Privacy Policy

Last updated: October 16, 2025

Overview

This Privacy Policy explains how Mavr collects, uses, and shares information when you use our services. By using the service, you agree to the collection and use of information in accordance with this policy.

Controller

Branvang (Belgium) is the data controller for your personal information in the EEA, UK, and Switzerland. You may lodge a complaint with your local authority or the Belgian Data Protection Authority (www.dataprotectionauthority.be, contact@apd-gba.be). Contact us at info@mavr.app or info@mavr.app.

Information We Collect

  • Account information: email, authentication identifiers, subscription status, and acceptance of Terms (version and timestamp).
  • App data: training plans, nutrition entries, preferences, and other inputs you provide.
  • Device and usage data: IP address, browser type, and interactions for security and analytics.

How We Use Information

  • To provide, maintain, and improve the service
  • To authenticate users, prevent fraud, and ensure security
  • To personalize content and features
  • To communicate with you about updates and support
  • To comply with legal obligations

Lawful Bases (EEA/UK/CH)

  • Contract: to provide and support the service you request
  • Legitimate interests: service security, product improvement, limited analytics
  • Consent: non‑essential cookies/marketing where required
  • Legal obligations and, where necessary, vital interests

Sharing of Information

We do not sell your personal information. We may share information with service providers (e.g., authentication, hosting, analytics, and payments) that process data on our behalf and under contractual confidentiality. We may disclose information if required by law or to protect rights, property, and safety.

Our current sub‑processors are listed at /legal/subprocessors.

Data Retention

We retain information as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account data subject to legal and operational requirements.

Security

We use reasonable administrative, technical, and physical safeguards to protect information. No method of transmission or storage is completely secure.

Your Rights (EEA/UK/CH)

  • Access, rectification, erasure, restriction, and portability
  • Object to processing based on legitimate interests and to direct marketing
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your supervisory authority

Cookies and Tracking

In the EEA/UK/Switzerland, we set non‑essential cookies only with your consent via our cookie controls. You can update preferences at any time. Essential cookies necessary for the service may be set without consent.

Your Choices

  • Access, update, or delete your account data
  • Opt out of non-essential communications
  • Adjust browser settings for cookies and tracking

Regional Notices

United States (state privacy laws): We collect identifiers, commercial information, internet activity, and inferences for business purposes (to operate and secure the service, provide features, debugging/analytics). We disclose personal information to service providers for these purposes. We do not sell personal information and do not share personal information for cross‑context behavioral advertising. California residents may request access, deletion, and correction at info@mavr.app.

Brazil (LGPD): We process data under LGPD legal bases including contract performance, legitimate interests, legal obligations, and consent where required. You may request confirmation, access, correction, anonymization/blocking/deletion of unnecessary or excessive data, portability, information on sharing, and revoke consent.

Canada (PIPEDA): We collect, use, and disclose personal information for specified purposes with your knowledge and consent, except where permitted by law. You may request access and correction.

Other regions (e.g., Australia, New Zealand, Singapore, South Africa, Japan, India): You may submit access/erasure/objection requests to info@mavr.app. We apply appropriate safeguards for international transfers where required.

International Data Transfers

We may store and process your personal information in the United States and in other countries where we or our service providers operate. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we will ensure that any transfer of your personal information outside of your jurisdiction complies with applicable data protection laws and includes appropriate safeguards.

These safeguards may include:

  • Where the U.S. recipient participates in the EU–U.S. Data Privacy Framework (and, as applicable, the UK Extension and Swiss–U.S. Data Privacy Framework), relying on that certification for the transfer.
  • Entering into the European Commission’s Standard Contractual Clauses (Decision (EU) 2021/914) with recipients, together with the UK International Data Transfer Addendum or IDTA (for UK transfers) and appropriate Swiss-approved clauses or adaptations (for Swiss transfers).
  • Implementing supplementary technical and organizational measures, such as encryption in transit and at rest, access controls, and data minimization, where appropriate.

In limited cases and only where permitted by law (for example, to perform a contract at your request), we may rely on GDPR Article 49 derogations for specific transfers.

You can request a copy of the relevant transfer safeguards by contacting info@mavr.app.

Children

The service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.

Changes

We may update this policy from time to time. If we make material changes, we will provide notice by email or through the service.

Contact

Questions? Contact info@mavr.app or info@mavr.app.