Motional

Measuring and Improving
Emotional Health and Well-being

Privacy Policy

PRIVACY POLICY

At Steps Along The Way Ltd (“Steps Along The Way” or “us” or “we” or “our”), we respect the privacy rights of our online visitors and recognize the importance of protecting the information we collect about you.  Our Privacy Policy is designed to help you understand how we collect, hold, use and disclose personally identifiable information about you.  

This policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which we will process any personal data we collect from you, or which you provide to us, in the course of using our site motional.io. 

YOUR INFORMATION

When you use our site, there are a number of ways in which you provide information and other data to us. By using the site, you consent to us processing and collecting this data, on the terms and for the reasons which are explained below.

HOW YOUR INFORMATION IS COLLECTED

You may complete forms on our site such as our contact form, or by registering with us online. You may email us or otherwise call us to use our services. We may also collect information through technology such as essential cookies and usage logs.

Steps Along the Way routinely collects three different categories of data:

  1. Participant assessment data
  2. Personal contact details of Participants Parent, Guardian or next of Kin, teaching staff and care givers
  3. Enquiries to our site via the contact form

INFORMATION WE MAY COLLECT ABOUT YOU

From every visit you make to our site, we may automatically collect the following:

  • Your first and last name, email and/or postal address, telephone number or other information you provide when you fill out a contact form on the Site
  • Your IP address
  • Your Internet Service provider (“ISP”)
  • Any referring or exit pages taking you to or from our site
  • Your login information
  • Your web browser type and version
  • Your time zone & location
  • Date/time stamp
  • Clickstream data
  • Any browser plug-ins and versions used on your browser
  • Your operating system
  • Your platform / device details
  • Information we collect when you interact with our content on the Site. This may include information such as the fact that you viewed or interacted with our content.

HOW YOUR INFORMATION IS USED

We may use your information to:

  • send you our newsletters from time to time if you choose to be sent them.
  • ensure that content from our site is presented in the most optimised and effective manner for you and for your computer.
  • diagnose or fix technology problems.
  • control unauthorized use or abuse of the Site and our products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • carry out our obligations arising from any contracts entered into between you and us.
  • allow you to participate in interactive features of our service, when you choose to do so.
  • notify you about changes to our service
  • deliver customer service and respond to your inquiries
  • administer our site including data analysis, testing, traffic monitoring, research, statistical and survey purposes

If you do not want us to use your information for marketing purposes, please tick the relevant box on the form on which you submit your data. You can also contact us directly by emailing support@motional.io

Please note that if you click on, or follow, any links from our site to external websites, our privacy policy will no longer apply. Please check the privacy policies of any such external site before submitting any personal data, as we cannot accept any responsibility or liability in relation to them.

ACCESS TO INFORMATION (Notice to UK Users)

You have the right under the UK Data Protection Act to access the information which we hold about you. If you wish to exercise this right, please send your request to support@motional.io

STORAGE AND SECURITY

While data is in transit we use TLS 1.3, X25519, and AES_128_GCM. Data at rest is stored in AWS RDS databases which use the industry standard AES-256 encryption algorithm or on encrypted S3 buckets with access restricted.

  • To protect passwords we run 10 rounds of bcrypt
  • We enforce strong passwords that don’t appear in HaveIBeenPwned.
  • We verify with a nominated person at the school before adding new users to the account.
  • We use a “scoped to the tenant” approach for fetching data, so when someone logs in to Motional they will only be able to access data belonging to children on the team that they’re logged in to
  • We keep logs of logins
  • We have a strict firewall that rate limits access to avoid brute force attempts
  • We have alarms set and can disable the site within minutes if necessary
  • Motional staff only use trusted wifi networks and company devices to access our backend system
  • Motional staff access is tiered depending on user role
  • We are entirely hosted on AWS in London, with multi zone availability and automatic failover.
  • We have a disaster recovery plan and rehearse it at least 6 monthly
  • We have Cyber Essentials accreditation

TRANSFER WINDOW

From 1st Sep 2021 new accounts and subscription renewals will transfer to our new Data Processor Agreement which is now part of our standard T&Cs. We will be deleting data much sooner after the end of a subscription now. When your subscription ends or when you remove a Participant from your account, we start a transfer window of 90 days. We continue to store that data so that the team the Participant moves on to can request permission from you to transfer it to them. This can aid in smooth transitions between settings and improve continuity of approach.  You can override this 90 period in your team settings. Bare in mind that whatever period you change it to, that data will be irretrievably destroyed automatically at the end of it. So if one of your staff deletes a Participant or Snapshot by accident, we can recover it back to your account if it is within that transfer window.

ENFORCEMENT

Steps Along the Way regularly reviews its compliance with this Privacy Policy.  We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between Steps Along the Way and an individual.

If you have a concern about your privacy or you would like to know more about how your personally identifiable information is collected, or used please contact us.  We ask that when you contact us with a complaint, please include contact information and clearly describe your complaint.  We will respond to your request or complaint within a reasonable time and will let you know next steps in resolving your complaint.  If you are not satisfied with our response, you may also contact the Information Commissioner’s Office.

NOTICES AND REVISIONS

We reserve the right to change our Privacy Policy at any time.  Non-material changes and clarifications will take effect immediately, and material changes will take effect within 30 days of their posting on the Site (unless we specify a different notice period).  If we make changes, we will post them and will indicate on this page the policy’s new effective date.  If we make material changes to this policy, we will notify you here, by email, or through notice on our home page.  We encourage you to refer to this policy on an ongoing basis so that you understand our current privacy practices.  Unless stated otherwise in a separate agreement or privacy statement, this Privacy Policy applies to all information that we have about you.  We may also issue specific information collection privacy notice from time-to-time relating to particular products or services.

CONTACT US

If you have questions or suggestions about this Privacy Policy, or to make any request described above, please feel free to contact us by email at support@motional.io