Trust & Security

Key questions and answers about how we protect your data. For full details, see our agreements and Privacy Policy linked below.

SOC 2 Report badge
No. None of the Maxma platform uses individual-level information or PII. For products that need first-party data (e.g. MMM and Incrementality Testing), we ask for aggregated, non-PII data — for example, metrics at date × geo granularity.
Customer data is hosted securely in Amazon Web Services in the United States. We maintain a dedicated managed database per client for primary inputs and outputs across our products. Data stores are not exposed to the public internet — access is restricted to our application hosts and whitelisted IPs only (no open public IP access), to reduce the risk of unauthorized access. You can delete your data at any time or when you exit.
Tokens and keys (e.g. platform integration tokens for ad platforms) are encrypted and stored securely using AWS KMS (Key Management Service).
We do not use your customer data to train Maxma AI models. If we ever change that approach, we can let you opt out so your data stays excluded from any such training.
We use OpenAI, Anthropic (Claude), and Google Gemini for AI-assisted features. Information sent to LLMs should be non-identifying unless you choose to add identifying details (e.g. let LLM know your company name). Maxma products are composable: you can use Maxma without LLM features or turn them off (e.g. Marketing Mix Modeling only).
Yes. We are SOC 2 Type 1 certified. Customers can request our SOC 2 report under NDA.
Full details are in our Data Sharing and Use Agreement and Privacy Policy. For security questionnaires or to request a SOC 2 report, contact support@maxma.ai.

Last updated: March 2025.