Legal

Privacy Policy

Last updated: February 14, 2026

This Privacy Policy explains how Motive AI, LLC, an Alabama limited liability company doing business as Motive Hosting ("Motive Hosting," "we," "us," or "our"), collects, uses, and protects personal information when you use our website at motive.host, our client portal at host.motiveai.ai, and our managed hosting services (collectively, the "Services").

We wrote this policy in plain language so you can actually understand it. If something is unclear, email us at hello@motive.host and we will explain it.

1. Who We Are

Motive Hosting is a managed hosting service operated by Motive AI, LLC. We provide website hosting, business email, security, backups, and related services to small and mid-sized businesses, primarily in the Gulf Coast region of the United States.

Important distinction: Motive Hosting plays two different roles depending on whose data we are talking about. For our clients' account data (your name, email, payment info), we are the data controller -- we decide what to collect and why. For data that visitors submit through our clients' websites (contact forms, orders, etc.), we are a data processor -- we store and transmit that data on our clients' behalf, but our clients decide what to collect and how to use it.

2. What Data We Collect

Client Account Data (We are the controller)

When you sign up for and use our Services, we collect:

Identity information: Your name, business name, and job title
Contact information: Email address, phone number, and mailing address
Billing information: Payment method details (processed by Stripe -- we do not see or store your full card number)
Account credentials: Username and password (passwords are stored in hashed form -- we cannot read them)
Service usage data: Support requests, plan selections, feature usage, and communication preferences
Technical data: IP address, browser type, and device information when you access the Client Portal

We do not collect Social Security numbers, government-issued identification numbers, or biometric data.

Website Visitor Data (We are the processor)

When visitors interact with websites hosted on our platform, the hosted website may collect data from those visitors. This data is determined and controlled by our client (the website owner), not by Motive Hosting. Examples may include:

Contact form submissions (names, email addresses, messages)
E-commerce transaction data
Newsletter subscriber information
Website analytics data

We process this data only as necessary to provide hosting services. We do not access, analyze, or use this data for our own purposes.

Marketing Website Data

When you visit our marketing website at motive.host (before becoming a client), we collect minimal data:

Standard web server logs (IP address, pages visited, browser type, referring URL)
Any information you voluntarily provide through contact forms

3. How We Collect It

We collect information through three methods:

Directly from you: When you create an account, purchase a plan, submit a support request, or contact us by email
Automatically: When you access our website or Client Portal, our servers record standard technical information (IP address, browser type, pages visited)
From third parties: Our payment processor (Stripe) provides us with limited transaction information such as the last four digits of your card, the card brand, and whether the payment succeeded or failed. We do not receive your full card number from Stripe.

4. Why We Collect It

We collect personal information for the following purposes, and only for these purposes:

To provide our Services: We need your account and billing information to set up and maintain your hosting, email, and related services
To communicate with you: We use your contact information to send service notifications, respond to support requests, and provide account updates
To process payments: We share billing information with Stripe to charge your payment method
To maintain security: We use technical data to detect and prevent unauthorized access, abuse, and fraud
To improve our Services: We analyze aggregate, non-identifying usage patterns to improve our platform
To comply with legal obligations: We retain certain records as required by tax, accounting, and other legal requirements

We do not sell your personal information. We do not use your personal information for advertising. We do not build behavioral profiles for targeted marketing.

5. How We Use It

Here is a specific breakdown of how we use each type of information:

Data Type	How We Use It
Name & business name	Account identification, support correspondence, invoicing
Email address	Account login, service notifications, support communication, billing receipts
Phone number	Emergency contact for critical service issues (we will not call you for marketing)
Payment information	Monthly billing via Stripe (we do not store card numbers)
IP address & technical data	Security monitoring, abuse prevention, server logs
Support requests	Resolving your issues, improving our documentation and processes

6. Who We Share It With

We share your information only with the service providers ("subprocessors") necessary to deliver our Services. We do not sell, rent, or trade your personal information to third parties.

