Maivas Docs Open the app

Security and data handling

Version 1.1. Last updated 4 July 2026.

This page explains, in plain language, how Maivas protects your data. Maivas is operated by Move Me Media Pty Ltd (ACN 699 626 385). A detailed security overview is available to customers and platform reviewers on request.

The short version: Maivas holds the keys to your marketing accounts, so we treat those keys as the most sensitive thing in the system. They are encrypted before they are stored, the keys that could unlock them are held separately, and they are never shown in the app.


Your connection credentials

When you connect an account (Meta, Google, GoHighLevel and so on), Maivas needs a token or key to act inside it on your behalf. We protect these by encrypting them before they are stored, holding the keys that could unlock them separately from the database, and never showing them in the app or sending them to your browser. When you disconnect an account, the stored credential is removed.

Isolation between businesses

Every business is a separate, walled-off tenant. One business can never read another's data, and access is further limited by role and by site, so a staff member can only see what their role and their assigned locations allow.

The human approval gate

Maivas does not act on the outside world on its own. Outbound actions pass through an approval gate, and there is a hard rule: anything that spends money always requires a person to approve it. You can also engage a kill switch that stops all activity, or all spending, at once.

Audit trail

Every meaningful action is recorded: who did what, and when. This gives you and us a clear history and supports investigation if anything looks wrong.

Our team's access

Members of the Move Me Media team can be granted access to your workspace to set it up and support you. Grants are per-workspace, recorded, and you can revoke them at any time. Our team never overrides your own approvals.

Encryption

All traffic to and from the Service is encrypted in transit, and stored data is encrypted at rest. Your connection credentials get the additional protection described above.

Where your data is held

Maivas runs on trusted infrastructure providers, with Australian customers' primary data held in Australia. Billing is handled by Stripe, and we do not store your card details. The full list of providers, the data each handles, and its region is on the Sub-processors page.

AI and your data

Where Maivas sends your business content to an AI provider to produce an asset, our terms with that provider prevent your data being used to train its general-purpose models. Any learning Maivas does across businesses is de-identified and aggregated, and never includes your raw data. See the Privacy Policy.

Data breaches

If a breach occurs that is likely to result in serious harm, we will contain it, notify affected people and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme, and remediate.

Reporting a vulnerability

If you believe you have found a security issue, please tell us. See Responsible Disclosure or email info@movememedia.com.au. We welcome good-faith reports.


Want more detail?

Customers, enterprise prospects and platform reviewers can request our detailed security overview, which covers our encryption approach, tenant isolation, access controls, hosting and retention, and incident response. Email info@movememedia.com.au.