← Back to home

Privacy Policy

Last updated: May 2026

1. Data Controller

Maverick Reporting is operated by Maverick SAS, a company headquartered in Paris, France.

Contact: contact@maverick.paris

2. Data We Collect

• Account information: agency name, contact email, billing details
• OAuth tokens: encrypted (AES-256), used to access authorized social media APIs on behalf of our users
• Social media metrics: aggregated performance data retrieved via official APIs (Meta, TikTok, LinkedIn) — including reach, impressions, engagement, video views, follower counts, campaign performance, etc.
• Usage data: timestamps of report generation, login events, basic analytics for service improvement

3. Purpose of Processing

• Generate consolidated performance reports for marketing agencies and their clients
• Display authorized social media metrics in dashboards and PDF/HTML reports
• Manage user accounts, authentication, and billing
• Improve our service quality and detect fraud or abuse

4. Legal Basis (GDPR Article 6)

• Performance of contract: between Maverick SAS and the subscribing agency
• Explicit consent: when the end client authorizes API access via OAuth on social media platforms
• Legitimate interest: security, fraud prevention, service improvement

5. Data Sharing

We do NOT sell, share, or transfer your data to third parties for marketing or advertising purposes. Data is shared only between the agency and its authorized end client, as defined in the agency's contract.

We may use third-party processors (cloud hosting, email delivery) bound by strict data processing agreements compliant with GDPR.

6. Data Retention

• OAuth tokens: retained as long as the account is connected. Deleted upon disconnection.
• Social media metrics: retained for 30 to 90 days for report generation purposes
• Account data: retained for the duration of the contract + 3 years (legal obligations)
• Backups: retained for 30 days maximum

7. Security

• All sensitive data is encrypted at rest using AES-256
• TLS 1.2+ for all data in transit
• Database hosted in the European Union (Hetzner Germany, Frankfurt)
• Restricted access via role-based authorization
• Regular security audits

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to access your data
• Right to rectification of inaccurate data
• Right to deletion ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to restriction of processing
• Right to lodge a complaint with the French data protection authority (CNIL)

To exercise these rights, contact us at contact@maverick.paris. We will respond within 30 days.

9. Cookies

Our platform does not use tracking or advertising cookies. Functional cookies are used only for authentication and session management.

10. International Transfers

Data remains in the European Union (Germany). No transfer outside the EU is made for production data.

11. Children's Privacy

Our service is intended exclusively for professional use by adults. We do not knowingly collect data from minors under 18.

12. Changes to This Policy

Material changes will be communicated via email and reflected on this page. The "Last updated" date at the top indicates the latest revision.

13. Contact

For any privacy-related question or to exercise your rights: contact@maverick.paris