Data Processing Agreement

This Data Processing Agreement ("DPA") is incorporated into and forms part of the API Terms of Service between Motionworks AI, Inc. ("Motionworks") and Customer. This DPA describes the data processing practices applicable to the Motionworks API and related Services.

1. Scope and Purpose

1. Nature of Data. Motionworks Measurement Data is aggregated, de-identified population data. It represents modeled estimates of audience exposure to out-of-home advertising based on aggregated mobility signals, census data, and proprietary modeling. No individual person can be identified from Measurement Data.
2. Purpose. Motionworks processes data solely for the purpose of providing measurement analytics, audience estimates, and exposure modeling through the API and related Services as described in the API Terms of Service.
3. Customer Inputs. Customer may submit query parameters, geographic coordinates, campaign identifiers, and other inputs to the API. Motionworks processes these inputs solely to execute the requested query and return results.
4. No PII Processing. The API does not accept, require, or process PII as input. Customer shall not submit PII through the API. If Motionworks discovers that PII has been inadvertently submitted, it will notify Customer and delete such data promptly.

2. Definitions

• "Processing" means any operation performed on data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.
• "Measurement Data" means the aggregated, de-identified audience metrics, exposure estimates, population movement models, and related analytical outputs generated and maintained by Motionworks. Measurement Data does not contain PII and cannot be used to identify any individual person.
• "Sub-processor" means any third-party entity engaged by Motionworks to assist in the Processing of data in connection with the Services, including infrastructure providers, security services, and operational tools.

3. Data Processing Principles

Motionworks adheres to the following data processing principles:

1. Data Minimization. Motionworks collects and processes only the data necessary to provide the Services. Query logs retain only the metadata required for billing, rate limiting, and service optimization. Raw query parameters are retained for a maximum of ninety (90) days before being aggregated and anonymized.
2. Purpose Limitation. Data processed in connection with the Services is used solely for: (i) executing Customer's API requests and returning results; (ii) billing and account management; (iii) service monitoring, optimization, and security; and (iv) generating aggregated, de-identified usage analytics to improve the Services.
3. Accuracy. Motionworks uses commercially reasonable efforts to maintain the accuracy of its Measurement Data and measurement models. Methodologies and data sources are reviewed and updated periodically.
4. Storage Limitation. Data is retained only for as long as necessary to fulfill the purposes described in this DPA and the API Terms of Service, subject to the retention periods specified in Section 8.
5. Integrity and Confidentiality. Motionworks implements appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or alteration, as described in Section 6.

4. Sub-processors

Motionworks engages the following Sub-processors in the delivery of the Services:

Each Sub-processor is bound by written agreements that impose data protection obligations no less protective than those set forth in this DPA. The live, authoritative sub-processor list is published at /legal/sub-processors and updated when sub-processors change.

5. Sub-processor Changes

1. Advance Notice. Motionworks will provide Customer with at least thirty (30) days' advance written notice before engaging a new Sub-processor or materially changing the scope of an existing Sub-processor's engagement. Notice will be provided via email to the address associated with Customer's account and posted to the Motionworks developer portal.
2. Objection Rights. Customer may object to a new Sub-processor by providing written notice to Motionworks within fifteen (15) days of receiving the advance notice. The objection must include specific, reasonable grounds related to data protection concerns.
3. Resolution. Upon receiving a valid objection, Motionworks will use commercially reasonable efforts to address Customer's concerns, which may include: (i) providing additional information about the Sub-processor's data protection practices; (ii) implementing additional safeguards; or (iii) offering an alternative configuration that avoids the use of the objected-to Sub-processor. If Motionworks cannot reasonably accommodate the objection, either party may terminate the affected Services upon thirty (30) days' written notice without penalty.

6. Security Measures

Motionworks implements and maintains the following technical and organizational security measures:

1. Encryption at Rest. All data stored by Motionworks is encrypted at rest using AES-256 encryption. Database encryption is managed through AWS Key Management Service (KMS) with automatic key rotation.
2. Encryption in Transit. All data transmitted between Customer and the API is encrypted using TLS 1.2 or higher. Internal service-to-service communication is encrypted using mutual TLS (mTLS).
3. Access Controls. Access to production systems and data is restricted on a least-privilege basis. All access requires multi-factor authentication. Access is reviewed quarterly and revoked promptly upon personnel changes.
4. Network Security. Production infrastructure is segmented within virtual private clouds. Intrusion detection and prevention systems monitor network traffic. All administrative access is logged and auditable.
5. Application Security. API authentication is enforced via API keys with support for scoped permissions. Rate limiting and abuse detection are applied at the edge. Input validation and parameterized queries are used throughout the application layer.
6. Penetration Testing. Motionworks conducts annual penetration testing of the API and supporting infrastructure through a qualified third-party security firm. Material findings are remediated within thirty (30) days of discovery. A summary of the most recent penetration test results is available to Enterprise tier customers upon request and subject to a non-disclosure agreement.
7. Employee Security. All Motionworks personnel with access to production systems undergo background checks and complete security awareness training upon hire and annually thereafter.