Subprocessors

Provider	Purpose	Data Shared	Location
Vultr	VPS infrastructure (servers that host your website)	Website files, databases, server logs	Atlanta, GA, USA
xCloud	Hosting management platform	Server configuration, site deployment data	USA
Stripe	Payment processing	Billing name, email, payment method details	USA
SendGrid (Twilio)	Transactional and newsletter email delivery	Recipient email addresses, email content	USA
OpenSRS (Tucows)	Domain name registration	Domain registrant contact information (as required by ICANN)	Toronto, Canada

Each of these subprocessors is bound by their own privacy policies and data protection agreements. We select subprocessors that maintain appropriate security standards.

Other Disclosures

We may also disclose your information when:

Required by law: In response to a valid subpoena, court order, or government request
To protect rights and safety: When we believe disclosure is necessary to protect the rights, property, or safety of Motive Hosting, our clients, or the public
Business transfer: In connection with a merger, acquisition, or sale of assets, in which case we will notify you before your information is transferred and becomes subject to a different privacy policy

7. Where Data Is Stored

Your data is stored in the United States. Specifically:

Hosted websites and databases: Vultr data center in Atlanta, Georgia, USA
Client account data: xCloud platform servers in the USA
Payment data: Stripe's PCI-DSS compliant infrastructure in the USA
Email data: SendGrid's infrastructure in the USA
Domain registration data: OpenSRS/Tucows in Toronto, Canada

All data is stored within the United States and Canada. We do not transfer your data to other countries unless a subprocessor listed above does so in the ordinary course of their operations, in which case their privacy policies apply to that transfer.

8. How Long We Keep It

We keep your data only as long as we need it for the purpose it was collected:

Data Type	Retention Period
Active account data	For the duration of your account
Website content & backups after termination	30 days after account termination, then permanently deleted
Billing and transaction records	7 years after the transaction (required by tax law)
Support correspondence	2 years after account termination
Server access logs	90 days (rolling)
Marketing website server logs	30 days (rolling)

When data reaches the end of its retention period, we delete it from our active systems. Backups containing expired data are overwritten through our normal backup rotation schedule.

9. Your Rights

Depending on where you are located, you may have certain rights regarding your personal information. We honor the following rights for all clients, regardless of location:

Right to Know

You can ask us what personal information we have collected about you, the categories of sources from which it was collected, and the purpose for collecting it. We will provide this information free of charge.

Right to Access

You can request a copy of the personal information we hold about you in a portable, commonly used format.

Right to Delete

You can request that we delete your personal information. We will comply, except where we are required to retain data by law (such as billing records for tax purposes) or where the data is necessary to complete an ongoing transaction.

Right to Correct

You can request that we correct inaccurate personal information. You can also update most of your account information directly through the Client Portal.

Right to Opt Out of Sale

We do not sell your personal information. There is nothing to opt out of. If this ever changes, we will update this policy and provide a clear opt-out mechanism.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not affect the quality or pricing of our Services.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include:

The right to know what personal information we have collected, sold, or disclosed in the past 12 months
The right to opt out of the sale or sharing of personal information (we do not sell or share your data, so this right is already satisfied)
The right to limit the use of sensitive personal information (we do not collect sensitive personal information as defined by the CPRA)
The right to request deletion of your personal information

To exercise any of these rights, contact us at hello@motive.host. We will verify your identity before processing your request and respond within 45 days.

Exercising Your Rights

To exercise any privacy right, send an email to hello@motive.host with the subject line "Privacy Request." Please describe what you are requesting, and we will respond within 30 days (45 days for CCPA requests). We may need to verify your identity before fulfilling your request.

10. Cookies & Tracking

Our Marketing Website (motive.host)

Our marketing website at motive.host uses minimal tracking. We do not use third-party advertising trackers, social media pixels, or behavioral analytics tools on our marketing site.

We may use:

Essential cookies: For basic website functionality (such as remembering if you dismissed a notification)
Analytics: We may use privacy-respecting analytics to understand overall site traffic patterns (page views, referral sources). We do not track individual user behavior across sessions.

