Security

‍Last updated: 11 September 2025

Motley is committed to adhering to established industry best practices in security. We are working withe Oneleet toward our SOC 2 type 2 compliance (early 2026).

‍

Data Scope & Lifecycle

• We only process client-approved, non-sensitive information, such as aggregated analytics, usage metrics, public content, and data from internal tools (e.g., Notion, Slack, Lightdash), solely to generate slide decks and reports. Ingestion filters are configured according to each client’s data-classification requirements, ensuring we capture only approved fields and records.

‍

• We store all ingested, client-approved data and their corresponding embeddings within our cloud. This data is retained indefinitely to support on-demand report generation and is deleted upon client request.

‍

• We only disclose client data that the client explicitly approves to the LLM vendors, such as OpenAI or Anthropic, and only as necessary to generate reports as requested by the user. We do not retain or inspect those inputs beyond what’s required for the API call, and we never use any client-supplied data for third-party LLM training, fine-tuning, or improvement.

‍

• Upon receiving a formal deletion request from the client, we permanently and irreversibly erase all of that clint’s raw inputs, embeddings, and any derivative indices or summaries from our systems