Privacy Policy

Last Updated: July 1, 2026

We at Reaction Wellness Ltd., operating as WeMove ("WeMove", "we", or "us") respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our wellness platform and services.

Key Points

  • You are not required by law to provide us with any personal data. Sharing is entirely voluntary.
  • WeMove is intended for adults. Corporate wellness programs require participants to be 18 or older.
  • We do not sell, trade, or rent your personal data to third parties.
  • You may request to review, amend, erase, or restrict the processing of your personal data at any time.
  • Activity data is encrypted in transit and stored securely with industry-standard protections via our cloud providers.

1. What Data Do We Collect?

Personal Data

"Personal Data" means any information which identifies or can be used to identify a natural person. This includes:

Account Information: When you register for WeMove, we collect your name, email address, and password. You may optionally provide profile details such as gender, height, weight, and an avatar image. If you participate through a company program, we may associate your account with that organization.

Activity and Fitness Data: To provide our wellness services, we may collect:

  • Activity data (with your permission): Daily step counts, optional weight entries, and workout summaries (e.g. steps, distance, calories, active minutes) synced from Apple Health or your phone's step tracker. We do not receive or store raw Apple Health / Health Connect records, GPS routes, heart rate, sleep, or stress data on our servers.
  • Activity goals and wellness preferences you set in the app

Challenge Participation Data: Information about your participation in step challenges, team assignments, leaderboard rankings, and rewards earned.

Payment Information: For premium subscriptions, we collect billing details through our secure payment processors (Stripe, Apple Pay, Google Pay). We do not store complete credit card numbers.

Non-Personal Data

We automatically collect technical data about your use of the platform:

  • Device information (type, operating system, browser)
  • IP address and general location data
  • App usage patterns and feature interactions
  • Performance and error logs for troubleshooting

2. How Do We Use Your Data?

Service Delivery

  • Operate and maintain the WeMove platform and mobile applications
  • Track your wellness progress and display personalized dashboards
  • Calculate challenge rankings and leaderboard positions
  • Process rewards and gift card redemptions

Platform Improvement

  • Analyze usage patterns to improve features and user experience
  • Develop new wellness programs and challenge types
  • Use automated fair-play checks to detect unusual activity patterns. We do not use your health data to train third-party AI models.
  • Fix bugs and optimize performance

Communications

  • Send challenge updates, progress notifications, and achievement alerts
  • Provide customer support and respond to inquiries
  • Send important account and security notices
  • Send transactional emails to business administrators during onboarding (e.g. setup confirmations). Marketing communications are sent only with your explicit consent, and you may opt out at any time.

3. Who Do We Share Data With?

We do not sell, trade, or rent your personal data. We may share data only in these limited circumstances:

Corporate Programs

Corporate customers do not upload employee lists to WeMove. The company administrator shares an invite link; each employee creates their own account and chooses what to share. No HRIS or IT integration is required for standard step challenges.

Within Your Organization

Within a company challenge, your name, step counts, team, and leaderboard ranking are visible to other participants and your company administrator. Optional profile fields such as gender may appear on leaderboards. Weight logs and detailed health data are not shared with your employer.

Note: We do not share heart rate, sleep, stress, or other detailed health metrics with employers or other participants.

Service Providers

We work with trusted third-party providers who help us operate the platform:

ProviderPurpose
Amazon Web Services (AWS)Hosting and file storage
MongoDB AtlasDatabase
Redis LabsSessions and cache
StripePayments
Loops / SendGridEmail
SentryError monitoring
AmplitudeProduct analytics
Meta (Facebook Pixel)Marketing analytics (admin website only)
ExpoPush notifications
Google GeminiAdmin-generated invite copy and journey stories (company/challenge metadata only — not employee health data)
VercelAdmin panel hosting
Gift card partners (e.g. Xoxoday/Runa)Reward fulfillment
Slack (optional)Internal team notifications

All service providers are contractually bound to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose data when required by law, court order, or to protect the rights, property, or safety of WeMove, our users, or others.

4. How Do We Protect Your Data?

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest via our cloud providers (AWS, MongoDB Atlas)
  • Access Controls: Access to personal data is restricted by role
  • Infrastructure: We use SOC 2–certified infrastructure providers

5. Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of all personal data we hold about you.

Correction: Update or correct inaccurate information in your account.

Deletion: Request deletion of your account and associated data. You can delete your account directly in the app (Account drawer → Settings) or by contacting us.

Portability: Request your data in a portable, machine-readable format. You can request a copy by contacting DPO@reaction-club.com, or export it directly from your account where available in the app.

Restriction: Request that we limit how we use your data.

Objection: Object to certain types of data processing.

Withdraw Consent: If you've connected health services, you can disconnect them at any time through the app settings.

To exercise any of these rights, contact our Data Protection Officer at DPO@reaction-club.com

6. Cookies and Tracking

Our mobile app uses authentication tokens rather than browser cookies for session management. Our website and admin onboarding flows may use cookies and similar technologies to:

  • Remember your login session and preferences
  • Analyze how our platform is used (e.g. Amplitude, Meta Pixel on admin onboarding pages)
  • Improve performance and user experience

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

7. Data Retention

We retain your data for as long as necessary to provide our services and fulfill legal obligations:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: When you delete your account, we promptly delete your personal data from our active systems. Residual copies in encrypted backups may persist for up to 90 days before automatic purge
  • Legal Requirements: Financial records may be retained for up to 7 years for tax and legal compliance

8. Children's Privacy

WeMove is intended for adults. Corporate wellness programs require participants to be 18 or older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately at DPO@reaction-club.com

9. International Data Transfers

Our primary infrastructure is hosted in the United States (us-east-1), including MongoDB Atlas, AWS Lambda, and Redis Labs. If you access our services from outside the United States, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Compliance with local data protection requirements

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing any personal information.

11. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Analytics, security, and platform improvement
  • Consent: Marketing communications and optional data sharing
  • Legal Obligations: Compliance with applicable laws

Business customers can request a Data Processing Agreement (DPA) at DPO@reaction-club.com.

12. Policy Updates

We may update this privacy policy periodically. Significant changes will be communicated through the app, email, or our website. The "Last Updated" date at the top indicates when the policy was last revised.

13. Contact Us

For privacy-related questions or to exercise your rights, please contact:

Data Protection Officer
Reaction Wellness Ltd. (WeMove)
Email: DPO@reaction-club.com

We aim to respond to all requests within 30 days.