Maxmove Logo
LoginGet Started

Privacy Notice

for the Maxmove Platform

Version: 12 March 2026

This Privacy Notice informs you about the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We process your personal data exclusively on the basis of applicable data protection law.

1. Controller and Contact Details

The controller within the meaning of the GDPR for the processing of your personal data is:

Maxmove UG (haftungsbeschraenkt) Weyertal 109, 50931 Koeln, Germany E-Mail: privacy@maxmove.com Phone: +49 173 4224371

Represented by: Max Valjan (Managing Director)

2. Contact for Data Protection Inquiries

If you have questions regarding the processing of your personal data or wish to exercise your data subject rights, please contact us at: privacy@maxmove.com (Subject: Data Protection).

3. Categories of Personal Data

We process the following categories of personal data:

3.1 Registration and Account Data

  • First name and last name
  • E-mail address
  • Mobile phone number
  • Date of birth
  • Password (stored in encrypted form)
  • Profile photo

3.2 Identity and Qualification Documents

  • Copy of driving licence (class, expiry date, issuing authority)
  • Copy of an official photo ID (national identity card or passport)
  • Business registration and, if applicable, authorisation under Section 49 of the German Passenger Transport Act (PBefG)
  • Tax identification number
  • Vehicle registration document (Fahrzeugschein)
  • Proof of insurance

3.3 Location, Trip and Order Data

  • GPS location in real time during active shifts and trips
  • Goods description and order information (pick-up and delivery addresses, parcel details)
  • Start point, intermediate stops, and end point of each trip
  • Route taken and distance covered
  • Trip duration and timestamps
  • Speed and acceleration values
  • Online and offline times within the app

3.4 Payment and Banking Data

  • IBAN and, if applicable, debit card
  • Account holder name
  • VAT identification number
  • Payout history, fee overviews, and invoices

Payment processing: Stripe Technology Company, Limited (STC), The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, and Stripe Payments Europe, Limited (SPEL) as contracting party (together "Stripe"). Stripe processes payment data (card information, bank account details, transaction data, IP address) as a processor pursuant to Art. 28 GDPR on the basis of a concluded data processing agreement. Data may be transferred to the USA; such transfers are based on the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and on Stripe's certification under the EU–U.S. Data Privacy Framework.

3.5 Communication and Interaction Data

  • Call metadata (time, duration) when using the anonymised telephone connection
  • Ratings and written feedback from customers
  • In-app communication (e.g. order coordination, shift planning, operational instructions)

3.6 Device and Technical Usage Data

  • Device ID, hardware model, operating system, and version
  • App version and installation date
  • IP address
  • Crash reports and error logs
  • Timestamps of app activities (login, logout, job acceptance)

3.7 Security and Behavioural Data

  • Results of background checks (police clearance certificate, credit check)
  • Reports of safety-relevant incidents

3.8 Customer Order Data

  • Delivery addresses (pick-up and drop-off locations)
  • Order history, preferences, and saved addresses
  • Communication with drivers during active deliveries

3.9 Data from Third Parties

We may also receive personal data from sources other than you, including:

  • Fleet Organizations that invite you to join their fleet (name, contact information)
  • Users who refer you to the platform (name, contact information)
  • Authorities or law enforcement agencies in connection with legal obligations or investigations

Where we receive data about you from a third party, we will inform you of the source and the purposes of processing in accordance with Art. 14 GDPR.

4. Purposes of Processing and Legal Bases

4.1 Performance of Contract (Art. 6(1)(b) GDPR)

We process your data to the extent necessary for the initiation and performance of the contractual relationship:

  • Creating and managing your account
  • Assigning and dispatching delivery jobs
  • Calculating and paying remuneration
  • Providing navigation services
  • Processing cancellations and complaints

4.2 Legal Obligations (Art. 6(1)(c) GDPR)

Various statutory provisions require us to process data:

  • Tax and commercial law retention obligations (Section 147 German Fiscal Code (AO), Section 257 German Commercial Code (HGB))
  • Verification of driving licence pursuant to the PBefG and the German Road Traffic Act (StVG)
  • Reporting obligations to tax and social security authorities

4.3 Legitimate Interests (Art. 6(1)(f) GDPR)

Where no other legal basis applies, processing is based on our legitimate interests:

  • Prevention of fraud and misuse on the platform
  • Analysis and improvement of platform functions
  • Enforcement of the Terms of Use, including account suspension for violations
  • Establishment, exercise, and defence of legal claims
  • Cooperation with law enforcement authorities within the legally permissible scope

Having carried out a balancing of interests, we have determined that the interests stated above do not override your fundamental rights. You may object to this processing in accordance with Section 10.

