Your data,
your rights.

reverecoop ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use the morava application and any related services, websites, or products (collectively, the "Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. reverecoop acts as the data controller for all personal data processed under this policy.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. This policy was last updated on 15 March 2026.

We collect the following categories of personal data when you use the Service:

Account Information•Name and display name•Email address•Profile photo (if provided)•Account credentials (stored securely, passwords hashed)•Date of account creation

Health & Wellness Data•Workout logs and exercise activity•Physical metrics you choose to enter (e.g. weight, steps, water intake)•Nutrition and meal logs•Sleep and recovery data•Coaching notes and personal goals

Usage Data•Device type and operating system•App version and crash reports•Feature interactions and usage patterns (anonymised)•Timestamps of app sessions

We do not collect financial or payment data directly — payments are processed by third-party providers (see Section 8).

We use your personal data for the following purposes:

Service Delivery•To create and manage your account•To provide personalised health tracking, coaching, and insights•To process your subscription and manage billing (via third-party payment providers)•To send you service notifications (e.g. account alerts, subscription renewals)

Service Improvement•To analyse usage patterns and improve features (using anonymised, aggregated data)•To diagnose and fix bugs and technical issues•To conduct internal research into product performance

Communications•To send transactional emails (e.g. account confirmations, password resets)•To send product updates and waitlist notifications if you have opted in•You may opt out of non-essential communications at any time

Legal & Safety•To comply with applicable laws and regulatory obligations•To investigate suspected fraud, abuse, or violations of our Terms

Under UK GDPR, we process your personal data on the following legal bases:

•Contract performance — Processing your account information and health data is necessary to deliver the Service you have signed up for.•Legitimate interests — We process anonymised usage data to improve our products, where this does not override your rights and freedoms.•Legal obligation — We may process data to comply with applicable laws (e.g. tax records, responding to lawful requests from authorities).•Consent — Where we rely on consent (e.g. marketing communications), you may withdraw it at any time without affecting the lawfulness of prior processing.

For health data (a "special category" under UK GDPR), we rely on your explicit consent provided at onboarding, which you may withdraw at any time through the app settings.

We do not sell your personal data. We may share data in the following limited circumstances:

Service ProvidersWe work with trusted third-party providers who process data on our behalf under strict data processing agreements. These include:•Cloud hosting and infrastructure providers•Analytics providers (using anonymised, aggregated data only)•Payment processors (who handle billing directly — we do not store full card details)•Error monitoring and crash reporting tools

Legal RequirementsWe may disclose your data when required to do so by law, court order, or at the request of a regulatory authority, provided such requests are lawful.

Business TransfersIf reverecoop is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any such change and your rights will be maintained.

We will never share your identifiable health data with advertisers, data brokers, or third parties for their own marketing purposes.

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

•Active accounts: Data is retained for the lifetime of your account.•Deleted accounts: Upon account deletion, personal data is removed within 30 days, except where we are legally required to retain it (e.g. billing records for up to 7 years for tax purposes).•Health data: If you delete specific health entries, they are removed immediately from the Service and permanently deleted from our systems within 14 days.•Anonymised, aggregated data may be retained indefinitely as it cannot be used to identify you.

You can request deletion of your account and associated data at any time (see Section 9).

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, or alteration. These include:

•Encryption of data in transit using TLS/HTTPS•Encryption of sensitive data at rest•Secure, hashed storage of passwords (we never store passwords in plain text)•Access controls limiting who within reverecoop can access personal data•Regular security reviews and vulnerability assessments

While we take every reasonable precaution, no method of data transmission or storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our legal obligations.

The Service may integrate with or link to third-party services, such as:

•Payment providers (e.g. Stripe, Apple Pay, Google Pay) — governed by their own privacy policies•Apple App Store and Google Play Store — subject to Apple's and Google's privacy practices•Health platform integrations (e.g. Apple Health, Google Fit) — if you choose to connect them, data sharing is governed by the terms of those platforms

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before connecting any third-party integrations.

Under UK GDPR, you have the following rights regarding your personal data:

•Right of access — You may request a copy of the personal data we hold about you.•Right to rectification — You may request that inaccurate or incomplete data be corrected.•Right to erasure — You may request that we delete your personal data ("right to be forgotten"), subject to legal retention requirements.•Right to restriction — You may request that we restrict processing of your data in certain circumstances.•Right to data portability — You may request your data in a structured, machine-readable format.•Right to object — You may object to processing based on legitimate interests or for direct marketing.•Rights related to automated decision-making — You have rights where automated processing significantly affects you.•Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at reverecoop@gmail.com. We will respond within one calendar month. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

The morava mobile application does not use browser cookies. Our website (reverecoop.com) may use the following:

Essential cookies — Required for the site to function (e.g. session management). These cannot be disabled.

Analytics cookies — We may use privacy-respecting analytics tools to understand how users navigate our website. These use anonymised data and do not track you across other sites.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings at any time.

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we discover that we have collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete that data.

Users between 13 and 17 years old must have consent from a parent or legal guardian. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at reverecoop@gmail.com.

reverecoop is based in the United Kingdom. If any of our service providers are located outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, or reliance on adequacy decisions.

By using the Service, you acknowledge that your data may be processed in countries outside your own, subject to these protections.

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or our Service. When we make material changes, we will notify you through the app or via the email address associated with your account, and update the "last updated" date at the top of this policy.

Continued use of the Service after changes become effective constitutes your acceptance of the revised policy. If you do not agree with any changes, you should stop using the Service and may request deletion of your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

reverecoopEmail: reverecoop@gmail.com

We will endeavour to respond to all enquiries within 30 days. For formal data subject requests under UK GDPR, please include "Data Request" in your subject line.