MEV LAYER  //  LEGAL

MEV Layer Privacy Policy

Effective date: June 11, 2026  ·  Last updated: June 11, 2026

MEV LAYER LLC and its affiliates (“MEV Layer,” “we,” “us,” or “our”) build software and provide services that help businesses manage, measure, and optimize their advertising and commerce operations, including tools built on the Amazon Ads API and other Amazon APIs. This Privacy Policy describes how we collect, use, store, protect, share, and delete personal information when you visit our websites, use our applications and services (together, the “Services”), or otherwise interact with us, and the choices and rights available to you.

1. Our role: controller and service provider

For the personal information described in this policy — such as information about visitors to our websites, prospective customers, and the individual users of our Services — MEV LAYER LLC decides how and why that information is processed and, where laws such as the EU or UK GDPR apply, acts as the “controller,” unless we tell you otherwise. In certain circumstances an affiliate of ours may act as the controller instead, depending on which entity provides the relevant Services to you.

Much of the data that moves through our Services, however, belongs to our business customers. When we handle advertising accounts, campaign data, or reporting at a customer’s direction, we do so as that customer’s service provider (or “processor”), acting on their instructions. In those situations the customer’s own privacy policy governs, and if you reach out to us about data we hold on a customer’s behalf, we may direct your request to that customer so it can be handled properly.

2. Information we collect

Information you provide to us

You may provide personal information when you create an account, request a demo or quote, purchase or sign up for the Services, subscribe to updates, register for an event, request support, or communicate with us by email, phone, web form, or otherwise. This typically includes your name, email address, phone number, company, job title, and the contents of your communications, and may include billing details where you make a purchase. Some Services let you add optional profile details, such as a photo, which you can change or remove whenever you like.

Information collected automatically

When you use our websites or Services, we and our analytics providers automatically log certain technical and usage data: IP address, device and browser type, operating system, language and time zone, approximate location derived from IP address, referring pages, sign-in records, and how you navigate and interact with our pages and features. Some of this data is collected through cookies and similar technologies; our Cookie Policy explains these in more detail and how you can manage them.

Information from other sources

We sometimes supplement what we hold with information from third parties and publicly available sources — for example, business contact databases, company websites, and professional or social networks — so that our records stay accurate and we can communicate with the right people. This may include name, role, employer, demographic details, and business contact information such as email address, postal address, and phone number.

Information from platforms you connect

If you link a third-party account to our Services — for example, an Amazon advertising or seller account — we receive data from that platform under the authorization you grant. Section 3 explains how we handle this data.

3. Amazon Ads API and connected platform data

Parts of our Services interoperate with third-party platforms, including the Amazon Ads API, Login with Amazon, and other Amazon APIs. We refer to data received through these integrations as “Platform Data.” We handle Platform Data as follows:

  • Access requires your authorization. We only obtain Platform Data after you, or the business you represent, expressly approve our application through the platform’s own consent flow (such as Login with Amazon / OAuth). You can revoke that authorization at any time in your platform account settings, and once revoked we stop retrieving new data from the account.
  • Scope of the data. Depending on the integration and the permissions granted, Platform Data may include account and profile identifiers, campaign settings and configurations, advertising performance and reporting metrics, and related business records exposed by the API.
  • Purpose limitation. We use Platform Data only to deliver, operate, secure, troubleshoot, and improve the Services you have requested — for example, campaign management, optimization, reporting, and analytics — and otherwise only as permitted under our agreements with the platform, including Amazon’s program policies and data protection requirements.
  • What we never do with it. We do not sell Platform Data, we do not use it for our own advertising or marketing, and we do not disclose it to third parties other than service providers processing it on our behalf to run the Services, or where the law requires disclosure.
  • Safeguards. Platform Data is encrypted in transit and at rest, and access is restricted to personnel who need it to operate the Services, consistent with the measures described in Section 11.
  • Retention and deletion. We keep Platform Data only as long as needed to provide the Services and as our platform agreements and applicable law allow. When it is no longer required — including after you request deletion, revoke authorization, or end your use of the Services — we delete or de-identify it within a reasonable period, unless the law requires us to retain it.

MEV Layer is an independent company; we are not affiliated with, sponsored by, or endorsed by Amazon. Your use of Amazon’s own websites and services is governed by Amazon’s privacy notice, not this policy.

4. How we use information and our legal bases

The table below summarizes why we process personal information. Where laws such as the EU or UK GDPR apply, it also identifies the legal basis we rely on, including the legitimate interests we pursue.

What we doWhy we are permitted to
Provide the Services, set up and administer accounts, process payments, and manage our contractual relationship with you.Performance of a contract with you, or steps taken at your request before entering one.
Meet our legal and regulatory obligations, including tax, accounting, and lawful requests from authorities.Compliance with legal obligations that apply to us.
Run, administer, and improve our business, products, Services, and events.Our legitimate interest in operating and developing our business effectively.
Send you information about our products and Services, unless you object (see Section 5), including via our affiliates (see Section 6).Our legitimate interest in promoting and growing our business; your consent where the law requires it.
Share information with selected partners and event sponsors as described in Section 6.Our legitimate interest in growing our business together with our partners.
Monitor and secure our systems, websites, and applications, including automated monitoring tools.Our legitimate interest in network and information security.
Perform analytics to understand, predict, and improve how the Services perform and how people use them (see our Cookie Policy for website analytics).Our legitimate interest in running our business well and giving users a good experience.
Where the Services include user directories or collaboration features, help participating users find and reach the right people.Our legitimate interest in operating those features for their participants.

Where we rely on your consent, you can withdraw it at any time; doing so does not affect processing that took place beforehand.

5. Marketing communications

We may contact business users and prospects about products, Services, events, and content we believe are relevant to them, in line with applicable marketing laws. Platform Data described in Section 3 is never used for these purposes.

