Privacy Policy
Last updated: 11 May 2026
What we collect
Moveo accesses your Strava data through OAuth. This includes your athlete profile (name, ID) and activity data (distance, time, pace, heart rate, cadence, elevation, route polyline, and stream data when you grant extended permissions).
How we use it
Your data is used exclusively to generate shareable cards. Activity data is fetched from Strava on-demand, rendered into a card, and returned to you. Nothing is stored on our servers after the card is generated.
What we store
A single encrypted session cookie (pacecard_session) stores your Strava OAuth token and optional preferences (default template and ratio). The cookie is HttpOnly, Secure, and expires after 30 days of inactivity. Moveo has no database, no logs containing activity data, and no persistent file storage.
Third parties
None. Moveo does not use analytics, advertising, tracking, or any third-party services beyond the Strava API itself. Your data is never sold, shared, or exposed to any other party.
Your rights
You can disconnect Moveo at any time from the Settingspage. Disconnecting clears your session cookie immediately — all data is deleted instantly. You can also revoke Moveo's access through your Strava app settings.
Contact
Questions about this policy? Reach us at support@getmoveo.run.