Effective Date: March 31 (thirty-first), 2026 (two thousand twenty-six)

Last Updated: March 31 (thirty-first), 2026 (two thousand twenty-six)

1. GENERAL PROVISIONS

This Privacy Policy (the “Policy”) governs the procedure for processing information related to the use of the Movnex mobile application for iOS and Android platforms (the “Application”), and also defines GP Solutions DMCC’s approach to issues of privacy, processing of personal and other data processed in connection with the functioning of the Application.
In its current version, Movnex is a digital information and navigation service of the Journey Planner class, intended for route planning within the city of Tbilisi, displaying information on urban mobility and public transport, navigation, and displaying points of interest (POI).
At the current stage of use of the Application, the Company does not require the creation of a user account, does not require registration, does not request a name, telephone number, email address, payment details, and does not provide transport or payment services.
At the same time, in the course of the operation of the Application, the Company may process a limited amount of technical, telemetry, routing, and geolocation information to the extent that this is objectively necessary for the functioning of the Application, the provision of routing logic, ensuring information security, diagnostics, and improvement of the quality of the Service.
By using the Application, the user confirms that the user has read this Policy and understands the conditions set forth herein.

2. PERSONAL DATA CONTROLLER

The data controller under this Policy is:
GP Solutions DMCC
Registration number: DMCC135261
Registered address: OAKS Liwa Heights 3504, Jumeirah Lakes Towers Sheikh Zayed Road, Dubai, UAE
Email for privacy-related requests: info@gpsolutions.tech
Telephone: +971 (4) 5808147
Person responsible for data protection matters:
Jamshid Gaybullaev
For issues related to the processing of personal data or other information under this Policy, the user may contact: info@gpsolutions.tech.

3. TERMS AND INTERPRETATION

Unless otherwise expressly follows from the text, the following terms shall have the following meanings:
“Data” means any information relating to an identified or identifiable natural person, directly or indirectly.
“User” means any natural person using the Application.
“Processing” means any action or set of actions performed with personal data or other information, including collection, recording, systematization, storage, use, transfer, anonymization, blocking, deletion, and other operations.
“Application” means the Movnex mobile application for iOS and Android platforms.
“Service” means informational and navigation functionality and other related functionality available through the Application.

4. SCOPE OF APPLICATION OF THE POLICY

This Policy applies to the processing of information carried out in connection with:

  • use of the routing, navigation, and transport-information functions of the Application;
  • use of geolocation, if such function is activated by the user;
  • technical functioning of the Application, including security, diagnostics, logging, and stability analysis.

This Policy does not govern the processing of information carried out by third parties outside the Company’s control, including device manufacturers, mobile operators, operating system providers, app stores, as well as other external services, unless otherwise expressly stated in this Policy.

5. APPROACH TO DATA PROCESSING AT THE CURRENT STAGE

At the current stage, the Company proceeds from the principle of data minimization and seeks not to request from the user personal data that is not objectively necessary for the provision of the current version of the Service.
In particular, the current version of the Application does not provide for the mandatory provision by the user of:

  • first and last name;
  • telephone number;
  • email address;
  • date of birth;
  • user account;
  • payment data;
  • bank card data;
  • information about trip orders;
  • data on partner transport or payment services.

At the same time, certain data may still be processed in a technical, functional, or legal context if without such processing the operation of the Application, the ensuring of security, error processing, geolocation logic, or compliance with legal requirements would be impossible or substantially hindered.

6. WHAT INFORMATION MAY BE PROCESSED

6.1. Technical and operational information
Upon installation, launch, and use of the Application, the Company may automatically process limited technical and operational information, including:

  • device ID and other technical device identifiers (Firebase);
  • information on the version of the Application (Firebase);
  • information on the version of the operating system (Firebase);
  • technical parameters of the device and runtime environment (Firebase);
  • crash logs (Firebase);
  • diagnostic records (Firebase);
  • technical events within the Application (Firebase);
  • network and system parameters, including IP address, if this is necessary for security, diagnostics, and ensuring the operation of the Service (Firebase).

Such information is used exclusively to the extent necessary for the technical functioning of the Application, stability analysis, identification of malfunctions, ensuring security, prevention of abuse, and improvement of the quality of the Service.

6.2. Geolocation and routing information
If the user grants the relevant permission at the device level, the Company may process:

  • precise geolocation in real time;
  • routing events;
  • data related to route planning and use of navigation logic.

The specified information is used for:

  • route planning;
  • displaying relevant movement options;
  • navigation;
  • improving routing logic;
  • analysis of service quality;
  • diagnostics and resolution of incidents, if necessary.

