Legal
This article provides an overview of MoveData's legal documents and answers common questions about legal agreements, data processing, and compliance.
All MoveData legal documents are published at movedata.io/legal.
Legal documents#
MoveData maintains the following legal documents, each available online:
| Document | What it covers | Link |
|---|---|---|
| Terms of Service | Your agreement with MoveData, including subscription terms, payment obligations, intellectual property, and liability | Terms of Service |
| Privacy Policy | How MoveData collects, uses, stores, and protects personal data | Privacy Policy |
| Data Processing Addendum | Data processing obligations, sub-processors, security measures, and international data transfer safeguards | Data Processing Addendum |
| Pricing & Refund Policy | Billing terms, cancellation conditions, and refund eligibility | Pricing & Refund Policy |
Terms of service#
By using MoveData, you agree to the Terms of Service. Key provisions include:
- Free trial — 30-day trial at no cost; the trial ends automatically unless you convert to a paid subscription
- Auto-renewal — subscriptions renew automatically unless cancelled before the renewal date
- Payment terms — invoices are due within 7 days of issue
- Cancellation — contact support@movedata.io to cancel your subscription
For billing and payment details, see Payment options.
Privacy policy#
MoveData's Privacy Policy explains how personal data is handled. This policy applies to the personal information of customers that MoveData interacts with directly. It does not apply to the personal information that MoveData may integrate into Salesforce on your behalf — that is covered by the Data Processing Addendum.
Key points include:
- Data collected — contact details, account credentials, website usage data, and service-related information
- Data retention — inactive accounts are deleted or anonymised after two years
- User rights — users in the EEA, UK, and Switzerland can request access, correction, erasure, restriction, portability, and objection under applicable data protection laws
- California users — additional rights under the California Consumer Privacy Act (CCPA)
- Marketing — MoveData may send service-related communications to existing and former customers based on legitimate interest
To exercise your data rights, contact legal@movedata.io.
Data processing addendum#
By using MoveData, you automatically incorporate the Data Processing Addendum (DPA), which forms part of the Terms of Service.
Roles and responsibilities#
- Your organisation is the Data Controller
- MoveData is the Data Processor
Data processed#
MoveData processes the following categories of personal data on your behalf:
- Names and contact details (address, email, phone)
- Marketing preferences
- Fundraising page details
- Donation information
- Form submissions
Sub-processors#
MoveData uses the following sub-processors:
| Sub-processor | Function | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | Australia |
| Intercom | Customer support | United States |
| Atlassian | Project management | Australia |
| Email and documents | United States |
MoveData provides 14 days' notice before adding or changing sub-processors. You may object to a new sub-processor within that period.
International data transfers#
For transfers of personal data outside the EEA, UK, or Switzerland, MoveData relies on:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Addendum
- Swiss Data Transfer Amendments
Security incident notification#
MoveData will notify you of any security incident involving your data within 48 hours of discovery.
Data retention and deletion#
MoveData retains notification data on a 90-day rolling basis. After 90 days, data is permanently deleted from the MoveData platform. Upon termination of your subscription, MoveData deletes your data unless required by law to retain it.
For more detail on data security, see Security overview.
Mutual non-disclosure agreements#
MoveData will sign a Mutual Non-Disclosure Agreement (NDA) with your organisation, subject to the following conditions:
- MoveData provides its own standard NDA template
- MoveData is unable to sign your organisation's NDA template
- MoveData is unable to make changes to the NDA
To request a signed NDA, contact your Account Manager.
Data processing agreements#
MoveData does not sign third-party Data Processing Agreements. By using MoveData, you automatically incorporate MoveData's own Data Processing Addendum, which is part of the Terms of Service.
Transfer impact assessments#
MoveData does not conduct Transfer Impact Assessments (also known as Transfer Risk Assessments) on your behalf.
As stated in the Data Processing Addendum, MoveData is the Data Importer for the purpose of data transfers under Data Protection Laws. Conducting a Transfer Impact Assessment is an obligation placed on the Data Exporter (your organisation) when signing up to the appropriate safeguards mechanisms (the SCCs and UK Addendums) contained in the DPA.
Compliance and certifications#
MoveData holds the following certifications:
| Certification | Detail |
|---|---|
| CSA STAR Level 1 | Cloud Security Alliance self-assessment, publicly available on the CSA STAR Registry |
| Salesforce AppExchange Security Review | Continuous review required for all listed managed packages |
| GDPR | Compliant with the General Data Protection Regulation |
For detailed security information, see:
Contact#
| Enquiry type | Contact |
|---|---|
| General support | support@movedata.io |
| Legal and data protection | legal@movedata.io |
| NDA requests | Your Account Manager |
Related articles#
- Payment options — billing frequency, payment methods, and automatic payments
- Sales tax — how sales tax applies to your MoveData subscription
- Security overview — MoveData's security architecture and data protection measures
- Cyber security FAQ — answers to common security questions
- Cloud Security Alliance assessment — MoveData's CSA STAR self-assessment