Movalo
Need support? Contact Sales

Privacy Policy

What we collect, why we collect it, who we share it with, and the rights you have over your information.

Last updated: June 25, 2026

1. About this policy.

Movalo LLC operates this website and provides managed technology and security services to businesses. This policy describes the information we collect, how we use it, and how we share it. It applies to both the public movalo.com website and to the services we deliver under our Master Services Agreement (MSA).

For clients, this policy is incorporated into your MSA. For website visitors, this policy governs the personal information you provide when you fill in a form, contact us, or interact with this site.

2. Information we collect.

From our clients

We collect three categories of information when delivering contracted services:

  • Client Data: the content stored in or transmitted through systems we manage on your behalf. This is your data; we are a processor and a custodian, not a controller.
  • Administrative Data: contact information, billing information, and similar details required to manage the business relationship.
  • Service Data: system logs, performance telemetry, security monitoring data, and operational metadata generated by managed systems.

From website visitors

When you submit one of our forms (the contact form, the support callback form, or the emergency form), we collect:

  • The information you provide: your name, company, email address, phone number, and whatever you write in the message field.
  • Technical information: your IP address, browser user-agent string, and the timestamp of your submission. We use this to detect abuse, satisfy retention requirements, and reconstruct events if something goes wrong.
  • If you opt in, your consent to receive SMS messages from us.

Unless you opt out, or your browser sends a privacy signal, we also collect the analytics data described in Section 5 below. Standard web-server logs may record IP addresses and request paths; these are not used for marketing.

3. How we use your information.

We use the information we collect to:

  • Deliver the services you contracted us for.
  • Respond to inquiries submitted through our forms.
  • Operate, monitor, and secure managed systems and our own infrastructure.
  • Detect and prevent abuse of our services and this website.
  • Comply with legal obligations, including breach notification, lawful process, and recordkeeping.
  • Improve our security and operations through aggregated, anonymized analysis.

We do not use your information to train artificial intelligence models, sell to data brokers, or build advertising profiles.

4. How we share information.

We share information in a small and predictable set of circumstances:

  • With sub-processors who help us deliver our services, under written confidentiality and data-protection obligations.
  • With clients, when the information is theirs and we are delivering it back, or when sharing is required to respond to a request from the client.
  • To comply with the law, a subpoena, a court order, or a lawful regulatory request. We will challenge requests that we believe are overbroad.
  • To protect rights, property, or safety, our own or that of our clients or third parties, where disclosure is reasonable to prevent harm.
  • In connection with a corporate transaction, such as a merger or acquisition, with advance notice and equivalent protections in the receiving entity.

Sub-processors

We engage third-party service providers to deliver our services and to operate this website. These include providers for email delivery, cloud and infrastructure hosting, identity management, ticketing and support, monitoring and security telemetry, payment processing, website analytics, and similar functions. All sub-processors are bound by confidentiality and data-protection obligations consistent with this policy. The website analytics vendor we currently use is named in Section 5 below. The named list of sub-processors that support our managed services is available to clients and qualified prospects on request under a non-disclosure agreement.

Mobile information and SMS consent

If you opt in to receive text messages from us, whether by checking the consent box on our support callback or emergency form, by asking us verbally while on a call, or by texting us first and confirming, we use your mobile number only to send the operational messages you asked for: callback coordination, emergency and incident notifications, and updates about a request you submitted. We never use SMS for marketing, advertising, or promotional purposes. We do not sell or share mobile phone numbers, or SMS opt-in and consent data, with any third parties or affiliates for their marketing or promotional purposes. Text-messaging opt-in data and consent are excluded from every category of sharing described above; this information is not shared with any third parties for marketing. Message frequency varies and message and data rates may apply. You can opt out at any time by replying STOP, or reply HELP for help. Full details are in our SMS Terms.

5. Cookies and tracking.

We use cookies and similar technologies for two purposes: keeping the site working (strictly necessary) and understanding how visitors use the site (analytics). You control what we collect.

On your first visit, our consent banner asks you to Accept all, Reject all, or Customize by category. You can change your choice at any time by clicking Your Privacy Choices in the footer of any page.

Strictly necessary

We use a small number of first-party cookies and local-storage entries that are required for the site to function. These remember your cookie-consent choice and similar preferences. They are always on. We do not need your consent for these.

Spam and abuse protection

Our forms use Cloudflare Turnstile, provided by Cloudflare, Inc., to tell real people from automated bots. It runs invisibly in the background when a form loads, with no puzzle or visible challenge. To do this it processes a limited set of technical signals, such as your IP address, a TLS fingerprint, your browser's User-Agent, and the site key and originating domain. Turnstile is a strictly necessary security measure, so it operates without requiring your consent, and it is privacy-preserving: it does not track you across other websites and is not used for advertising. Cloudflare's processing of this data is governed by Cloudflare's Turnstile Privacy Addendum.