Our marketing emails may contain technologies (such as pixels and tracked links) that tell us whether a message was opened and which links were clicked, and — together with cookies — which pages of our websites were visited afterward. We use this to gauge interest and make our outreach more relevant.

We also maintain a customer relationship management (CRM) system containing business contact records drawn from our interactions with you, your engagement with our emails and websites, and publicly available professional information (for example, a published article, press release, or public professional profile). We may connect these records across our sites and channels to build an accurate picture of our business relationship.

Opting out is simple: use the unsubscribe link in any marketing email we send, or write to privacy@mevlayer.ai to opt out of marketing or to ask that your details be removed from our CRM.

6. How we share information

We share personal information only with:

  • Affiliates — entities under common ownership with MEV LAYER LLC, for the purposes described in this policy, including communications about their related products and services;
  • Vendors and service providers — companies that host our infrastructure, process payments, provide analytics, support our marketing operations, or advise us professionally, in each case bound by confidentiality and data protection obligations and permitted to use the information only to perform services for us;
  • Event partners and sponsors — where we host or take part in events, we may share attendee details with sponsors or co-hosts so they can plan the event experience and relevant invitations, and we may facilitate business introductions in particular industries;
  • Authorities and other parties when required — courts, regulators, and law enforcement where disclosure is required or permitted by law, or where necessary to protect our rights, users, or the public; and
  • Successors in a corporate transaction — in connection with an actual or contemplated merger, acquisition, financing, reorganization, or sale of assets, where personal information may form part of the transferred business.

Platform Data is shared only as described in Section 3. Whenever we disclose personal information, we take steps designed to ensure it remains protected consistent with applicable privacy laws and our internal standards.

7. Sensitive information

Our Services are business tools, and we neither need nor ask for sensitive personal information — categories such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric or genetic data, sexual life or orientation, or criminal history. Please do not submit it to us. If a specific situation ever requires us to collect such information, we will do so only as applicable law allows and, where required, with your consent.

8. No use by anyone under 18

The Services are intended for adults conducting business and are not directed at anyone under 18. We do not knowingly collect personal information from anyone under 18, and our websites are not designed to attract them. If you believe someone under 18 has provided us with personal information, contact privacy@mevlayer.ai and we will take steps to delete it.

9. Where information is processed

We are based in the United States and may process information in the United States and other countries where we, our affiliates, or our service providers operate. These countries may have privacy laws that differ from those where you live. Where applicable law requires safeguards for cross-border transfers, we use recognized mechanisms such as standard contractual clauses or transfers to jurisdictions covered by adequacy decisions. You can request more detail about these safeguards at privacy@mevlayer.ai.

10. How long we keep information — and how we delete it

We keep personal information only as long as it is needed for the purposes described in this policy, unless the law requires or permits a longer period. Our retention decisions weigh:

  • what the information is used for, now and in the foreseeable future;
  • our legal, regulatory, and contractual obligations, including commitments to platforms such as Amazon; and
  • what we need to maintain our relationship with you and deliver the Services.

Once information is no longer needed, we delete it or render it non-identifiable using disposal methods appropriate to how it is stored. You can also ask us to delete your information as described in Section 12, and Platform Data is deleted as described in Section 3.

11. How we protect information

We maintain administrative, technical, and physical safeguards aligned with industry data security standards and proportionate to the sensitivity of the information we handle. These include, as appropriate:

  • encryption of personal information in transit and at rest, and pseudonymization where suitable;
  • access controls and authentication so that only personnel with a need can reach personal information;
  • measures to preserve the confidentiality, integrity, availability, and resilience of our processing systems;
  • backup and recovery capabilities to restore access to data promptly after a physical or technical incident; and
  • regular testing and evaluation of how well these technical and organizational measures are working.

We also operate an incident response process for receiving, tracking, assessing, and resolving security vulnerability reports and suspected or confirmed incidents involving personal data, and we notify affected parties and regulators where applicable law or our contracts require. To report a vulnerability or suspected incident, email privacy@mevlayer.ai.

No internet transmission or storage system can be guaranteed 100% secure, so while we work hard to protect your information, we cannot promise absolute security.

12. Your privacy rights and choices

Depending on where you live and the law that applies, you may have some or all of these rights over your personal information:

  • to know what we hold about you and obtain a copy (access);
  • to have inaccurate or incomplete information corrected;
  • to have your information deleted;
  • to restrict or object to certain processing, including processing based on legitimate interests and any use for direct marketing;
  • to receive your information in a portable format;
  • to withdraw consent at any time, where consent is the basis for processing; and
  • to exercise these rights without being treated differently for doing so.

To exercise any right, email privacy@mevlayer.ai. We may need to verify your identity first, and we will respond as applicable law requires. These rights are subject to exceptions and limits under applicable law, and if your request concerns data we process on a business customer’s behalf (see Section 1), we may pass it to that customer. You may also have the right to complain to your local data protection or supervisory authority — though we would welcome the chance to resolve your concern directly first.

Our websites and Services may link to or work alongside websites, platforms, and services that we do not control, including Amazon. Their privacy practices are their own; this policy does not cover them, and we are not responsible for how they handle your information. We encourage you to read the privacy policies of any third-party service you use.

14. Updates to this policy

We may revise this Privacy Policy as our practices, technology, or legal obligations evolve. When we do, we will update the “Last updated” date above and, where the law requires, give you additional notice. Please check back periodically; continuing to use the Services after an update signifies your acknowledgment of the revised policy to the extent the law permits.

15. Contact us

Questions about this policy, our privacy practices, or your rights? Reach us at privacy@mevlayer.ai.

MEV LAYER LLC

← RETURN TO THE GRID