The Company, to the extent practically possible, seeks to store route events and derivative routing records.

6.3. Derived, analytical, and statistical information
The Company shall have the right to generate derived, evaluative, analytical, and statistical information based on information processed in connection with the use of the Application, if this is necessary for:

  • improving routing scenarios;
  • improving the interface;
  • increasing the relevance of displayed information;
  • analysis of user scenarios;
  • internal analytics;
  • security and resilience of the service.

Such information shall, where possible, be used in aggregated, anonymized, or otherwise minimized form, if this is compatible with the purposes of processing.

7. SOURCES OF INFORMATION

The Company may receive information:

  • directly from the user;
  • automatically when using the Application;
  • from its own technical, routing, and cartographic systems;
  • from transport datasets and open sources, including GTFS and other similar data;
  • from internal logs, monitoring systems, and diagnostic tools.

Open transport and cartographic sources by themselves, as a rule, do not provide the Company with user data, but may be used together with technical and geolocation data to ensure the operation of the Service.

8. PURPOSES OF PROCESSING

The Company processes information only to the extent objectively necessary for one or more of the following purposes:

  • provision of routing and navigation functionality;
  • display of information on urban mobility and public transport;
  • processing of user requests;
  • diagnostics, correction of errors, and improvement of the stability of the Application;
  • ensuring information security;
  • prevention of abuse, bad-faith use, and technical attacks;
  • analysis of use of the Service and product development;
  • internal quality control and operational analytics;
  • compliance with legal requirements;
  • protection of the rights and lawful interests of the Company.

9. LEGAL BASES FOR PROCESSING

The Company carries out information processing on one or more of the following legal bases:

  • necessity of processing for the provision to the user of the service requested by the user;
  • necessity of processing for performance of the Terms of Use of the Application;
  • consent of the user, if and when such consent is required by applicable law;
  • necessity of compliance with a legal obligation imposed on the Company;
  • the Company’s legitimate interest, including the interest in ensuring security, stability, diagnostics, analytics, product development, prevention of abuse, and protection of the Company’s rights, if such interest does not violate the rights and freedoms of the user.

If processing is based on consent, the user shall have the right to withdraw such consent in the manner provided for by applicable law.

10. PERSONALIZATION, PROFILING, AND ANALYTICS

The Company shall have the right to use information on the user’s interaction with the Application, routing scenarios, navigation actions, and use of individual functions for:

  • personalization of the interface;
  • improvement of display logic;
  • forming more relevant recommendations;
  • improvement of routing logic;
  • product analytics.

The Company does not state that it applies exclusively automated decisions producing legally significant consequences for the user without human participation, unless otherwise expressly disclosed separately.

11. GEOLOCATION

Use of geolocation is an essential part of Movnex’s operation.
The Company may process the user’s precise geolocation for:

  • route planning;
  • navigation;
  • determination of relevant transport scenarios;
  • improvement of the quality of routing logic;
  • analysis of the quality of operation of the Service;
  • processing of incidents and requests, if necessary.

Background geolocation may be used only after the user grants the corresponding permission at the device level.
If the user does not grant permission to use geolocation, certain functions of the Application may be unavailable, limited, or operate with reduced accuracy.

12. MINORS

At the current stage, the Company does not introduce a special age restriction for use of the Application.
At the same time, if applicable law requires obtaining the consent of a parent, legal representative, or other authorized person for the processing of a minor’s personal data, such consent must be obtained in the scope and manner provided by law.
When processing data relating to minors, the Company proceeds from the need to take into account and protect the best interests of the minor and to apply measures proportionate to the user’s age, the nature of the Service, and the risks of processing.
If the Company becomes aware that certain processing of a minor’s personal data is carried out in violation of applicable law, the Company shall have the right to restrict the relevant functionality, suspend processing, delete data, or otherwise bring such processing into compliance with the law.
A parent or other legal representative may contact the Company at info@gpsolutions.tech, attaching confirmation of their authority.

13. TRANSFER AND DISCLOSURE OF INFORMATION

The Company shall have the right to transfer information only to the extent necessary to achieve the purposes specified in this Policy to the following categories of recipients:

  • service and technical contractors;
  • consultants, auditors, lawyers, and other professional advisers to the extent necessary;
  • competent state authorities, courts, law enforcement authorities, regulators, and other authorized entities where there is a legal basis or mandatory requirement;
  • other persons, if such transfer is necessary for the protection of the rights of the Company, users, or third parties.

