Skip to main content
Mavrick
> legal

Privacy Policy

Effective: April 21, 2026

Mavrick (“Mavrick,” “we,” “us,” or “our”) is operated by NLVL Inc. This Privacy Policy describes how we collect, use, and protect information when you use our Slack application and related services (the “Service”).

If you have questions, contact us at hello@getmavrick.com.

1. Information we collect

We collect the minimum information needed to operate the Service:

  • Slack workspace data: When you install Mavrick to your Slack workspace, Slack provides us with your workspace ID, your user ID, and the OAuth tokens required to operate the bot. We store only the scopes you explicitly grant.
  • Commands you send: The text of commands you send to @Mavrick is processed to determine intent and execute the requested action. We retain command logs for up to 90 days for debugging and audit purposes.
  • Third-party service tokens: When you connect an integration (Meta Ads, Google Ads, Stripe, HubSpot, etc.), you authorize Mavrick to act on your behalf via OAuth. Tokens are stored encrypted at rest and never exposed to our AI models or your teammates.
  • Account and billing data: Email address, workspace name, and subscription details used to manage your account and send transactional messages.

2. How we use your information

  • To execute commands on your behalf against connected third-party services
  • To deliver reports, summaries, and outputs back to your Slack workspace
  • To manage your subscription and send billing-related emails
  • To debug errors and improve the Service
  • To comply with legal obligations

We do not use your data to train AI models. We do not sell your data. We do not share your data with third parties except as described in this policy or with your explicit consent.

3. Data isolation

Each Mavrick workspace operates in an isolated tenant. Row-level security in our database ensures one workspace cannot access another’s data. OAuth tokens are scoped per workspace and stored in an encrypted vault. The AI model processes only the output of authorized tool calls — it never receives raw tokens or credentials.

4. Third-party services

Mavrick connects to third-party services solely to carry out the actions you request. When you command Mavrick to pull data from Meta Ads, Mavrick makes an API call to Meta using the token you authorized — it does not store the returned data indefinitely. Data returned from third-party APIs is used to generate a response and then discarded, unless you explicitly ask Mavrick to save it somewhere (e.g., a Google Sheet or Notion page).

Third-party services have their own privacy policies that govern their data handling. We recommend reviewing the policies of any service you connect to Mavrick.

5. Data retention

  • Command logs and tool outputs: 90 days
  • OAuth tokens: retained until you disconnect the integration or delete your account
  • Billing records: 7 years (legal requirement)
  • Account deletion: upon request, we delete all workspace data within 30 days

6. Security

We take security seriously. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). OAuth tokens are stored in an isolated encrypted vault. We conduct regular access reviews and maintain the principle of least privilege across our infrastructure. For more detail, see our Security page.

7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at hello@getmavrick.com. We will respond within 30 days. If you are in the European Economic Area, you may also lodge a complaint with your local supervisory authority.

8. Cookies

The marketing website (getmavrick.com) uses minimal, essential cookies only — session management and analytics (Vercel Analytics, which is cookieless and privacy-friendly). We do not use advertising cookies or third-party tracking pixels.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy as the Service evolves. Material changes will be communicated via email to workspace administrators or via an in-app notification. The effective date at the top of this page reflects the most recent update.

11. Contact

NLVL Inc.
hello@getmavrick.com