Muuvo

Legal

Privacy Policy

Last updated: 28 April 2026

Muuvo™ (“we”, “our”, or “us”) operates https://muuvo.coand related mobile and web applications (collectively, the “Service”). This policy explains what personal information we collect, how we use it, and your rights under Japan’s Act on the Protection of Personal Information (APPI) and applicable international privacy law.

1. Information We Collect

1.1 Account information

When you register, we collect your email address, display name, and — for MuuvoCampus accounts — your university affiliation and student ID number. If you sign in with Google, we receive your name, email address, and profile photo from Google.

1.2 Listing and transaction data

When you post a listing, we collect item descriptions, photographs, move-out dates, postal and pickup addresses, item condition details, and pricing information. When you place or fulfil an order, we collect delivery addresses, order status, and transaction records.

1.3 Payment information

Payments are processed by Stripe. We do not store your full card number, CVC, or bank account details. We receive and store transaction IDs, payment status, and amounts in Japanese Yen (JPY).

1.4 Communications

Messages sent through the in-app chat, dispute submissions, and support enquiries are stored to enable delivery of the Service and to resolve disputes.

1.5 Usage data

We automatically collect log data including your IP address, browser type, pages visited, and timestamps. This data is used solely for security monitoring and service improvement.

1.6 Device and notification tokens

With your permission, we collect Firebase Cloud Messaging (FCM) tokens to send push notifications about listing activity, order updates, and route dispatches.

2. How We Use Your Information

  • To create and manage your account and authenticate your identity.
  • To display, match, and fulfil item listings and delivery orders.
  • To process payments and issue receipts via Stripe.
  • To send transactional notifications (order updates, route alerts, dispute outcomes) via email and LINE.
  • To verify student eligibility for MuuvoCampus accounts.
  • To generate anonymised partner ESG impact reports for logistics and reuse partners.
  • To detect and prevent fraud, misuse, and policy violations.
  • To comply with legal obligations under Japanese law.

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. How We Share Your Information

3.1 Service providers

We share data with trusted third-party processors who act on our instructions: Firebase / Google Cloud (infrastructure and authentication), Stripe (payments), Brevo (transactional email), and LINE Corporation (notifications). Each provider processes data only as necessary to deliver their service.

3.2 Partner organisations

Reuse, recycling, and logistics partners see only the information necessary to fulfil a route or dispatch (pickup address, item summary, contact reference). Partner ESG reports contain aggregated, non-personally-identifiable metrics only.

3.3 Legal requirements

We may disclose your information if required to do so by law, court order, or governmental authority in Japan or another applicable jurisdiction.

4. Data Retention

We retain your account data for as long as your account is active. Listing and order records are retained for 7 years to comply with Japanese commercial record-keeping requirements. Chat messages and dispute records are retained for 3 years. You may request deletion of your account and associated personal data at any time (see Section 6).

5. Cookies and Local Storage

We use a single session cookie (“muuv_session”) to authenticate your requests. This cookie is HTTP-only, Secure, and expires after 14 days of inactivity. We do not use tracking cookies or third-party analytics cookies. Locale preferences are stored in a separate short-lived cookie.

6. Your Rights

Under APPI and applicable law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your account and personal data, subject to legal retention obligations.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Withdrawal of consent — withdraw consent for push notifications at any time via your device or account settings.

To exercise any of these rights, email privacy@muuvo.co. We will respond within 30 days.

7. Security

We use industry-standard security measures including TLS encryption in transit, Firebase Security Rules for Firestore and Storage access control, server-side session tokens (HTTP-only cookies), and restricted API key scoping. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take all reasonable precautions.

8. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

9. International Transfers

Your data is primarily stored and processed in Google Cloud’s asia-northeast1 (Tokyo) region. Some data may be processed in other regions by our service providers (e.g. Stripe processes payments in the US and EU). All transfers are governed by appropriate data transfer agreements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or by sending you an email. Continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related enquiries, requests, or complaints:

Muuvo Privacy Team

Email: privacy@muuvo.co

Website: https://muuvo.co

Terms of Service·Back to Muuvo