Loading
Last updated: February 1, 2026
When you create a mai-bap account, we collect personal information necessary to provide and improve our services. This includes your name, email address, organization name, job title, and billing information. If you sign up using a third-party identity provider (such as Google or Microsoft SSO), we receive the profile information you authorize that provider to share with us.
We automatically collect usage data when you interact with the mai-bap platform. This includes event log upload metadata, query patterns, feature usage frequency, dashboard configurations, and interaction timestamps. We also collect device and browser information such as IP address, browser type and version, operating system, screen resolution, and referring URLs. This data helps us diagnose issues, optimize performance, and improve the user experience.
We use cookies and similar tracking technologies to maintain session state, remember your preferences, and understand how you navigate the platform. For detailed information about the cookies we use, please see Section 4 below.
Service delivery: We use your data primarily to provide, maintain, and improve the mai-bap process intelligence platform. This includes processing your event logs, generating process maps and conformance reports, executing automation workflows, and delivering real-time monitoring alerts. Your uploaded process data is analyzed solely within your tenant environment and is never shared with other customers.
Product improvement: We use aggregated, anonymized usage patterns to understand how teams interact with mai-bap, identify performance bottlenecks, prioritize feature development, and improve our machine learning models. Individual customer data is never used to train models accessible to other tenants.
Communications: We may use your contact information to send transactional emails (such as account confirmations, security alerts, and billing receipts), product updates, and — if you have opted in — marketing communications about new features and best practices. You can opt out of non-essential communications at any time from your account settings. Legal compliance: We may process your data as necessary to comply with applicable laws, respond to lawful government requests, enforce our Terms of Service, or protect the rights, property, or safety of mai-bap, our users, or others.
mai-bap does not sell, rent, or trade your personal data or process data to any third party. We share data only in the limited circumstances described in this section and only to the extent necessary to operate the platform.
We work with a carefully vetted set of sub-processors and service providers who assist us in delivering the platform. These include cloud infrastructure providers (for hosting and compute), payment processors (for billing), email delivery services (for transactional communications), and analytics tools (for aggregated product usage). Each sub-processor is contractually bound to process data solely on our behalf and in accordance with this Privacy Policy. A current list of sub-processors is available upon request.
We may disclose information if required to do so by law, regulation, or valid legal process (such as a court order or subpoena), or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our users. In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, and we will notify you before your data becomes subject to a different privacy policy.
mai-bap uses cookies and similar technologies to provide core platform functionality and understand usage patterns. We categorize cookies into the following types: Essential cookies are required for the platform to function correctly — they maintain your authenticated session, enforce security controls, and remember your workspace context. These cookies cannot be disabled without breaking core functionality.
Analytics cookies help us understand how users interact with mai-bap in aggregate. We use these to measure feature adoption, identify performance issues, and prioritize improvements. Analytics data is anonymized and never linked to your process data. Preference cookies remember your settings such as theme selection, default dashboard views, timezone, and notification preferences across sessions.
You can manage cookie preferences through your browser settings or through the cookie consent banner displayed on your first visit. Most browsers allow you to block or delete cookies, though doing so may impair certain platform features. We honor Do Not Track (DNT) signals sent by your browser. For enterprise customers, cookie preferences can also be configured at the organization level by a workspace administrator.
mai-bap implements industry-leading security measures to protect your data. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Database backups are encrypted with separate key hierarchies and stored in geographically redundant locations. Encryption keys are managed through a dedicated key management service with automatic rotation.
Our infrastructure is hosted on SOC 2 Type II certified cloud providers. mai-bap itself maintains SOC 2 Type II compliance, and we undergo annual third-party penetration testing conducted by an independent security firm. We operate a formal vulnerability disclosure program and conduct continuous automated security scanning of our application and infrastructure. Our incident response plan is tested quarterly and ensures that any security event is triaged, contained, and communicated within defined SLAs.
Enterprise customers can choose single-tenant deployment in their preferred region, bring their own encryption keys (BYOK), and configure IP allowlisting and VPN peering. All access to production systems requires multi-factor authentication and is logged in an immutable audit trail. We follow the principle of least privilege for all internal access controls.
