— Security & data handling

Your accounts.
Your tokens.
Your budget.

Mayaa is a tenant in your platforms, not a custodian of your money. Here's exactly what we touch, how, and where.

The product handles ad budgets. We treat that as a real engineering and operational responsibility, not as a checkbox. Below are the things we'll commit to in writing — and the ones we are explicit about not doing.

What we commit to

  • — Tokens

    OAuth only · your scopes, your revocation

    We never store your platform passwords. Connections to Meta, Google, LinkedIn and Mailchimp use OAuth with the narrowest scopes required. You can revoke any connection from inside the source platform in one click — we honour the revocation immediately.

  • — Ad spend

    Billed by the platform, never via us

    Marcus, Rohan and Aisha operate inside your ad accounts. Meta, Google, LinkedIn and TikTok charge your card directly. Mayaa never holds, moves or invoices ad spend.

  • — Encryption

    TLS in transit · AES-256 at rest

    All inbound and outbound traffic is TLS 1.2+. Tokens and account data are encrypted at rest in our managed Postgres with AES-256.

  • — Model providers

    Customer data is not used to train models

    We route per task across Claude and Gemini under enterprise terms that exclude your data from training corpora. We don't fine-tune on customer data ourselves.

  • — Deletion

    30-day delete on request, cancellation, or revocation

    On account cancellation, chat history and operational data are deleted within 30 days. Your ad accounts, audiences, creative library and content remain in the platforms where they live — they're yours.

  • — Audit log

    Every agent action is logged with the inputs it saw

    If something happens you didn't expect, you can trace what the agent saw, what it proposed, and what was approved — by whom and when.

What we are working on

SOC 2 Type II. Audit underway. We expect a Type I report this quarter and Type II within the calendar year. We will not claim it before it lands.

BYO model keys. Enterprise customers will be able to bring their own Anthropic or Google API keys on the Scale plan — usage credited at provider cost, no markup, no escrow. Roadmap item.

BYO data warehouse. An export connector that mirrors agent-action logs and metric snapshots into your warehouse (BigQuery, Snowflake) for your own analysts. In design.

Reporting an issue

Email security@mayaa.agency with the specifics. We respond within one business day and treat coordinated disclosure with the seriousness it deserves.