Privacy Policy

1. Who we are

Motivly ("we", "us", "our") provides a SaaS platform that helps hospitality businesses grow their Google reviews and recognise top-performing staff. Motivly is operated from the United Kingdom. You can contact us at hello@motivly.io.

2. Data we collect

We collect the following categories of personal data:

• Account data: name, email, password (hashed), profile picture, authentication identifiers.
• Business data: business name, location(s), industry, brand colours, logo, timezone.
• Google Business Profile data: when you connect your Google Business Profile via OAuth, we access reviews, review replies, location information, and business profile metadata on your behalf using your explicit consent.
• Staff data: staff names, nicknames/aliases, roles, and optional avatars that you choose to upload.
• Usage data: log data, IP address, device and browser information, pages visited, and feature usage.

3. Google Business Profile & Google API data

When you connect Motivly to your Google Business Profile, you authorise us to call Google APIs (including the Google Business Profile API and Google Places API) on your behalf. We use this access strictly to:

• Read your reviews and detect mentions of staff members.
• Display reviews and analytics inside your Motivly dashboard.
• Optionally post owner replies to reviews — only when you explicitly click "Reply" inside Motivly.
• Read location information to support multi-location businesses.

We do not modify your business profile, post Google Posts, change business hours, or take any action without your explicit consent. We never sell, share, or use Google user data for advertising. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect your Google Business Profile at any time from your Motivly account settings. Doing so revokes our access tokens and stops further data syncing.

4. How we use your data

• To provide, maintain, and improve the Motivly service.
• To attribute review mentions to staff and generate leaderboards.
• To send transactional emails (account, security, billing, and product updates).
• To prevent abuse, fraud, and policy violations.
• To comply with legal obligations.

5. Data retention

We retain personal and business data for as long as your account is active. Google Business Profile data is retained for the lifetime of your connection plus 30 days. You may request deletion of your account and associated data at any time by emailing hello@motivly.io. We will delete your data within 30 days, except where retention is required by law.

6. Sub-processors

We use trusted infrastructure providers to operate Motivly:

• Cloud hosting and database (Supabase / Cloudflare Workers).
• Google APIs (for Business Profile and Places data, with your consent).
• Email delivery providers for transactional email.

7. Your rights

Under UK GDPR and EU GDPR you have the right to access, correct, export, restrict, and delete your personal data, as well as the right to object to processing and to lodge a complaint with a supervisory authority. To exercise any of these rights, contact hello@motivly.io.

8. Security

We use TLS in transit, encrypted storage at rest, role-based access control, row-level security on the database, and least-privilege OAuth scopes. Despite our best efforts, no system is fully secure — we will notify you and the relevant regulator within 72 hours of becoming aware of any qualifying personal data breach.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-product notice at least 14 days before they take effect.

10. Contact

Questions, requests, or concerns? Email hello@motivly.io.