Privacy Policy

The Short Version — Plain English

We collect only what we need to help you find and book healthcare appointments.
We never sell your data to anyone — ever.
We never share your information with advertisers.
You can delete your account and all your data at any time.
Your data is stored securely on Google's Firebase platform with HIPAA-aligned controls.
We collect your birth year only to comply with COPPA — we do not use it for any other purpose.
Morava is free. We don't monetize your health data.

1 Who We Are

Morava (moravacare.com) is a mobile application designed to help SoonerCare, Medicaid, and uninsured patients in Oklahoma find and connect with healthcare providers. Morava is operated by Moise Kouassi, Oklahoma, United States.

This Privacy Policy applies to the Morava mobile app, the provider dashboard at dashboard.moravacare.com, and any related services. If you have questions, contact us at support@moravacare.com.

2 Information We Collect

Information You Provide Directly

Data	Why We Collect It
First and last name	To personalize your experience and identify you to providers when booking
Email address	Account creation, verification, and password reset
Birth year	COPPA compliance only — to verify users are 13 or older. Not used for any other purpose.
Insurance type	To filter providers who accept your coverage (SoonerCare, Medicaid, uninsured)
Insurance plan name	To show relevant providers and surface your saved plan in the app
Appointment details	Date, time, provider, and reason — to manage your bookings
Location (optional)	GPS or city/ZIP to find nearby providers. Never stored permanently.
Profile photo (optional)	If you choose to add one to your profile

Information Collected Automatically

Usage analytics: Which screens you visit and features you use — stored in our private Firestore analytics_events collection, never shared with ad networks.
Crash reports: Error details sent to Sentry. All personally identifiable information (names, emails, appointment details) is automatically stripped before transmission.
Device type and OS version: For troubleshooting only.

Information We Do NOT Collect

Social Security Number, Medicaid ID, or government-issued ID numbers
Medical records, diagnoses, prescriptions, or treatment history
Payment or financial account information
Phone contacts, camera, or microphone (unless you explicitly grant permission)
Precise GPS location stored to a database (location is used in-session only)

3 How We Use Your Information

Create and manage your Morava account
Connect you with healthcare providers who accept your insurance
Process and track appointment requests
Send appointment confirmations and status updates via SMS (Twilio)
Show you providers near your location during a search session
Display your voucher eligibility if you are among Morava's first 100 members
Improve app features and fix technical issues using aggregated, anonymized analytics
Respond to support requests and privacy inquiries

🔒

We do not use your information for advertising. We do not sell, rent, trade, or share your personal information with third parties for marketing. Morava does not display advertisements and never will.

4 Data Storage and Security

Your data is stored on Google Firebase (Firestore and Firebase Authentication), a secure cloud platform operated by Google LLC. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Controls

Patients can only read and write their own records — no access to other patients' data
Providers can only see appointment requests made specifically to them
Audit logs are write-only and immutable — no user can delete or modify audit entries
Analytics events are write-only for authenticated users — no patient can read others' events
All provider actions (confirm/decline bookings) verify identity before executing

Crash Reporting

We use Sentry for crash monitoring. Before any error data is transmitted to Sentry, our app automatically strips all PII fields including names, emails, phone numbers, insurance details, and appointment information. Stack traces are truncated in production to prevent data leakage through file paths.

HIPAA Alignment

Morava operates under a Business Associate Agreement (BAA) with Google for Firebase services. While Morava is primarily an appointment scheduling platform (not a covered entity under HIPAA), we maintain HIPAA-aligned data practices including audit logging, minimum necessary data collection, and access controls.

5 Information Sharing

We share your information only in these limited circumstances:

With your healthcare provider: When you request an appointment, the provider receives your name and contact details for that appointment only.
Google Firebase: Data storage and authentication infrastructure. Google is contractually bound not to use your data for any other purpose.
Sentry: Crash reporting — receives anonymized, PII-scrubbed error reports only.
Twilio: SMS delivery for appointment confirmations. Receives only your phone number and the message text.
Expo / EAS: App delivery and over-the-air updates. Does not receive personal data.
When required by law: We may disclose information if required by a valid legal process, court order, or government authority.
With your explicit consent: In any other circumstance, only with your direct permission.

⚠️

We never sell your data. No exceptions. No future carve-outs. This is a founding principle of Morava.

6 Children's Privacy (COPPA)

🛡 COPPA Compliant

Morava is not directed to children under the age of 13. We require all users to provide their birth year during signup. If a user indicates they are under 13, account creation is blocked and they are directed to contact us with a parent or guardian.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us immediately at support@moravacare.com and we will delete the account and all associated data within 72 hours.

For users aged 13–17, a parent or guardian may contact us to request access, correction, or deletion of their child's data.

ℹ️

Birth year is collected solely for age verification. It is stored in your user record but is never used for profiling, analytics segmentation, or any purpose other than verifying you are 13 or older.

7 Your Rights and Choices

Access your data: Email support@moravacare.com to request a copy of all personal information we hold about you.
Correct your data: Update your name, email, and insurance information directly in the app's Profile → Edit Profile screen.
Delete your account: Request full deletion of your account and all associated data. We will complete deletion within 30 days and confirm by email.
Opt out of SMS: Reply STOP to any SMS message from Morava at any time.
Location: You can deny location permission at any time in your device settings. Location is never required to use the app.
Analytics: Our analytics are internal only and not shared with any ad network or data broker. There is nothing to opt out of.

To exercise any of these rights, email support@moravacare.com. We respond to all privacy requests within 30 days.

8 Voucher Program

Morava's founding member voucher program tracks the total number of signups using an atomic counter. If you are among the first 100 users to create an account, your user record is flagged with voucherEligible: true. This flag:

Is visible only to you and Morava's admin team
Is never shared with providers or third parties
Is used solely to display the free Meet & Greet badge in the app
Flips to voucherUsed: true only after a provider confirms a Meet & Greet appointment

9 Data Retention

Data Type	Retention Period
Account information	Until account deletion
Appointment records	12 months from appointment date
Audit logs	6 years (HIPAA-aligned)
Analytics events	24 months
Crash reports (Sentry)	90 days (Sentry default)
Location data	Not stored — used in-session only
Birth year	Until account deletion

When you delete your account, all personal data is removed within 30 days. Audit logs are retained for the legally required period in anonymized form.

10 Third-Party Services

Service	Purpose	Data Shared
Google Firebase	Database, authentication, hosting	All user data (under BAA)
Google Maps	Provider location, static maps, geocoding	Location coordinates only
Sentry	Crash monitoring	PII-scrubbed error reports
Twilio	SMS appointment notifications	Phone number + message text
Expo / EAS	App builds and OTA updates	No personal data

11 Changes to This Policy

We may update this Privacy Policy as Morava grows and adds new features. The Effective Date at the top of this page reflects the most recent revision.

For material changes — changes that significantly affect your rights or how we use your data — we will notify you by email and display an in-app notice at least 14 days before the change takes effect.

Continued use of Morava after the effective date of a change constitutes acceptance of the updated policy.

12 Contact Us

Get in Touch

📍 Oklahoma, United States

📧 support@moravacare.com

🌐 moravacare.com

We respond to all privacy requests within 30 days. For urgent matters involving children's data, we respond within 72 hours.