Our Client Portal (host.motiveai.ai)

The Client Portal uses cookies necessary for:

Authentication: Keeping you logged in during your session
Security: Preventing cross-site request forgery (CSRF) and other security threats
Preferences: Remembering your display settings and preferences

These are functional cookies necessary for the portal to work. There are no advertising or tracking cookies in the Client Portal.

Client Websites

Websites hosted on our platform may use their own cookies and tracking technologies, as configured by the website owner (our client). Motive Hosting does not control what cookies or trackers our clients place on their own websites. If you have questions about cookies on a website hosted by us, please contact the website owner directly.

Do Not Track

We honor "Do Not Track" browser signals. When we detect a DNT signal, we disable any non-essential tracking on our own properties.

11. Children's Privacy

Our Services are designed for businesses and are not directed at children under the age of 13 (or under the age of 16 in certain jurisdictions). We do not knowingly collect personal information from children.

If you believe that a child has provided personal information to us, please contact us at hello@motive.host. We will promptly investigate and delete any such information from our systems.

If you are a client hosting a website that collects information from children, you are responsible for complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws. Motive Hosting will cooperate with you in fulfilling those obligations.

12. Data Security

We take the security of your data seriously and implement a range of technical and organizational measures to protect it:

Encryption in transit: All data transmitted between your browser and our services is encrypted using TLS (HTTPS). All client websites hosted on our platform include free SSL certificates.
Encryption at rest: Sensitive data stored on our servers is encrypted at rest.
Access controls: Access to client data is restricted to authorized personnel on a need-to-know basis.
Payment security: We never see or store your full credit card number. All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified.
Infrastructure security: Our hosting infrastructure (Vultr) maintains SOC 2 compliance and physical security at their data centers.
Monitoring: We monitor our systems 24/7 for unauthorized access attempts and unusual activity.
Automated backups: Regular automated backups protect against data loss (frequency depends on your Plan).
Password security: All passwords are stored using industry-standard hashing algorithms. We cannot read your password.

No system is 100% secure. While we implement commercially reasonable safeguards, we cannot guarantee absolute security. We encourage you to use strong, unique passwords for your account and to enable any additional security features available in the Client Portal.

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Investigate immediately: Assess the scope, cause, and impact of the breach
Contain the breach: Take immediate steps to stop the unauthorized access and prevent further exposure
Notify affected individuals: Contact you by email as soon as reasonably practicable, and no later than required by applicable law
Notify regulators: Report the breach to the Alabama Attorney General and any other required regulatory bodies as mandated by the Alabama Data Breach Notification Act (Ala. Code 8-38-1 et seq.) and other applicable laws
Provide details: Our notification will include: a description of the breach, the types of information involved, the steps we are taking to address it, and what you can do to protect yourself

Alabama law specifics: Under the Alabama Data Breach Notification Act, we are required to notify affected individuals within 45 days of determining that a breach has occurred. We aim to notify you well within that timeframe.

If you are a client and a breach affects data on your hosted website (data for which you are the controller), we will notify you promptly so that you can fulfill your own notification obligations to your users.

14. International Transfers

Motive Hosting is based in the United States, and our primary infrastructure is located in Atlanta, Georgia. Our Services are designed for businesses operating in the United States, particularly the Gulf Coast region.

Your data is primarily stored and processed in the United States. One subprocessor (OpenSRS/Tucows, for domain registration) is based in Canada. Canada has been recognized by many international bodies as providing adequate data protection.

If you are accessing our Services from outside the United States, please be aware that your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using our Services, you consent to this transfer.

We do not currently target or offer services to individuals in the European Union. If this changes, we will update this policy to address GDPR requirements and implement appropriate transfer mechanisms.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last updated" date at the top of this page
For material changes that affect how we collect, use, or share your data, we will notify you by email at least 30 days before the changes take effect
We will post the revised policy on our website

We encourage you to review this policy periodically. Your continued use of the Services after changes take effect constitutes acceptance of the revised policy.

16. Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, contact us:

Motive AI, LLC d/b/a Motive Hosting
Email: hello@motive.host
Web: motive.host

For privacy-specific requests, use the subject line "Privacy Request" so we can route your inquiry appropriately. We will respond to all privacy inquiries within 30 days.