How MTAA Operates

Bar-card-clean advertising operations for plaintiff law firms.

Every line item documented. Every claimant traceable to the ad that found them. Every dollar of Meta spend verifiable by the firm on its own account.

In one paragraph

Mass Tort Ad Agency is an advertising operator, not a case marketplace and not a data warehouse. MTAA runs Meta advertising against firm-owned ad accounts, firm-owned pixels, and firm-approved creative; leads flow to CloudIntake or directly to the firm's CRM within seconds of submission. MTAA does not store medical records, signed retainers, or claimant case files — those live with the firm and its intake operator, where bar rules and HIPAA-style controls actually belong. Every dollar of ad spend is independently verifiable by the firm in its own Meta Business Manager. Every signed claimant is traceable through a complete chain of custody: ad creative → click → landing page → express written TCPA consent → submission → intake → retainer. The architecture is designed for one thing — that a firm's relationship with every signed client is a direct, first-contact, attorney-client relationship, with documentation that holds up under MDL claw-back, federal RICO scrutiny, and state-bar review.

What MTAA touches — and what MTAA does not

MTAA operates

  • Meta ad creative (firm-approved, in writing)
  • Audience targeting and lookalike construction
  • Landing pages with TCPA-compliant consent capture
  • Pixel infrastructure (configured on the firm's ad account)
  • Media buying and daily campaign optimization
  • Lead routing to CloudIntake or firm CRM
  • Ad spend reporting reconcilable to Meta billing

MTAA does not touch

  • Medical records or claimant histories
  • Signed retainers
  • Attorney-client communications
  • Settlement disbursements
  • Legal strategy or case selection inside the MDL
  • Trust accounts or claimant funds
  • Bar admission-protected work product

This split is the answer to the SOC 2 question: SOC 2 certifies controls over data you hold. MTAA is structured to not hold that data in the first place. The intake operator and the law firm are the right custodians for sensitive claimant information, and they document their own controls accordingly.

Operational chain of custody

Every signed claimant on a tort MTAA ran can be traced through six discrete steps, each with its own record:

  1. Ad creative — approved in writing by the firm of record before the ad goes live. Approval record retained with the campaign file.
  2. Click event — pixel fire on the firm's Meta pixel, with ad ID, campaign ID, and ad set ID bound to the click.
  3. Landing page view — server log records the landing page version served, the timestamp, and the inbound ad ID.
  4. Express written TCPA consent — consent language displayed above the submit button, with timestamp, IP, user agent, and originating ad ID recorded at submission.
  5. Lead submission — POST recorded with full payload to MTAA's lead-routing layer; data passes to CloudIntake or firm CRM within seconds.
  6. Retainer execution — handled by CloudIntake or the firm's intake team; signed retainer stored in the firm's matter management system.

For litigation funders deploying capital into mass tort campaigns, this chain is producible on a defined cadence as funder collateral. The same documentation closes MDL claw-back exposure when claimants are challenged years later in settlement allocation disputes.

TCPA consent architecture

The TCPA exposure that has taken down case-buying operations in the last five years comes from one of three places: outbound dialing without express consent, SMS marketing without a separate opt-in, or consent records that cannot be produced for the specific claimant in question. MTAA's architecture is designed to remove all three:

  • Inbound-only call model. No outbound dialing originates from MTAA-operated infrastructure. Claimants who request a callback do so by submitting their phone number with consent at the landing page.
  • Express written consent at submission. The full consent language sits above the submit button on every landing page. The submission cannot complete without the claimant taking an affirmative action that records the consent.
  • Discoverable per-lead. Every consent record is bound to the lead by ad ID, timestamp, IP, and user agent. A consent record can be produced for a specific claimant in response to a discovery request without forensic reconstruction.
  • SMS opt-in is a separate event. SMS marketing (where used) requires a separate, additional opt-in on the landing page — not bundled with the primary consent.