We retain your personal data and process data for as long as your account is active and as needed to provide you with the mai-bap platform. Specific retention periods depend on your plan tier: Free plans retain event history for 7 days, Pro plans for 90 days, and Enterprise plans for a custom period as defined in your service agreement.
Upon account termination — whether initiated by you or by mai-bap — your process data will be permanently deleted from all primary systems within 30 days. Backup copies are purged within 90 days of termination. Before termination takes effect, you may export your data using our data export tools or the REST API. We provide a minimum 30-day notice period for any involuntary termination to ensure adequate time for data retrieval.
Certain data may be retained beyond these periods where required by applicable law, regulation, or legal hold. For example, billing records are retained for seven years to comply with tax obligations. Aggregated, anonymized data that can no longer be linked to any individual may be retained indefinitely for statistical and product improvement purposes.
mai-bap's primary infrastructure is located in the United States and the European Union. When your data is transferred across borders, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws. For transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States, we rely on the EU-US Data Privacy Framework and its UK and Swiss extensions.
Where the Data Privacy Framework does not apply, we use Standard Contractual Clauses (SCCs) approved by the European Commission as our transfer mechanism. We supplement SCCs with additional technical and organizational measures — including encryption, pseudonymization, and access controls — based on a transfer impact assessment conducted for each data flow. For transfers to countries that have received an adequacy decision from the European Commission, no additional safeguards are required.
Enterprise customers can restrict data processing to specific geographic regions. We offer dedicated EU-only and US-only deployment options to ensure that your data never leaves your chosen jurisdiction. A Data Processing Agreement (DPA) incorporating the latest SCCs is available for all paid plans and can be executed from your account settings.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR) and equivalent local legislation. Right of access: You may request a copy of the personal data we hold about you. Right to rectification: You may request that we correct any inaccurate or incomplete personal data. Right to erasure: You may request that we delete your personal data, subject to certain legal exceptions.
Right to data portability: You may request a machine-readable copy of data you have provided to us, which you can transfer to another service provider. Right to restriction: You may request that we restrict the processing of your personal data under certain circumstances, such as while we verify the accuracy of your data following a dispute. Right to object: You may object to our processing of your personal data for direct marketing or where we rely on legitimate interests as our legal basis.
To exercise any of these rights, contact our Data Protection Officer at privacy@mai-bap.com. We will respond to verified requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. We will never deny you service or charge a different price for exercising your privacy rights.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information. Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it has been shared.
Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions (such as legal obligations and ongoing service delivery). Right to opt out: You have the right to opt out of the "sale" or "sharing" of your personal information. mai-bap does not sell personal information as defined by the CCPA. We do not use your data for cross-context behavioral advertising.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service, different pricing, or be denied access to mai-bap for making a privacy request. To submit a CCPA request, contact us at privacy@mai-bap.com. We will verify your identity before processing your request and respond within 45 days.
mai-bap is a business-to-business process intelligence platform and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@mai-bap.com and we will promptly delete such information from our systems.
If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take immediate steps to delete that data. We encourage parents and guardians to monitor their children's internet usage and to help enforce this policy by instructing their children never to provide personal information through the mai-bap platform without their permission.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will notify you by sending an email to the address associated with your account and by posting a prominent notice on the mai-bap dashboard at least 30 days before the changes take effect.
Non-material changes — such as formatting adjustments, clarifications that do not alter the substance of our practices, or updates to contact information — may be made without advance notice, though the "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this policy periodically. Your continued use of mai-bap after a change becomes effective constitutes your acceptance of the revised policy. If you do not agree with the updated terms, you may close your account at any time.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at privacy@mai-bap.com. We aim to respond to all privacy-related inquiries within five business days.
mai-bap has appointed a Data Protection Officer (DPO) to oversee our compliance with applicable data protection laws. You can reach our DPO directly at dpo@meridian.io. Our DPO is responsible for monitoring internal compliance, advising on data protection impact assessments, and serving as the point of contact for supervisory authorities.
If you are located in the EEA and believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your local supervisory authority. A list of EU Data Protection Authorities and their contact details is available at edpb.europa.eu. We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us first.