The Company does not sell user data and does not disclose it to third parties for such persons’ independent direct marketing.

14. INTERNATIONAL TRANSFER

If, in individual cases, cross-border transfer of personal data, remote access thereto, or use of infrastructure associated with another jurisdiction is required to ensure the operation of the Service, the Company will take appropriate measures provided for by applicable law.

15. RETENTION PERIODS

The Company retains information no longer than necessary to achieve the purposes of processing, unless a longer period is required or permitted by law, necessary for dispute resolution, ensuring security, compliance with a legal obligation, or protection of the Company’s rights.
Unless otherwise required by law or by the circumstances of a particular case, the Company proceeds from the following indicative retention periods:
15.1. Geolocation events and derivative routing records
As a rule, up to 12 months, unless longer retention is required for an incident, investigation, security, dispute, or compliance with law.
15.2. Routing and other related service records
As a rule, up to 5 years, if this is necessary for analytics, legal protection, incident review, and improvement of the Service.
15.3. User requests and related correspondence
As a rule, up to 3 years from completion of the processing of the request, unless longer retention is required for legal or operational reasons.
15.4. Crash logs, diagnostic, and technical records
As a rule, up to 12 months.
15.5. Access and security logs
As a rule, up to 12 months, unless longer retention is required for reasons of investigation, security, abuse, technical incident, or legal requirement.
Upon expiry of the applicable retention period, data shall be deleted, anonymized, or otherwise removed from active processing, except where further retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

16. SECURITY

The Company applies technical and organizational measures to protect information from unauthorized access, unlawful processing, destruction, loss, alteration, disclosure, or other unlawful impact.
Such measures may include:

  • encryption in transit and at rest;
  • segregation of access rights;
  • logging and monitoring;
  • backup;
  • internal incident response procedures;
  • assessment of supplier reliability.

Despite the application of security measures, no system of transmission, processing, or storage of information can guarantee absolute protection.

17. USER RIGHTS

To the extent provided by applicable law, the user shall have the right to:

  • receive information about the processing of their personal data;
  • request access to their personal data;
  • require correction, update, or clarification of inaccurate or incomplete data;
  • require deletion of personal data in the absence of legal grounds for further processing;
  • withdraw consent, if processing is based on consent;
  • require restriction of processing in cases provided by law;
  • object to processing in cases provided by law;
  • require data portability in applicable cases;
  • lodge a complaint with a competent supervisory authority or with a court.

Requests may be sent to: info@gpsolutions.tech
in the following languages:

  • English;
  • Georgian;
  • Arabic.

In the event of any contradiction, discrepancy, difference in interpretation, or inconsistency between the language versions of this Policy, the English version shall prevail.

18. REVIEW OF REQUESTS

The Company seeks to review requests of data subjects without undue delay and within the periods provided by applicable law (up to 15 days).
The internal target for initial response may be up to 2 business days; however, such target does not replace the time limits for substantive review of the request established by applicable law.
The Company shall have the right to request additional information necessary to confirm the identity of the applicant and verify their authority.

19. EXTERNAL SERVICES AND PLATFORMS

The Application may use external technical infrastructure and platform dependencies necessary for its operation, including Firebase services.
Apple App Store and Google Play may act as channels for distribution of the Application; however, they are not the user’s personal data controller within the framework of the relations governed by this Policy, unless otherwise expressly provided by their own documents.
Device manufacturers, operating system providers, mobile operators, and other external technical participants may process data on the basis of their own rules and policies, which are outside the Company’s control.

20. TRANSPORT AND OPEN DATA

Movnex uses its own GTFS resources, transport datasets, and open sources to display information on public transport, stops, routes, schedules, and navigation.
Such sources are used for routing and informational functionality and, by themselves, as a rule, do not transfer the user’s personal data to the Company.

21. AMENDMENT OF THE POLICY

The Company shall have the right at any time to amend, supplement, and update this Policy.
The current version of the Policy is posted in the Application interface or otherwise brought to the user’s attention. If the changes are material in nature, the Company shall have the right additionally to notify users through the Application or in another appropriate manner.
Continued use of the Application after the entry into force of an updated version of the Policy shall mean the user’s acceptance of such version to the extent permitted by applicable law.

22. CONTACT INFORMATION

For all questions related to this Policy and the processing of information, the user may contact:
GP Solutions DMCC
Email: info@gpsolutions.tech
Telephone: +971 (4) 5808147
Address: OAKS Liwa Heights 3504, Jumeirah Lakes Towers Sheikh Zayed Road, Dubai, UAE