4.4 Consent (Art. 6(1)(a) GDPR)

Where you have given your consent, we process your data for the specified purposes. Consent may be withdrawn at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

5. Disclosure of Personal Data to Third Parties

5.1 Disclosure to Clients and Users

During a delivery, the following data may be shared with the respective client or driver:

  • First and last name and profile photo
  • Vehicle make, model, and licence plate number
  • Real-time GPS location for display of estimated arrival time
  • Your rating (average score)

5.2 Processors (Art. 28 GDPR)

We engage the following external service providers, who process data exclusively on our instructions:

  • Stripe (payment processing, identity verification) – Stripe, Inc., USA – processes payment data and identity documents
  • Twilio (SMS dispatch) – Twilio Inc., USA – processes phone numbers for SMS notifications and invitations
  • Resend (e-mail dispatch) – Resend Inc., USA – processes e-mail addresses for transactional e-mails
  • Sentry (error monitoring) – Functional Software, Inc., EU data region – processes technical error data which may include IP addresses and device information; data is stored in the EU
  • Cloudflare (CDN, image storage) – Cloudflare, Inc., USA – processes request data and stored media
  • Hosting – our application and database are hosted on servers within the EU
  • Intercom (customer support) – Intercom R&D Unlimited, Ireland – processes support requests and related user data
  • Maps and navigation – Google Ireland Limited, Ireland – processes location data (GPS coordinates), route and trip data, and device data for real-time navigation
  • Apple Inc. (push notifications & Sign in with Apple) – Apple Inc., USA – processes push tokens (APNs) and, if applicable, sign-in data

5.3 Authorities and Law Enforcement

We are legally obliged or authorised to disclose data to authorities, courts, or law enforcement agencies where this is necessary to fulfil a legal obligation or to avert a serious risk to life or limb.

5.4 Corporate Transactions

In the event of a merger, acquisition, or restructuring, personal data may be transmitted to the parties involved. You will be informed in advance.

6. International Data Transfers

Some of our service providers are located in countries outside the European Economic Area (EEA). In such cases, we base data transfers on the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR, or on an adequacy decision pursuant to Art. 45 GDPR where applicable.

Services that transfer data to the USA:

  • Twilio – USA – SCC + EU–U.S. Data Privacy Framework
  • Resend – USA – SCC
  • Apple – USA – SCC

Services with EU-based processing by US-headquartered companies:

  • Stripe – payment data is processed by Stripe Payments Europe, Ltd (Ireland); the parent company Stripe, Inc. (USA) may access data for fraud prevention and compliance purposes – EU–U.S. Data Privacy Framework
  • Cloudflare – content is served from the nearest EU edge node; the parent company Cloudflare, Inc. (USA) may process data globally – SCC + EU–U.S. Data Privacy Framework

Services processing exclusively in the EU:

  • Sentry – EU data region (Frankfurt); no transfer to third countries
  • Hosting – EU servers
  • Intercom – Intercom R&D Unlimited, Ireland
  • Google Maps – Google Ireland Limited, Ireland

A copy of the Standard Contractual Clauses will be provided upon request.

7. Automated Decision-Making and Profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.

7.1 Driver Evaluation and Account Measures

Our platform automatically evaluates acceptance rate, cancellation rate, customer ratings, and other performance metrics. This automated analysis may lead to the following consequences:

  • Reduction in job offers following persistently poor ratings
  • Temporary or permanent deactivation of the driver account

Legal basis: Art. 22(2)(b) GDPR in conjunction with Art. 6(1)(b) GDPR. You have the right to request human review of such a decision and to state your position. Please contact: privacy@maxmove.com

7.2 Dynamic Pricing

Remuneration rates may be adjusted by automated systems based on demand, location, and time of day (Art. 22(2)(b) GDPR).

