Privacy Policy
Last updated: June 9, 2026
1. Introduction
Maven (“Maven”, “we”, “our”, or “us”) is a marketing data and analytics platform operated by Studious, LLC., a Tennessee company. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform at mavendata.ai and any related services (the “Platform”). It also describes the data we access from third-party platforms you choose to connect, including data obtained through Google and Meta (Facebook/Instagram) APIs, and your rights and choices regarding that data.
2. Information We Collect
We collect the following categories of information:
- Account Information: Name, email address, company name, and authentication credentials when you create an account.
- Usage Data: Information about how you interact with the Platform, including pages visited, features used, and session activity.
- Connected Platform Data: Data we retrieve on your behalf from third-party advertising and analytics platforms you connect through our Integration Hub (e.g., Google Ads, Google Analytics, Meta Ads, TikTok Ads). See Sections 4–6 for details.
- Device & Technical Data: IP address, browser type, operating system, and device identifiers.
- Cookies & Similar Technologies: Used to maintain sessions and improve your experience (see Section 14).
3. How We Use Your Information
- To provide, maintain, and improve the Maven Platform.
- To connect, sync, and process data from the integrations you authorize.
- To generate dashboards, reports, and analytics on your behalf.
- To communicate with you about your account, updates, and support.
- To detect, prevent, and respond to fraud, abuse, or security incidents.
- To comply with legal obligations.
We do not sell your personal information or data obtained through connected platforms, and we do not use that data to serve advertising to you or to others. We use connected platform data solely to provide the reporting and analytics features you request.
4. Data From Connected Integrations
When you connect a third-party platform, you authorize Maven to access data from that platform on your behalf using credentials you provide through a secure authorization (OAuth) flow. We request read-only access wherever the platform offers it, and we access only the data needed to provide reporting and analytics. Typical data we retrieve includes advertising campaign structures, performance metrics (impressions, clicks, spend, conversions), account and asset metadata, and analytics reports. We retrieve data such as:
- Advertising platforms (Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads, Microsoft Ads, Pinterest, Snapchat, and similar): campaign, ad group/set, ad, and keyword structures, and associated performance metrics.
- Analytics & web platforms (Google Analytics, Google Search Console, Google Tag Manager): aggregated traffic, engagement, and search-performance reports and configuration metadata.
- Commerce & CRM platforms (e.g., Shopify, HubSpot): order, product, and customer-relationship reporting data you authorize.
You can disconnect any integration at any time from within the Platform, which revokes Maven's ongoing access to that platform. See our Data Deletion page for how to remove data we have already stored.
5. Google API Services & Limited Use
Maven's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use data obtained through Google APIs only to provide and improve the user-facing reporting and analytics features of the Platform.
- We do not transfer this data to others except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
- We do not use this data for serving advertisements.
- We do not allow humans to read this data unless we have your affirmative consent for specific messages, it is necessary for security purposes or to comply with applicable law, or the data has been aggregated and anonymized.
When you connect a Google product, we request the following scopes for the purposes described:
- Google Ads (
adwords): read your advertising accounts, campaigns, and performance data for reporting. - Google Analytics (
analytics.readonly): read-only access to your analytics reports. - Google Search Console (
webmasters.readonly): read-only access to search-performance data. - Google Tag Manager (
tagmanager.readonly): read-only access to container and tag configuration. - Display & Video 360 (
display-video): read campaign and performance data for reporting.
6. Meta Platform Data
When you connect a Meta product (Facebook Ads, Facebook Pages, or Instagram), we access Platform Data through the Meta APIs to provide reporting and analytics to you, the connecting user. Our access and use of Meta Platform Data complies with the Meta Platform Terms and Developer Policies. We use permissions such as ads_read and business_management to read your ad accounts, campaigns, and performance metrics, and Pages/Instagram read permissions to report on content insights you authorize.
We use Meta Platform Data solely to provide the reporting features you request. We do not sell it, do not use it to serve advertising, and do not transfer it except to the service providers listed in Section 8 or as required by law. We retain Meta Platform Data only as long as needed to provide the service and delete it on request or when you disconnect the integration (see Sections 9–10).
7. Data Sharing & Disclosure
We do not sell your personal information. We may share data with:
- Service Providers (Subprocessors): Vendors who help us operate the Platform (hosting, database, data warehousing, support). See Section 8.
- Legal Requirements: When required by law, subpoena, or legal process, or to protect rights, safety, and security.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
8. Subprocessors
We use a limited set of infrastructure providers to operate the Platform. Each is bound by contractual obligations to protect your data and process it only on our instructions. Our current subprocessors include:
- Google Cloud Platform / BigQuery — cloud hosting and data warehousing.
- Supabase — application database and authentication.
- Railway — application and data-pipeline hosting.
This list may change as our infrastructure evolves; we will update it here. Contact us for the current list.
9. Data Retention
We retain your account information and connected platform data for as long as your account is active or as needed to provide the Platform. When you request deletion or close your account, we delete or anonymize your data within 30 days, except where we are required to retain it to comply with legal, tax, accounting, or security obligations.
10. Data Deletion & Removing Your Data
You can request deletion of your account and associated data at any time. For step-by-step instructions — including how to delete data sourced from Google and Meta and how to revoke Maven's access at the source — see our Data Deletion page or email us at [email protected].
11. Data Security
We implement industry-standard security measures, including encryption of data in transit (TLS) and at rest, scoped access controls, credential encryption, and regular security review. While we strive to protect your data, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. International Data Transfers
We are based in the United States and process data there. If you access the Platform from outside the United States, you understand your information may be transferred to, stored, and processed in the United States. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for transfers of personal data from the European Economic Area, United Kingdom, or Switzerland.
13. Your Privacy Rights (GDPR & Others)
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data; to object to or restrict certain processing; and to withdraw consent. We process personal data on the legal bases of performing our contract with you, your consent, our legitimate interests in operating and securing the Platform, and compliance with legal obligations.
For data we process on behalf of our business customers (such as connected platform data), we act as a processor and the customer acts as the controller. To exercise your rights, contact us at [email protected]. If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local supervisory authority.
14. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request access to and deletion of that information; and to not be discriminated against for exercising your rights. We collect the categories of information described in Section 2 for the business purposes described in Section 3. We do not sell or share your personal information as those terms are defined under California law. To exercise these rights, contact us at [email protected].
15. Cookies & Tracking Technologies
We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Platform is used. You can control cookies through your browser settings; disabling some cookies may affect Platform functionality.
16. Children's Privacy
The Platform is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
17. Third-Party Integrations
Our Platform connects to third-party advertising and analytics platforms. Your use of those integrations is also subject to those platforms' own privacy policies and terms. We access only the data necessary to provide our services.
18. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised “Last updated” date and, where appropriate, by other means.
19. Contact Us
If you have questions about this Privacy Policy or your data, contact us at [email protected].
Studious, LLC. · [Mailing address — Tennessee, USA — to be added]