Privacy Policy

Version: v1.0 Last Updated: May 2, 2026

This Privacy Policy describes how Motionworks AI, Inc. ("Motionworks," "we," "us") collects, uses, and discloses information in connection with the Motionworks web application (app2.mworks.com), the Motionworks API (api2.mworks.com), the Motionworks marketing website (mworks.com), and any related services (collectively, the "Services").

 Important. Motionworks measurement outputs are aggregated, de-identified, population-level data. The Services do not collect, store, or process personally identifiable information ("PII") about individuals whose movement is reflected in the measurement panel. The data we collect under this Privacy Policy is the account, usage, and billing information of our customers and users, not data about the population whose exposure is measured.

1. Information we collect

1.1 Account information

When you sign up for app2.mworks.com or api2.mworks.com, we collect:

Name, email address, organization, and job title (if provided)
Account credentials, including hashed passwords and API keys
Authentication metadata (e.g., last sign-in time, IP address used at signup)

1.2 Usage information

When you use the Services, we collect:

API request metadata (endpoint, parameters, timestamp, IP address, User-Agent header)
Credit consumption metrics
Web application activity (page views, feature interactions, session duration)
Error logs and diagnostic data

1.3 Billing information

For paid plans, we collect billing information through our payment processor (Stripe), including:

Billing address
Payment method details (held by Stripe; Motionworks does not store full card numbers)
Invoice and payment history

1.4 Communications

When you communicate with us (support requests, sales inquiries, email correspondence), we retain the content of those communications.

1.5 Cookies and analytics

The Motionworks web surfaces use cookies and analogous storage for session management, security, and product analytics. We do not use cookies for advertising tracking. You may control cookie behavior through your browser settings.

1.6 Third-party sign-in (Google, Microsoft, GitHub)

If you sign in to the Services using a third-party identity provider (Google, Microsoft, or GitHub), we receive the data described below under each provider's OAuth authorization. We request only the minimum scopes required to authenticate your account and will not request scopes for features that are not yet implemented.

Google. When you authorize Motionworks via Google, we receive your Google account ID, name, email address, and profile picture under the openid, email, and profile scopes. This data is used solely to create or authenticate your Motionworks account. We do not access any other Google data (Gmail, Drive, Calendar, etc.) unless a specific product feature requiring that scope is explicitly requested by you.

Microsoft. When you authorize Motionworks via Microsoft (Entra ID / Microsoft account), we receive your Microsoft account ID, name, and email address under the openid, email, and profile scopes. This data is used solely to create or authenticate your Motionworks account.

GitHub. When you authorize Motionworks via GitHub, we receive your GitHub account ID, username, public email address, and public profile data. This data is used solely to create or authenticate your Motionworks account. We do not read, store, or process the content of your repositories, issues, pull requests, or private data unless a specific product feature requiring that access is explicitly enabled by you.

For all three providers: third-party sign-in data is retained only for as long as your Motionworks account is active or as needed to provide the Services. You may revoke Motionworks' access at any time through your identity provider's connected-apps settings (e.g., Google permissions, Microsoft My Apps, or GitHub Authorized OAuth Apps). Upon revocation or account closure, we delete your third-party identity data from production systems within thirty (30) days, with backup deletion completing within ninety (90) days. To request deletion at any time, contact privacy@mworks.com.

2. How we use information

We use the information described in Section 1 to:

Provide, maintain, and improve the Services
Authenticate users and prevent abuse
Calculate credit consumption, bill customers, and process payments
Communicate with you about your account, the Services, security alerts, and product updates
Respond to support requests
Comply with legal obligations
Generate aggregated, de-identified usage analytics to improve the Services

3. How we share information

We do not sell, rent, or trade your information. We share information only as described below:

Service providers (sub-processors). We engage third-party service providers to operate the Services. The current list is published at /legal/sub-processors and includes infrastructure, billing, email, and authentication providers. Each provider is bound by a written agreement requiring data protection terms no less restrictive than this Privacy Policy.
Legal compliance. We may disclose information if required by law, regulation, court order, or valid legal process, or to protect the rights, property, or safety of Motionworks, our users, or the public.
Business transfers. If Motionworks is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of its assets, information may be transferred as part of that transaction. We will notify you of any such transfer that materially changes how your information is handled.
With your consent. We may share information for any other purpose with your explicit consent.

4. Data retention

Account information: retained for the duration of your account plus a reasonable period thereafter for legal, audit, and operational purposes.
Usage information: raw API request logs are retained for ninety (90) days, after which they are aggregated and de-identified for ongoing service improvement.
Billing information: retained for the period required by tax and accounting law (typically seven years).
Consent records: retained for the duration of your account plus seven (7) years thereafter.

5. Security

We implement appropriate technical and organizational measures to protect information against unauthorized access, loss, destruction, or alteration. These measures are described in detail in our Data Processing Addendum. They include encryption at rest and in transit, role-based access controls, multi-factor authentication, network segmentation, and continuous monitoring.

No system is perfectly secure. If we discover a security breach affecting your information, we will notify you in accordance with applicable law and our DPA.

6. Your rights

Depending on your jurisdiction, you may have rights to:

Access the information we hold about you
Request correction of inaccurate information
Request deletion of your information (subject to retention requirements above)
Object to or restrict certain processing
Receive your information in a portable format
Withdraw consent (where processing is based on consent)

To exercise these rights, contact us at privacy@mworks.com. We will respond within thirty (30) days, or sooner if required by applicable law.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data protection law, additional rights and procedures may apply. Contact us for the applicable supplemental notice.

7. International transfers

The Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States.

8. Children's privacy

The Services are not directed to children under the age of 13 (or 16 in jurisdictions where that is the threshold). We do not knowingly collect information from children. If we learn that we have collected information from a child, we will delete it.

9. Changes to this Privacy Policy

We may update this Privacy Policy at any time. Material changes are communicated via email to the address associated with your account at least thirty (30) days prior to the effective date. Continued use of the Services after the effective date constitutes acceptance of the revised Privacy Policy.

10. Google API Services: Limited Use

Motionworks' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Motionworks:

Uses Google user data only to provide or improve user-facing features of the Services.
Does not transfer Google user data to third parties except (i) as necessary to provide or improve the Services, (ii) to comply with applicable law, or (iii) as part of a merger, acquisition, or asset sale, in each case with notice to affected users.
Does not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
Does not allow humans to read Google user data unless (i) Motionworks has obtained the user's affirmative consent, (ii) it is necessary for security or abuse investigation, (iii) it is required to comply with applicable law, or (iv) the data has been aggregated and anonymized for internal operations.

11. Contact

For privacy questions or to exercise your rights, contact us at:

Motionworks AI, Inc.
Attention: Privacy
privacy@mworks.com