Data Deletion Policy

Maven is committed to giving you full control over your data. This page explains what data we store, how to request deletion, and what happens when you disconnect a platform or delete your account.

1. What Data Does Maven Store?

1.1 Account Data

Your name, email address, company name, and organization membership information stored in our authentication provider (Supabase).

1.2 OAuth Tokens (Encrypted)

When you connect an advertising platform (Meta, Google, or TikTok), we store OAuth access tokens and refresh tokens. These tokens are encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 message authentication) before they reach our database. Encryption keys are managed through Google Cloud Secret Manager and are never exposed in application code.

1.3 Business DNA

Brand identity data extracted from website URLs you provide, including core identity, target audience, brand voice, value propositions, visual identity, and related attributes. Stored as structured JSON in your organization's record.

1.4 Brand Kit

User-curated brand guidelines including uploaded logos (stored in Supabase Storage), color palettes, typography preferences, voice attributes, and visual style settings.

1.5 Generated Content

AI-generated ad campaigns, angles, briefs, and ad images. Images are stored in Supabase Storage (ad-images bucket). Campaign metadata and copy are stored in database tables.

1.6 Analysis Results

Ad performance analysis results including behavioral science scores, diagnostic reports, and AI-generated recommendations.

1.7 Usage Analytics

Anonymized usage counts for quota enforcement (number of analyses run, ads generated, DNA extractions, etc.).

2. Disconnecting a Platform

When you disconnect a connected advertising platform from your Maven dashboard:

• Your encrypted OAuth tokens (access token and refresh token) are permanently deleted from our database immediately
• Maven attempts to revoke the token with the platform provider (best-effort)
• Maven can no longer access any data from that platform on your behalf
• Previously generated analysis results and ad content remain in your account (they are yours)

This action is immediate and irreversible. To re-connect, you will need to go through the OAuth flow again.

3. Deleting Your Account

To request complete account deletion, you can:

• Email us at support@gomaven.ai from the email address associated with your account
• Include "Account Deletion Request" in the subject line

What gets deleted:

• Account credentials — Your Supabase Auth record (email, password hash, sessions)
• Organization data — Your organization record and membership
• OAuth tokens — All encrypted tokens for all connected platforms (permanently deleted)
• Business DNA — All extracted brand profile data
• Brand Kit — All brand settings and uploaded logos from Supabase Storage
• Generated content — All ad campaigns, angles, briefs, and generated images from Supabase Storage
• Analysis results — All diagnostic reports and performance analyses
• Usage records — All quota tracking data

What is retained:

• Anonymized aggregate analytics — Fully de-identified usage statistics that cannot be linked back to your account (used for product improvement)
• Waitlist entry — If you joined our waitlist before signing up, that record (name, email) is retained separately. Email us to have it removed.

4. Deletion Timeline

• Platform disconnection: Immediate (tokens deleted within seconds)
• Account deletion request: Processed within 7 business days
• Storage cleanup: Generated images and brand assets are purged from Supabase Storage within 30 days of account deletion
• Backups: Data may persist in encrypted database backups for up to 30 days after deletion, after which backups are rotated

5. Data Portability

Before deleting your account, you may export your data:

• Generated ads: Download from the Generated Ads tab in your dashboard
• Brand Kit: Copy or screenshot your brand settings before deletion
• Analysis results: Export is available within the Analysis section of the dashboard

If you need a full data export in a machine-readable format, contact us at support@gomaven.ai and we will provide a JSON export within 7 business days.

6. Meta Platform Data Deletion Callback

In compliance with Meta Platform requirements, Maven supports data deletion callbacks. When a user removes Maven from their Meta account settings, we receive a callback notification and automatically:

• Delete all encrypted Meta OAuth tokens associated with that user
• Remove the Meta connected account record
• Log the deletion event for compliance audit

This process is fully automated and does not require any action from you.

7. Contact Us

For any questions about data deletion or to submit a deletion request, contact us at support@gomaven.ai.