7. Breach Notification

1. Notification Timeline. In the event of a confirmed security breach that affects Customer data, Motionworks will notify affected customers within seventy-two (72) hours of confirming the breach. Notification will be sent via email to the primary contact and security contact (if designated) associated with Customer's account.
2. Notification Content. The breach notification will include, to the extent known at the time: (i) a description of the nature of the breach; (ii) the categories and approximate volume of data affected; (iii) the likely consequences of the breach; (iv) the measures taken or proposed to address the breach and mitigate its effects; and (v) the identity and contact information of a Motionworks point of contact for further information.
3. Ongoing Communication. Motionworks will provide updates as additional information becomes available and will cooperate with Customer's reasonable requests for information related to the breach.
4. Scope Clarification. Given that Motionworks processes aggregated, de-identified Measurement Data rather than PII, the risk profile of a data breach is materially different from breaches involving personal data. Nonetheless, Motionworks treats all unauthorized access to its systems as a security incident subject to investigation and notification.

8. Data Retention and Deletion

1. During Term. Motionworks retains Customer Inputs and query results for the duration of the API Terms of Service. Customers may access and export their data at any time through the API or developer dashboard.
2. Post-Termination. Following termination of the API Terms of Service, Motionworks will retain Customer-specific data for thirty (30) days to allow for data export. Customer will be notified of the export window and provided instructions for data retrieval.
3. Deletion. After the thirty (30) day post-termination retention period, Motionworks will delete all Customer-specific data from its production systems within thirty (30) additional days. Copies in encrypted backup systems will be deleted in the ordinary course of backup rotation, not to exceed ninety (90) days.
4. Measurement Data. Measurement Data is proprietary to Motionworks and is not subject to deletion upon Customer termination. Measurement Data does not contain Customer-specific information.
5. Deletion Confirmation. Upon Customer's written request, Motionworks will provide written confirmation of deletion after the data deletion process is complete.

9. Audit Rights

1. Annual Audit. Customer may conduct or commission one (1) audit per twelve-month period to verify Motionworks' compliance with the obligations set forth in this DPA. Customer must provide at least thirty (30) days' advance written notice of the audit, including the proposed scope and timeline.
2. Scope. Audits shall be limited to the data processing practices and security measures described in this DPA. Audits shall not extend to Motionworks' proprietary algorithms, measurement methodologies, or Measurement Data that is unrelated to Customer's use of the Services.
3. Cost. Customer shall bear the costs of any audit, including the fees of any third-party auditor. Motionworks will make personnel reasonably available during business hours to support the audit.
4. Third-Party Auditors. If Customer engages a third-party auditor, such auditor must execute a non-disclosure agreement acceptable to Motionworks before the audit commences. The auditor must not be a competitor of Motionworks.
5. Alternative Evidence. In lieu of an on-site audit, Motionworks may provide: (i) SOC 2 Type II reports (when available); (ii) penetration test summaries; (iii) completed security questionnaires; or (iv) other documentation that reasonably demonstrates compliance with this DPA. Customer shall consider such documentation in good faith before insisting on an on-site audit.

10. International Transfers

1. US Processing. All data processing in connection with the Services is performed within the United States. Motionworks' primary infrastructure is hosted in AWS regions us-east-1 (Virginia) and us-west-2 (Oregon).
2. No International Transfers. Motionworks does not transfer Customer data outside the United States without Customer's prior written consent. In the event that an international transfer becomes necessary (for example, due to a change in Sub-processor infrastructure), Motionworks will provide advance notice in accordance with Section 5 and implement appropriate transfer safeguards.
3. Edge Caching. Cloudflare's global edge network may transiently cache API response metadata at international points of presence for performance optimization. Such caching involves only non-sensitive request routing data and does not include Measurement Data or Customer Inputs. Customers requiring strict US-only data handling may request a configuration that restricts edge caching to US nodes.

11. Term

1. Duration. This DPA is effective as of the effective date of the API Terms of Service and remains in effect for the duration of the API Terms of Service. The DPA terminates automatically upon termination of the API Terms of Service, subject to the data retention provisions of Section 8.
2. Survival. The following sections survive termination of this DPA: Section 7 (Breach Notification, with respect to breaches discovered after termination), Section 8 (Data Retention and Deletion), and Section 9 (Audit Rights, for a period of twelve months following termination).
3. Amendments. Motionworks may update this DPA to reflect changes in data processing practices, Sub-processors, or applicable law. Material changes will be communicated in accordance with the notice provisions of the API Terms of Service.