Data practices

How we handle
your data.

Plain English. No legalese. Here's exactly what we access, where it goes, and what you control.

Read-only access

We can see your data to analyse it. We cannot modify, delete, or export anything from your systems. Ever.

Never sold or shared

Your business data is never sold, traded, or shared with third parties. It exists solely to power your Motherbird.

Disconnect anytime

Revoke access to any data source at any time. We stop accessing it within 24 hours and delete associated data within 30 days.

Australian hosted

Your data is processed and stored on servers in the Asia-Pacific region. We comply with the Australian Privacy Act 1988.

Encrypted always

All data is encrypted in transit (TLS) and at rest. Your information is protected at every stage.

No AI training

Your data is never used to train AI models for other customers or any third party. Your data powers your Motherbird only.

What we access

StageWhat we access
Free reviewPublic data only. Your website, Google Business profile, social media accounts, public reviews, and publicly available market data. We do not access any private systems or accounts.
Connected consoleThe tools you choose to connect. Typically POS, CRM, social media analytics, review platforms, email marketing, and website analytics. All connections are read-only via official APIs. You authorise each connection individually.
External intelligenceFree public data that affects your business. Weather, local events, school holidays, Google Trends, competitor activity, accommodation data. None of this is your data, it's the world around your business.

Where your data goes

ServicePurpose
Supabase (database)Stores your console configuration, metrics, and AI-generated insights. Asia-Pacific region. Encrypted at rest.
Anthropic (AI)Processes your data to generate insights and suggestions. Enterprise tier, data is not used for model training. Encrypted in transit.
Vercel (hosting)Hosts your console interface. No business data is stored on Vercel, it simply serves the application.

Common questions

No. Every connection is read-only. We can view your data to analyse it, but we cannot modify, delete, create, or export anything. Your systems remain entirely under your control.
We disconnect all data integrations within 24 hours. Your business data is deleted from our systems within 30 days. We retain basic account information (name, email, billing records) for up to 7 years for Australian tax compliance.
No. Your data is completely isolated. Each Motherbird console is a separate, private instance. No client can see another client's data, metrics, or insights.
No. We use enterprise-tier AI services that do not use customer data for model training. Your data is processed to generate your insights, then the processing context is discarded. Nothing persists beyond your console.
Only authorised Motherbird staff involved in building and maintaining your console. Access is limited and logged. We do not have a large team, so in practice this means the person who built your console and whoever is managing your account.
We will notify you within 72 hours of becoming aware of any breach that affects your data, in compliance with the Notifiable Data Breaches scheme under the Privacy Act. We will also notify the Office of the Australian Information Commissioner (OAIC) as required.

Questions about how we handle your data?

info@motherbird.ai

Motherbird (ABN pending). General information only, not professional advice. AI outputs should be reviewed before implementation.

© 2026 Motherbird