8. Retention Periods and Deletion

Your data is stored only for as long as necessary for the respective purpose or as required by statutory retention obligations:

  • Account data (name, e-mail, phone): until deletion of the account plus 30 days
  • Real-time location data: 48 hours after completion of the order; aggregated and anonymised location data: 12 months
  • Accounting and payment records: 10 years (Section 147 AO / Section 257 HGB)
  • Support communications: 3 years after conclusion of the matter
  • Identity documents (driving licence, ID): 12 months after end of contract
  • Security and incident data: 3 years or until final resolution
  • Data of deactivated accounts: 3 years after deactivation for potential legal claims

Account Deletion

You may request deletion of your account through the Driver App or by contacting support@maxmove.com. Following a deletion request, we will delete your account and data within 30 days, except where retention is required for legal, tax, safety, or fraud prevention purposes, or due to unresolved claims or disputes.

9. Your Rights as a Data Subject

As a data subject, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

You may request information about the personal data stored about you as well as a copy of that data.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to demand the immediate rectification of inaccurate data or the completion of incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

You may request the erasure of your data, provided the statutory requirements are met. Please note that statutory retention obligations may prevent immediate erasure.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request restriction of processing, for example where you dispute the accuracy of your data or have objected to the processing.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transmitted to another controller, provided processing is based on consent or contract.

9.6 Withdrawal of Consent

Consent given may be withdrawn at any time with effect for the future.

9.7 Right to Lodge a Complaint (Art. 77 GDPR)

You may lodge a complaint with the supervisory authority competent for your place of residence or the controller's place of business. The authority competent for our registered office is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, Tel.: +49 211 38424-0, E-Mail: poststelle@ldi.nrw.de

To exercise your rights, please contact: privacy@maxmove.com

10. Right to Object (Art. 21 GDPR)

Important notice: You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Art. 6(1)(f) GDPR (legitimate interests), including profiling based on that provision. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.

Please address objections to: privacy@maxmove.com or in writing to the address given in Section 1.

11. Data Security

We implement technical and organisational measures (TOMs) to protect your data against unauthorised access, loss, and manipulation:

  • Encryption of data in transit via TLS/HTTPS
  • Encryption of sensitive data at rest
  • Access restrictions based on the principle of least privilege
  • Regular security audits and penetration tests
  • Pseudonymisation of data in analytical environments

12. Minimum Age

The platform is intended exclusively for adults. We do not knowingly collect data from persons under the age of 18. Should we become aware of such data, it will be deleted without delay.

13. Tracking Technologies in the App

Our app uses the following tracking technologies:

  • Push notifications
  • Sentry (Functional Software, Inc., EU data region) – captures technical error reports including device type, OS version, and where applicable IP address for debugging purposes; data is processed and stored in the EU; Legal basis: Art. 6(1)(f) GDPR
  • Authentication and session tokens – stored locally on the device to avoid re-authentication after login; no disclosure to third parties; Legal basis: Art. 6(1)(b) GDPR
  • Device ID of the smartphone – used for unique device identification and fraud prevention; Legal basis: Art. 6(1)(f) GDPR

14. Cookies and Similar Technologies

14.1 What Are Cookies

Cookies are small text files placed on your device by a webpage server. They are widely used to make websites work more efficiently and to provide information to the website operators.

14.2 Types of Cookies We Use

  • Essential Cookies — Necessary for the Service to function properly, including security, network management, and account access.
  • Performance and Analytics Cookies — Help us understand how visitors interact with our Service by collecting information anonymously.
  • Functionality Cookies — Allow the Service to remember your choices (such as language or region) and provide enhanced features.

14.3 Managing Cookies

Most web browsers allow you to manage your cookie preferences. You can set your browser to refuse cookies or to alert you when cookies are being sent. Please note that if you choose to reject cookies, you may not be able to use the full functionality of our Service.

14.4 Third-Party Cookies

We may use third-party cookies for usage statistics and performance monitoring. The use of these cookies is subject to the respective privacy policies of these third parties.

15. Changes to This Privacy Notice

This Privacy Notice may be updated where there are changes in the legal framework, our processing practices, or technical circumstances. The current version is always accessible in the app under the "Privacy" menu item. You will be notified of material changes by e-mail and push notification.

For privacy-related inquiries, please contact us at privacy@maxmove.com

Terms of ServiceImpressum