Analytics (on by default, opt out anytime)

Unless you opt out, or your browser sends a privacy signal (see below), we use the following tools to measure traffic patterns and how the site is used:

  • PostHog, provided by PostHog Inc., processed in the United States (US region).

PostHog places cookies and similar identifiers in your browser and captures page views, referrer URLs, approximate location derived from IP address, device and browser characteristics, and interactions with site elements such as button clicks. Your IP address is stripped from event properties. We also use session recording to replay how pages were used (mouse movement, clicks, scrolling, and navigation), so we can find and fix usability problems; every form field is masked, so anything you type, such as your name, email, phone number, or message, is not captured. Aggregated analytics data is retained for up to 26 months. We do not use this data to identify you personally. We do not run any advertising, remarketing, or cross-site tracking tags on this site.

Global Privacy Control and Do Not Track

If your browser sends a privacy signal, either Global Privacy Control (GPC) or the older Do Not Track (DNT) header, we treat it as an opt-out: optional analytics stays off by default. Rather than acting silently, we show a short acknowledgment so you know the signal was honored, and you can choose to allow analytics anyway if you prefer. Honoring GPC satisfies the universal opt-out requirements of the California, Colorado, Connecticut, and other comparable US state privacy laws. Do Not Track is not separately required by those laws, but we honor it the same way.

Opting out at the vendor level

Analytics runs by default, and you can opt out at any time: click Reject all in our cookie banner, or use the Your Privacy Choices footer link to change your choice later. Sending a Global Privacy Control or Do Not Track signal from your browser turns analytics off automatically, before it loads.

6. Data security.

We protect information with administrative, technical, and physical safeguards. These include access control, encryption in transit and at rest where applicable, audit logging, vulnerability management, secure backup, workforce training, and incident response procedures. No system is perfect; we maintain incident response runbooks for the cases where something goes wrong, and we notify clients and regulators per applicable law and contract.

7. Data retention.

We retain Client Data for the duration of the engagement plus the retention periods specified in the MSA and applicable statements of work. We retain form submissions from website visitors for as long as needed to respond to your inquiry plus a reasonable archival period (typically up to 24 months) for audit and dispute purposes. After the applicable retention period, information is deleted or anonymized.

8. Your privacy rights.

Depending on where you live, you may have specific rights with respect to your personal information. These commonly include the right to:

  • Know what information we hold about you.
  • Access a copy of that information.
  • Correct information that is inaccurate.
  • Delete information, subject to legal exceptions (recordkeeping, contract enforcement, fraud prevention, etc.).
  • Opt out of the sale or sharing of your personal information for cross-context behavioral advertising (see Section 9; we do not engage in either practice).
  • Receive a portable copy of your information.
  • Not be discriminated against for exercising any of these rights.

To exercise any of these rights, submit a request through our contact form. We will verify your identity using information consistent with our records before responding. If you are an authorized agent acting on behalf of a consumer, please include written authorization with your request.

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Florida, or another US state with a comprehensive privacy law, the rights above are available to you under your state's framework. If you are in the European Economic Area or the United Kingdom, you have equivalent rights under the GDPR and the UK GDPR, and you may also lodge a complaint with your supervisory authority.

9. We do not sell, and we limit sharing.

Movalo does not sell personal information for money or other valuable consideration. We have not done so in the preceding twelve months and we have no plans to begin.

We do not share personal information with advertising technology vendors for cross-context behavioral advertising. We run no advertising or remarketing tags on this site. Our analytics (PostHog) is used only to understand and improve the site, not to build advertising profiles or to share data with ad networks.

10. Children's privacy.

Our services and this website are intended for businesses and the professionals who run them. We do not knowingly collect personal information from children under thirteen. If you believe a child has provided information to us, contact us through our contact form and we will delete it.

11. International data transfers.

We are based in the United States and process information here. If you are located outside the United States, information you provide may be transferred to, stored in, and processed in the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers to and from our sub-processors. By using this website or providing information through one of our forms, you understand that information may be transferred to and processed in jurisdictions other than your own.

12. Changes to this policy.

We may update this policy from time to time to reflect changes in our practices, applicable law, or our services. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify clients per the MSA. We encourage you to review this page periodically.

13. Contact us.

For privacy requests, complaints, or questions about this policy:

  • Contact form: movalo.com/contact
  • Mail: Movalo LLC, 8777 San Jose Blvd. Ste 301, Jacksonville, FL 32217
  • Phone: 904-639-0003