Security and data handling
This page explains, in plain language, how Maivas protects your data. Maivas is operated by Move Me Media Pty Ltd (ACN 699 626 385). A detailed security overview is available to customers and platform reviewers on request.
The short version: Maivas holds the keys to your marketing accounts, so we treat those keys as the most sensitive thing in the system. They are encrypted before they are stored, the keys that could unlock them are held separately, and they are never shown in the app.
Your connection credentials
When you connect an account (Meta, Google, GoHighLevel and so on), Maivas needs a token or key to act inside it on your behalf. We protect these by encrypting them before they are stored, holding the keys that could unlock them separately from the database, and never showing them in the app or sending them to your browser. When you disconnect an account, the stored credential is removed.
Isolation between businesses
Every business is a separate, walled-off tenant. One business can never read another's data, and access is further limited by role and by site, so a staff member can only see what their role and their assigned locations allow.
The human approval gate
Maivas does not act on the outside world on its own. Outbound actions pass through an approval gate, and there is a hard rule: anything that spends money always requires a person to approve it. You can also engage a kill switch that stops all activity, or all spending, at once.
Audit trail
Every meaningful action is recorded: who did what, and when. This gives you and us a clear history and supports investigation if anything looks wrong.
Our team's access
Members of the Move Me Media team can access your workspace to set it up and support you. Access is managed by our administrators: most of our team receive access to a specific workspace for a specific purpose, and a small number of senior administrators hold standing access so any account can be supported and fixed at any time. Who has access, and every meaningful action they take, is recorded and visible to you. Our team never overrides your own approvals, and anything that spends money still requires your approval. If you have a concern about our team's access, contact us and we will work with you to address it.
Encryption
All traffic to and from the Service is encrypted in transit, and stored data is encrypted at rest. Your connection credentials get the additional protection described above.
Where your data is held
Maivas runs on trusted infrastructure providers, with Australian customers' primary data held in Australia. Billing is handled by Stripe, and we do not store your card details. The full list of providers, the data each handles, and its region is on the Sub-processors page.
AI and your data
Where Maivas sends your business content to an AI provider to produce an asset, our terms with that provider prevent your data being used to train its general-purpose models. Any learning Maivas does across businesses is de-identified and aggregated, and never includes your raw data. See the Privacy Policy.
Data breaches
If a breach occurs that is likely to result in serious harm, we will contain it, notify affected people and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme, and remediate.
Reporting a vulnerability
If you believe you have found a security issue, please tell us. See Responsible Disclosure or email info@movememedia.com.au. We welcome good-faith reports.
Want more detail?
Customers, enterprise prospects and platform reviewers can request our detailed security overview, which covers our encryption approach, tenant isolation, access controls, hosting and retention, and incident response. Email info@movememedia.com.au.