Skip to main content
Terms of ServicePrivacy PolicyCookie PolicySecurityDPASub-processorsLaw EnforcementSLAAcceptable UseAI PolicyAccessibilityDisclaimer

Legal

Data Processing Agreement

Last updated: April 14, 2026

Section 1

Introduction

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Motion Ready, LLC (“Processor”) and you (“Controller”) and governs the processing of personal data in connection with our Services.

Section 2

Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, and disclosure.
  • “Data Subject” means the individual to whom Personal Data relates.
  • “Sub-processor” means any third party engaged by the Processor to process Personal Data.
Section 3

Scope and Purpose

The Processor will process Personal Data only for the purpose of providing the Services as described in our Terms of Service and as instructed by the Controller. The types of Personal Data processed include:

  • Contact information (name, email, phone number, address)
  • Professional information (bar number, firm name)
  • Case information submitted with orders
  • Documents and files uploaded to our platform
  • Communications and messages
  • Payment information
Section 4

Data Protection Obligations

Processor Obligations

The Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure personnel authorized to process Personal Data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to Data Subject requests
  • Delete or return Personal Data upon termination of Services
  • Make available information necessary to demonstrate compliance

Controller Obligations

The Controller agrees to:

  • Ensure lawful basis for processing Personal Data
  • Provide necessary information for Data Subject requests
  • Comply with applicable data protection laws
  • Notify Processor of any changes to processing instructions
Section 5

Security Measures

The Processor implements the following security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Infrastructure: SOC 2 Type II compliant cloud infrastructure
  • Monitoring: 24/7 security monitoring and alerting
  • Backups: Daily encrypted backups with 30-day retention
  • Testing: Regular security assessments and penetration testing
Section 6

Sub-processors

The Controller authorizes the Processor to engage the following Sub-processors:

The current list of authorized Sub-processors is maintained at motion-ready.com/sub-processors. That page is updated whenever Sub-processors are added or materially changed, with no fewer than 30 days' advance notice before any new Sub-processor begins processing Controller data.

The Processor will notify the Controller of any intended changes to Sub-processors, allowing 30 days to object. Controllers who object to a new Sub-processor may terminate the Services in accordance with the Terms of Service.

Controllers may also request the complete sub-processor list by contacting support@motion-ready.com.

Section 7

Data Subject Rights

The Processor will assist the Controller in responding to Data Subject requests, including:

  • Access to Personal Data
  • Rectification of inaccurate data
  • Erasure of Personal Data
  • Restriction of processing
  • Data portability
  • Objection to processing
Section 8

Data Breach Notification

In the event of a Personal Data breach, the Processor will:

  • Notify the Controller within 72 hours of becoming aware
  • Provide details of the breach and affected data
  • Describe measures taken to mitigate the breach
  • Cooperate with the Controller in any required notifications
Section 9

Data Retention and Deletion

Personal Data will be retained in accordance with our Privacy Policy:

  • Account data: Duration of account plus 3 years
  • Case materials: 365 days after order completion
  • Billing records: 7 years (tax and financial regulations)
  • AI processing logs: Deleted by Motion Ready immediately after generation; third-party AI providers may cache inputs for up to 30 days for abuse monitoring before deletion
  • Communications: 3 years after last activity

Upon termination, the Processor will delete or return Personal Data within 90 days, unless retention is required by law.

Section 10

International Transfers

Personal Data may be transferred to the United States. The Processor ensures appropriate safeguards for such transfers, including:

  • Standard Contractual Clauses (where applicable)
  • Sub-processors with adequate data protection commitments
  • Technical measures to protect data during transfer
Section 11

AI Processing Addendum

In addition to the above, the following applies to AI processing:

  • Purpose Limitation: AI systems process data only to provide the requested drafting services
  • No Training: Third-party AI providers do not train on our API traffic per their terms of service as of 2026
  • Human Review: All AI outputs are reviewed by qualified legal professionals before delivery
  • Data Minimization: Only necessary data is sent to AI systems
  • Logging: Motion Ready deletes AI processing logs immediately after generation; third-party AI providers may cache inputs for up to 30 days for abuse monitoring before deletion
  • Limited Data Retention: Third-party AI providers do not retain matter data long-term. Inputs may be cached for up to 30 days for abuse monitoring before deletion per provider policy. Customer data is retained by Motion Ready only as long as necessary to deliver your order and per our 365-day retention policy (see Privacy Policy §12).
Section 12

Audit Rights

Upon reasonable notice, the Controller may audit the Processor's compliance with this DPA. The Processor will:

  • Provide access to relevant documentation
  • Permit on-site inspections (with reasonable notice)
  • Make personnel available for questions

Alternatively, the Processor may provide third-party audit reports (SOC 2, ISO 27001) as evidence of compliance.

Section 13

Liability

Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service. The Processor will not be liable for damages arising from the Controller's failure to comply with data protection laws.

Section 14

Term and Termination

This DPA is effective for the duration of the Services. It will automatically terminate when the Services end. Provisions relating to data deletion, liability, and confidentiality survive termination.

Section 15

Governing Law

This DPA is governed by the laws of the State of Texas, without regard to its conflict of law provisions. Any disputes arising under this DPA shall be resolved in accordance with the dispute resolution provisions set forth in the Terms of Service.

Section 16

Government and Law Enforcement Requests

Upon receipt of any subpoena, court order, warrant, or other compulsory legal process relating to Customer Data, Motion Ready will: (a) evaluate whether the demand is legally valid and narrowly tailored; (b) provide Customer with written notice no fewer than ten (10) business days before the date of required compliance, except where prohibited by law; and (c) cooperate with Customer's reasonable efforts to oppose the demand.

Motion Ready acknowledges that Customer Data may contain information protected by the attorney-client privilege and the work product doctrine. Motion Ready will not voluntarily waive any such privilege and will affirmatively raise privilege as a threshold objection where applicable.

Section 17

Contact

For questions about this DPA or to exercise your rights, or to request a custom DPA for enterprise needs, contact our team:

Motion Ready, LLC — Data Protection
Emailsupport@motion-ready.com
MailMotion Ready, LLC
Dallas–Fort Worth, Texas
Response3–5 business days