Motion Meetings Privacy Policy

Effective Date: August 22, 2025 • Last Updated: August 22, 2025

Motion Meetings Inc. ("Motion," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our online voting and meeting platform (the "Services"). We operate from Toronto, Ontario, Canada, and this Policy applies to individuals interacting with our Services, including attendees, members, and other end-users ("you" or "your").

If you are using our Services through an organization (e.g., as a meeting participant), that organization may have its own privacy practices, and we encourage you to review them. In cases where we act as a data controller (e.g., for data collected directly from our website), this Policy applies directly. In other cases, we may act as a data processor on behalf of business customers who are data controllers.

We comply with applicable North American privacy laws, including: Canada — PIPEDA and substantially similar provincial laws (e.g., Quebec’s private-sector privacy law); United States — CCPA/CPRA and similar state laws (e.g., CPA, CDPA, CTDPA, TDPSA, OCPA, MCDPA). By using our Services, you consent to the practices described in this Policy.

Table of Contents

Personal Information We Collect
How We Use Your Personal Information
How We Disclose Your Personal Information
Data Retention
Your Privacy Rights
Security Measures
Cookies and Tracking Technologies
Children's Privacy
Changes to This Policy
Contact Us

1. Personal Information We Collect

We collect personal information that you provide directly, that is shared by our customers (e.g., organizations hosting meetings), or that we collect automatically. “Personal information” (or “personal data”) means information that identifies, relates to, or could reasonably be linked to you.

Categories of Personal Information

Contact and Account Information: Name, email address, phone number, mailing address, username, password, organization affiliation.
Meeting and Voting Data: Responses to polls/votes, meeting attendance records, chat messages, and content you submit during sessions.
Member Information: If provided by customers, details such as membership ID, role, or demographic data (e.g., age, gender, if relevant to voting eligibility).
Sensitive Information: In limited cases, political opinions (e.g., in association voting) or biometric data (e.g., if video features are used for verification). We only process this with explicit consent or as required by law.
Device and Usage Data: IP address, browser type, device identifiers, operating system, access times, pages viewed, and referral sources.
Cookies and Tracking Technologies: Cookies, web beacons, and similar technologies for analytics, functionality, and advertising (see Section 7).
Payment Information: If you subscribe directly, billing details processed via secure third-party providers like Stripe.
Other Data: Inquiries submitted via our website, feedback, or support tickets.

We do not collect personal information from children under 13 without verifiable parental consent (COPPA). If we learn we have collected such data without consent, we will delete it promptly.

2. How We Use Your Personal Information

To provide and improve our Services (e.g., facilitating meetings, processing votes).
To communicate with you (e.g., confirmations, updates, support responses).
For security and fraud prevention (e.g., monitoring access, detecting breaches).
For analytics and research (e.g., aggregated usage trends to enhance features).
To comply with legal obligations (e.g., responding to subpoenas).
For marketing, with your consent (e.g., newsletters; you can opt out anytime).

Under CCPA/CPRA and similar laws, we do not “sell” or “share” your personal information for cross-context behavioral advertising without your opt-out. We may disclose data to service providers bound by contracts limiting their use.

3. How We Disclose Your Personal Information

We may disclose your personal information to:

Service Providers and Sub-Processors: Telnyx (USA) for phone/video; Pubnub (USA) for chat; 8x8 (Canada) for unified communications; Twilio (USA) for email processing; Amazon Web Services Canada, Inc. (Canada) for cloud storage. These parties are contractually required to protect your data.
Business Customers: If you participate via an organization, we share relevant data back to them (e.g., voting results).
Legal and Regulatory Authorities: As required by law (e.g., audits or investigations).
Business Transfers: In mergers, acquisitions, or asset sales, with notice to you.
With Your Consent: For any other purpose you approve.

We do not sell your personal information. For CCPA-defined “sales” or “sharing,” you have the right to opt out. International transfers (e.g., to U.S. servers) are protected by safeguards like standard contractual clauses or adequacy decisions.

4. Data Retention

We retain personal information only as long as necessary for the purposes outlined above, or as required by law. For example:

Account data: Until account deletion plus 30 days.
Meeting records: As directed by customers, typically 1–5 years post-event.
Usage logs: Up to 2 years for security.
Backups: Up to 90 days.

After retention periods, we securely delete or anonymize data.

5. Your Privacy Rights

Depending on your location, you may have rights under PIPEDA, CCPA/CPRA, or other laws:

Access/Know: Request details on data we hold about you.
Correction/Rectification: Update inaccurate information.
Deletion: Request erasure, subject to legal exceptions.
Opt-Out of Sale/Sharing: Prevent “sales” or targeted advertising.
Limit Use of Sensitive Data: Restrict processing of sensitive personal information.
Portability: Receive your data in a portable format.
Non-Discrimination: We won’t penalize you for exercising rights.
Withdraw Consent: For consent-based processing.

To exercise rights, contact us at privacy@motionmeetings.co or via our website form. We respond within 45 days (extendable under law) and verify your identity. Authorized agents may submit CCPA requests with proof. For PIPEDA, we provide access free of charge unless excessive.

California residents: We collected the categories in Section 1 from users/customers/devices in the past 12 months, used/disclosed as above. No financial incentives for data collection.

6. Security Measures

We implement reasonable security practices to protect your personal information. These include:

Physical Access Control: Strict data center access; HQ surveillance and access controls; escorted guests.
System Access Control: Least-privilege + quarterly reviews; SSO with 2FA; password policy; timeouts; firewalls/IDS; WAF; VPN with 2FA; patching; vulnerability scans; AV; static analysis; annual pen tests.
Data Access Control: Logical separation of tenants; self-service interfaces; need-to-know access with quarterly reviews.
Transmission Control: TLS 1.2 in transit; AES-256 at rest; encrypted backups; encryption monitoring.
Input Control: Centralized logging and alerting; audit trails for data entry, updates, deletions with user/time stamps.
Availability Control: N+1 redundancy; DDoS mitigation; backups every 15 minutes; point-in-time recovery; offsite replication; disaster recovery testing.

We hold SOC 2 Type 1 and PCI-DSS compliance. In case of a breach, we notify affected parties and authorities as required (e.g., within 72 hours under PIPEDA).

7. Cookies and Tracking Technologies

Our website and Services use cookies for essential functions (e.g., session management), performance (e.g., analytics), and targeting (e.g., ads). You can manage preferences via browser settings or our cookie banner. We respect Do Not Track signals. Third-party trackers may collect data for their purposes; review their policies (e.g., Google).

8. Children’s Privacy

We do not target children under 13. If our Services are used in educational contexts involving minors, we rely on customer consent and comply with COPPA/FERPA as applicable.

9. Changes to This Policy

We may update this Policy to reflect changes in laws or practices. We will post updates here with the “Last Updated” date and notify you via email or in-app if material. Continued use constitutes acceptance.

10. Contact Us

For questions, complaints, or rights requests:

Email: privacy@motionmeetings.co
Mail: Motion Meetings Inc., 1600 – 401 Bay Street, Toronto, Ontario M5H 2Y4, Canada
Data Protection Officer: Available upon request.

For Quebec residents, this Policy is available in French upon request. If unsatisfied with our PIPEDA response, contact the Office of the Privacy Commissioner of Canada. For U.S. state laws, contact your state attorney general.

Thank you for trusting Motion Meetings with your data.

Privacy Policy