Privacy Policy

Last updated: 7 October 2025
Version: 2.0

Data Controller Information

Company: MotionKit
Contact: privacy@motionkit.xyz
Location: United Kingdom
Registration: UK-based software company

1. Information We Collect

We collect the following types of information:

Personal Information:

  • Email Address: Required for licence delivery, account management, and support communications
  • Name: Optional, used for personalised communications and licence certificates
  • Payment Information: Processed securely through Stripe (we do not store payment details)

Technical Information:

  • IP Address: For security, rate limiting, and consent verification
  • Browser Information: User agent, language preferences for site functionality
  • Usage Data: Licence validation requests, download activity, and feature usage
  • Device Information: Operating system and software version for compatibility

2. Cookies and Tracking

Essential Cookies Only

We use only essential cookies necessary for site functionality. We do not use tracking cookies, advertising cookies, or analytics cookies.

Cookie NamePurposeDurationProvider
_vercel_jwtPlatform deployment and secure API access~1 yearVercel
cookieConsentRecords your cookie acknowledgement1 yearMotionKit
rememberedEmailPre-fills your email on the login page so you don't have to retype itPersistentMotionKit

Session Storage (not cookies): We use browser session storage for your active authentication session (userEmail) which is automatically deleted when you close your browser. Separately, we store your email in localStorage (rememberedEmail) to pre-fill the login form on return visits — this persists until you clear your browser data or use the button below.

✓ What We DON'T Use:

  • ❌ Analytics cookies (Google Analytics, etc.)
  • ❌ Advertising cookies
  • ❌ Third-party tracking pixels
  • ❌ Social media cookies

3. How We Use Your Information

We process your data for the following purposes:

Legal Bases:

  • Contract Performance: Delivering software licences, providing support, and maintaining accounts
  • Legitimate Interest: Site security, fraud prevention, and improving our services
  • Consent: Optional marketing communications (you can withdraw at any time)
  • Legal Obligation: Compliance with tax laws and regulations

4. Third-Party Services

We work with the following trusted third-party processors:

Convex (Database & Storage)

Stores user data, licences, and files

Privacy: convex.dev/privacy

Vercel (Hosting & Infrastructure)

Website hosting and API endpoints

Privacy: vercel.com/legal/privacy-policy

Stripe (Payments)

Secure payment processing

Privacy: stripe.com/privacy

Resend (Transactional Email)

Licence delivery and support emails

Privacy: resend.com/legal/privacy-policy

5. Data Retention

We retain your data only as long as necessary:

  • Active Licences: Duration of licence plus 1 year for support
  • Account Data: Until account deletion requested
  • Consent Records: 3 years for GDPR compliance
  • Marketing Data: Until consent is withdrawn
  • Security Logs: 90 days for fraud prevention
  • Payment Records: 7 years for tax compliance

6. Your Privacy Rights

Under GDPR, CCPA, and Other Privacy Laws:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in machine-readable format
  • Object: Object to processing based on legitimate interests
  • Restrict: Limit how we process your data
  • Withdraw Consent: Opt out of marketing at any time
  • Non-Discrimination: Equal service regardless of privacy choices

California Residents (CCPA)

We do not sell personal information. In the past 12 months, we have not sold personal information of consumers and we do not have actual knowledge of selling personal information of consumers under 16.

7. Data Security

We implement comprehensive security measures:

Technical Safeguards:

  • End-to-end encryption (TLS 1.3)
  • Encrypted data storage
  • Secure API endpoints
  • Regular security updates

Organisational Measures:

  • Access controls and permissions
  • Staff privacy training
  • Regular security audits
  • Incident response procedures

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR. If you suspect unauthorised access to your data, contact us immediately at security@motionkit.xyz

8. International Data Transfers

Your personal data may be transferred to and processed in the United States and other countries outside the European Economic Area (EEA) and United Kingdom.

Safeguards We Use:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
  • EU-U.S. Data Privacy Framework: Our processors (Vercel, Stripe) are certified under the DPF, providing equivalent protection to GDPR
  • Supplementary Measures: End-to-end encryption, access controls, security audits, and data minimisation

You may request copies of the safeguards we have in place by contacting privacy@motionkit.xyz

9. Contact & Data Requests

Privacy Enquiries:

Email: privacy@motionkit.xyz

Support: support@motionkit.xyz

Response Time: Within 30 days (GDPR) or 45 days (CCPA)

Quick Actions:

10. Complaints & Regulatory Bodies

If you're not satisfied with our response to your privacy concerns:

EU/EEA Residents

Contact your local Data Protection Authority or the lead supervisory authority.

UK Residents

Information Commissioner's Office (ICO)
ico.org.uk

California Residents

California Attorney General
oag.ca.gov/privacy/ccpa

11. Governing Law

This Privacy Policy is governed by and interpreted in accordance with the laws of England and Wales. Any disputes arising from this policy will be subject to the exclusive jurisdiction of the courts of England and Wales.

12. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete it immediately.

13. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or applicable law. For material changes, we will:

  • Email registered users at least 30 days before changes take effect
  • Display a prominent notice on our website
  • Update the version number and "Last updated" date
  • Provide a summary of key changes

Continued use of our services after changes take effect constitutes acceptance of the updated policy.