal opt-out signals.

Categories of Personal Information Collected: In the preceding twelve months, we have collected the following categories of personal information: identifiers including names, email addresses, phone numbers, device identifiers, and IP addresses; commercial information including load history and assignment records; precise geolocation data classified as sensitive personal information; employment information including driver qualifications, hours of service, and performance records; internet and electronic network activity including usage data, navigation history, and technical logs; and inferences drawn from the above to support routing optimization and operational analytics.

Sources, Purposes, and Sharing: We collect this information from you directly, from your employer, from devices you use to access our Services, from third-party authentication and mapping services, and from publicly available sources for address validation. We use this information for the purposes described in Section 2 above. We share this information with service providers as described in Section 3 above and as necessary to provide the Services.

Sensitive Personal Information: We process the following categories of sensitive personal information: precise geolocation data for tracking during active assignments, Social Security numbers for driver qualification verification (where applicable), and driver's license numbers for qualification and compliance purposes. We use sensitive personal information only for purposes disclosed in this policy and do not use or disclose it for inferring characteristics about you.

Retention: We retain personal information as described in Section 5 above.

Privacy Rights: California residents have the rights described in Section 6 above. We respond to requests within forty-five days, or fifteen days for opt-out requests. We do not charge fees for reasonable requests.

Do Not Track: We honor Global Privacy Control and other universal opt-out preference signals for analytics and optional cookies. We do not respond to browser-level Do Not Track signals as there is no industry standard for interpretation.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

13. Children's Privacy

The Services are not intended for children under the age of eighteen. We do not knowingly collect personal information from children under eighteen. The Services are designed for use by adults in professional contexts including drivers, dispatchers, and fleet management personnel. All users must be at least eighteen years of age or the age of majority in their jurisdiction.

If you believe a child under eighteen has provided personal information to us, please contact us immediately at info@moveflow.ai so we can delete it. We will investigate and delete any information determined to belong to a child under eighteen within thirty days.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our Services, legal requirements, or business practices. When we make changes, we will update the "Last updated" date at the top of this policy and post the revised policy at moveflow.ai/privacy.

Material Changes: If we make material changes that significantly affect your rights or how we process personal information, we will provide additional notice as required by law. This may include email notification to registered users, prominent notices in the Services, or other reasonable means to ensure you are aware of the changes. For changes affecting California employees or other individuals with specific legal protections, we will provide at least thirty days advance notice before changes take effect.

Your Acceptance: Your continued use of the Services after changes take effect constitutes acceptance of the revised policy. If you do not agree with changes, you should discontinue use of the Services and contact your employer about alternative arrangements.

We encourage you to review this policy periodically to stay informed about how we protect your personal information.

15. Security Incident Notification

In the event of a security incident that affects your personal information, we will notify you and applicable regulatory authorities as required by law. This section explains our notification practices and what to expect if an incident occurs.

What Constitutes a Reportable Incident: We consider an incident reportable if it involves unauthorized access to or acquisition of personal information, unauthorized disclosure of personal information, loss or theft of devices or media containing personal information, ransomware or other malware affecting personal information, or any other compromise that creates risk of harm including identity theft, fraud, discrimination, or economic loss.

Notification Timeline: We will notify affected individuals and regulatory authorities according to the most stringent applicable requirements. For individuals, notification will occur without unreasonable delay and no later than required by the applicable state law (typically between immediate notification and sixty days). For regulatory authorities, notification will occur within seventy-two hours of incident awareness where GDPR applies, or as required by applicable state laws. For California employees, notification will be provided as required under California's employment-specific requirements.

Notification Content: Our incident notifications will include a description of the incident and when it occurred, types of personal information involved, steps we have taken to investigate and remediate, measures you can take to protect yourself, and contact information for further questions and assistance.

Your Responsibilities: If you receive an incident notification from us, we recommend you review the information carefully, take any protective measures suggested, monitor your accounts and credit reports for suspicious activity, and contact us at info@moveflow.ai with questions or concerns.

16. Contact Us

Data Controller: Moveflow Tech, Corp.

Email: info@moveflow.ai

Privacy Rights Requests: For data subject requests under CCPA, VCDPA, or other state privacy laws, please email info@moveflow.ai with "Privacy Rights Request" in the subject line. Include your name, contact information, description of your request, and verification information (we may ask for additional verification to confirm your identity).

Employee-Specific Questions: If you are accessing Moveflow through your employer and have questions about how your employer uses your personal information, please contact your employer's privacy contact or human resources department first. Moveflow will coordinate with your employer to assist with technical aspects of your request.

Data Protection Officer: For questions about our data processing practices, data protection impact assessments, or data processing agreements, contact our privacy team at info@moveflow.ai.

Complaints: If you believe we have not adequately addressed your privacy concerns, you have the right to file a complaint with your state Attorney General or, if you are in the EEA or UK, your local supervisory authority. We encourage you to contact us first so we can attempt to resolve your concerns directly.

Effective Date: This Privacy Policy is effective as of October 31, 2025, and applies to all personal information collected from that date forward. Prior versions of this policy are available upon request by contacting info@moveflow.ai.