Privacy Policy

Effective July 11, 2026

This Privacy Policy explains how motionfarm LLC, a Wyoming limited liability company ("motionfarm", "we", "us"), collects, uses, and shares information when you use Grooove, the project management service at grooove.io (the "Service").

In short: we collect what the Service needs to work, we do not sell personal information, we do not run advertising or analytics trackers today, and we may send account holders occasional product news that you can opt out of at any time.

1. Our role: controller and processor

For account information and our own operations (such as sign-in, security logs, and the emails we send you), motionfarm acts as the data controller. For content that a workspace puts into the Service, including information about the workspace’s own clients, the workspace is the controller and motionfarm processes that content on the workspace’s behalf and under its instructions. If you have questions about content a workspace holds about you, the workspace that invited you is usually the right first contact.

2. Information we collect

Account information. Your email address, display name, and optional avatar. If you sign in with Google, we receive your name, email, and profile picture from Google. If you sign in with email codes, we process your email to deliver the code.

Workspace content. What you and your workspace create in the Service: tasks, briefs, comments, uploaded files and deliverables, projects, schedules, and similar content. Comments and files carry a visibility level (internal or client-visible) that controls who inside the workspace can see them.

Billing records. If your workspace uses the billing features: client organization details, billing contacts and addresses, tax identifiers, quotes, invoices, and payment records that the workspace enters. Grooove does not process card payments and does not collect card numbers.

Activity and log data. Actions taken in a workspace (who did what and when) shown as activity history, plus technical logs such as IP address, browser type, and timestamps that our infrastructure providers record for security and reliability.

Communications. Messages you send us, such as support or legal inquiries.

We do not use advertising trackers or third-party analytics on the Service today. If we ever add product analytics, we will choose a privacy-respecting approach and update this policy first.

3. How we use information

  • Provide and operate the Service, including syncing content between workspace members and delivering client portals and review links.
  • Send service emails: sign-in codes, invitations, notifications your settings allow, and invoice emails a workspace asks us to deliver.
  • Send occasional product news and marketing to account holders. Every such email includes a way to opt out, and opting out never affects service emails.
  • Keep the Service secure: authentication, access control, abuse prevention, and incident investigation.
  • Improve the Service, using aggregate or de-identified information where practical.
  • Comply with law and enforce our Terms of Service.

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (operating the Service you signed up for), legitimate interests (securing and improving the Service, and sending existing account holders relevant product news, balanced against your rights), consent where required (which you can withdraw at any time), and legal obligations.

5. How information is shared

We do not sell personal information and we do not share it with advertisers. Information is shared only with:

People in your workspace. Workspace content is visible according to workspace roles. Client users see only their own organization’s client-visible work. Recipients of a guest review link can see the specific client-visible content that link exposes.

Service providers (subprocessors). Supabase (database, authentication, and file storage), Vercel (application hosting and delivery), and Resend (email delivery). These providers process data for us under their own security and data protection commitments, primarily in the United States.

Integrations you connect. If a workspace owner or admin connects QuickBooks, invoice data the workspace chooses to sync is sent to Intuit. Google processes your sign-in if you use Google OAuth. Integrations are optional and governed by the third party’s own privacy policy.

Legal and safety. We may disclose information if required by law, or when reasonably necessary to protect the rights, safety, or property of users, the public, or motionfarm.

Business transfers. If motionfarm is involved in a merger, acquisition, or asset sale, information may transfer with the business; this policy would continue to apply until updated with notice.

6. Cookies

The Service uses only cookies it needs to function. We set no advertising or analytics cookies.

Authentication cookies. Keep you signed in securely (managed by our auth provider, Supabase).

Preference cookies. Remember functional choices, such as the role or client organization view an owner or admin is previewing.

Security cookies. Short-lived tokens that protect flows like connecting an integration against cross-site request forgery.

7. Data retention

We keep information for as long as your account or workspace is active and as needed to provide the Service. When content is deleted in the app, it becomes inaccessible to users and is removed from live systems, then ages out of routine backups on a fixed schedule. We may retain limited records where required by law or for legitimate business purposes such as resolving disputes.

8. Security

We protect information with encryption in transit and at rest, logical isolation of every workspace’s data enforced at the database layer (row-level security), short-lived signed URLs for file access, least-privilege access to production systems, and passwordless sign-in (Google or one-time email codes, so Grooove stores no passwords). No system is perfectly secure, but if we learn of a breach affecting your personal information we will notify you and the relevant authorities as required by law.

9. International transfers

We are based in the United States and our service providers process data primarily in the United States. If you use the Service from elsewhere, your information will be transferred to and processed in the US. Where required, transfers from the EEA, UK, or Switzerland rely on appropriate safeguards such as standard contractual clauses maintained by our subprocessors.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. California residents have corresponding rights under the CCPA/CPRA, and we do not "sell" or "share" personal information as those terms are defined there. You will never be discriminated against for exercising your rights.

To exercise a right, email privacy@grooove.io from the address associated with your account. If your request concerns content controlled by a workspace (for example, information a creative agency holds about you as its client), we will refer it to that workspace or ask you to contact them, as GDPR-style laws direct requests to the controller. You may also lodge a complaint with your local data protection authority.

11. Marketing communications

We may occasionally email account holders about new features, improvements, and other Grooove news. These emails are infrequent, come from us only (never third parties), and every one includes an unsubscribe link. You can also opt out by emailing privacy@grooove.io. Service emails, such as sign-in codes, invitations, and notifications you have enabled, are separate and are not affected by a marketing opt-out.

12. Children

The Service is a business tool, is not directed at children, and may not be used by anyone under 16. We do not knowingly collect personal information from children; if you believe a child has provided us information, contact us and we will delete it.

13. Changes to this policy

We may update this policy as the Service evolves. If a change is material, we will give notice before it takes effect, for example by email or an in-app notice. The "Effective" date above reflects the latest revision.

14. Contact

motionfarm LLC operates Grooove. For privacy questions or requests, email privacy@grooove.io.