Privacy Policy

MaveroAI ("MaveroAI", "we", "us", "our") acts as the data controller for personal data collected through our website and marketing channels, and as a data processor on behalf of our business clients ("Clients") for personal data processed by our AI agents within Client environments.

For any privacy-related inquiry, contact our privacy team at privacy@maveroai.com.

We process the following categories of personal data:

• Business contact data: full name, company name, business email, role, and country.
• Phone numbers: we process end-user phone numbers where required to maintain booking continuity and to enable multi-channel API integrations such as Meta Messenger, WhatsApp Business, and SMS notification providers operated on behalf of our Clients.
• Session and conversation data: message history, conversation identifiers, channel metadata, and timestamps required to maintain stateful AI agent behavior across sessions and channels.
• Calendar data: event titles, start/end times, attendees, and availability windows accessed through Google Calendar OAuth scopes for the sole purpose of automated booking on behalf of the Client.
• Technical data: IP address, device, browser, language, and aggregated usage analytics required to operate, secure, and improve the service.

MaveroAI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We request the minimum Google Calendar OAuth scopes strictly necessary to read, create, and modify calendar events for automated booking workflows that the Client has explicitly configured (for example, scheduling qualified leads into a sales calendar or rescheduling existing appointments through an AI agent).

Specific OAuth scopes requested:

• https://www.googleapis.com/auth/calendar.events — to create, read, update, and delete events on calendars the Client has explicitly authorized for automated booking.
• https://www.googleapis.com/auth/calendar.readonly — to read existing events and free/busy information in order to determine availability before proposing or confirming a booking slot.
• https://www.googleapis.com/auth/calendar.calendarlist.readonly — to list the calendars available to the authorized account so the Client can select which calendar the AI agent may write to.

These scopes are used exclusively for automated booking on behalf of the Client and for no other purpose. We do not, and will not, use Google Calendar data for advertising, profiling, retargeting, lead scoring for third parties, or any marketing activity — whether for MaveroAI, the Client, or any other party.

We further affirm that data obtained through Google APIs is:

• never used for advertising purposes;
• never sold or transferred to data brokers, information resellers, or any other party for advertising or marketing;
• never used to train, fine-tune, or improve generalized or third-party AI / ML models;
• only accessible to authorized personnel and automated systems where strictly required to operate, support, or secure the booking integration, or where required by law.

We process personal data on the following legal bases under GDPR Article 6:

• Performance of a contract — to deliver the AI automation services agreed with our Clients.
• Legitimate interests — to secure our infrastructure, prevent abuse, and improve our services without disproportionately impacting individuals.
• Consent — for optional analytics and marketing cookies, and for any processing that is not strictly necessary for the service.
• Legal obligation — to comply with applicable tax, accounting, and regulatory requirements.

To deliver the service, MaveroAI relies on a limited set of vetted third-party sub-processors. Each sub-processor is bound by a written data processing agreement and provides contractual guarantees compatible with GDPR Article 28.

• OpenAI — large language model inference for AI agent generation. Customer data sent to the API is not used to train OpenAI's foundation models under our enterprise terms.
• Make.com — workflow orchestration and data routing between Client systems, messaging channels, and our agents.
• Airtable — structured database storage for Client configuration, conversation metadata, and operational records.
• Google LLC — Google Calendar APIs for booking workflows, under the conditions described in Section 3.
• Cloud hosting providers located in the European Union for application hosting, logging, and backups.

An up-to-date list of sub-processors is available on request by writing to privacy@maveroai.com.

Where personal data is transferred outside the European Economic Area (for example, to OpenAI or Google in the United States), such transfers are protected by the European Commission's Standard Contractual Clauses, supplementary technical and organizational measures, and, where applicable, the EU–US Data Privacy Framework.

We apply enterprise-grade safeguards including encryption in transit (TLS 1.2+) and at rest, principle-of-least-privilege access controls, secrets management, audit logging, vendor due diligence, and continuous monitoring. Production data is segregated from development environments, and access to Client data is restricted to authorized personnel with a documented business need.

We retain personal data only for as long as necessary to deliver the service, comply with legal obligations, resolve disputes, or enforce our agreements. Conversation and session data are retained for the duration of the Client engagement and are deleted or anonymized within a reasonable period after termination, unless a longer retention period is required by law.

Under GDPR you have the right to access, rectify, restrict, port, and object to the processing of your personal data, to withdraw consent at any time, and to lodge a complaint with your supervisory authority.

Right to be forgotten: to request deletion of your personal data, send a written request to privacy@maveroai.com with the subject line "Data Deletion Request". We will respond within 30 days in accordance with GDPR Article 17.

We use a small number of cookies and similar technologies. Strictly necessary cookies are required for the site to function (for example, remembering your language and cookie choice). Optional analytics and marketing cookies are only set after you grant consent through our cookie banner, and you can change or withdraw that consent at any time.

For privacy questions, sub-processor disclosures, or to exercise your rights, contact our Data Protection team at privacy@maveroai.com.