Independent verification

A funder, GC, or partner who wants to verify MTAA's ad spend independently does not need MTAA's cooperation. The firm holds admin on its own Meta Business Manager. Every campaign, ad set, ad, and daily spend total is visible to the firm directly inside Meta. MTAA's monthly invoice line items reconcile arithmetically to Meta's billing records.

For firms running multiple advertising vendors, this is often the first time they are able to reconcile what a vendor claims to have spent against what the platform actually charged. The variance is sometimes substantial. MTAA's reconciliation is built to be boring and arithmetic.

Bar compliance posture

  • Firm-approved creative. Every ad image, headline, primary text, and call-to-action is approved in writing by the firm of record before the ad runs. No creative goes live without firm sign-off.
  • State-bar disclaimers. Required disclaimers (e.g., California, New York, New Jersey, Texas, Florida) are inserted into ad creative per the firm's licensure footprint.
  • Solicitation rules respected. Ads do not advertise for torts that do not exist. Outcome claims that cannot be substantiated do not appear. Past-result language adheres to the firm's bar's rules on past-results advertising.
  • No case buying. No lead resale. No broker arbitrage. Every lead is generated by ads run on the firm's account and routed only to that firm. Leads are not aggregated, scored against multiple buyers, or resold downstream.
  • Multi-state campaign review. Campaigns running across multiple states are reviewed for cross-state bar compliance before launch.

The X Social Media → MTAA rebrand

The agency was founded in 2015 as X Social Media LLC. On September 17, 2025, the company rebranded to Mass Tort Ad Agency following settlement of X Social Media LLC v. X Corp (Case No. 6:23-cv-01903, United States District Court for the Middle District of Florida), the federal trademark infringement suit Jacob Malherbe filed against Elon Musk's X Corp in October 2023 after Twitter's rename created consumer confusion with the company's pre-existing federally registered "X" marks for advertising services.

Operations, leadership, client relationships, Meta ad accounts, and the agency's track record continued unchanged through the rebrand. Firms that were clients of X Social Media LLC remained clients of Mass Tort Ad Agency on the same engagement terms. The Inc. 5000 ranking (#159 nationally, 2,429% three-year revenue growth rate) and Meta Business Partner designation were earned under the X Social Media name and reference the same operational entity.

Press coverage of the case lives on the Press & News page. The full operational history is on the About page.

Frequently asked questions

Why isn't MTAA SOC 2 certified?
SOC 2 is a controls framework designed for SaaS providers that store sensitive customer data inside their own systems. MTAA does not store medical records, signed retainers, attorney-client communications, or claimant case files. MTAA is an advertising operator: ads run on Meta against firm-owned pixels, leads flow directly to CloudIntake or the firm's CRM, and PII handling lives downstream with the intake operator and the law firm. Pursuing SOC 2 would certify controls over data that MTAA correctly does not hold. The relevant question is not whether MTAA is SOC 2 — it is whether the firm's intake operator (CloudIntake, by default) and the firm's own CRM have appropriate controls. Those are documentable separately.
Who owns the data after MTAA stops running campaigns?
The firm. Always. Meta Business Manager admin access stays with the firm throughout the engagement. Pixel data, custom audiences, lookalike audiences, and historical campaign performance remain inside the firm's ad account. Lead records that have passed to CloudIntake or the firm's CRM stay there. MTAA's exit is a removal of MTAA's agency-level access — not a data extraction. This is structurally different from broker arrangements where the case-buying operator owns the pixel, the audience, and sometimes the ad account, leaving the firm with nothing when the relationship ends.
How is TCPA consent captured and produced in discovery?
Every lead submitted through an MTAA-built landing page captures express written consent at the point of submission: full consent language displayed above the submit button, timestamp recorded, IP address recorded, user agent recorded, and the specific ad ID that delivered the click recorded alongside. The consent record is bound to the lead record and is producible per submission. MTAA's advertising model is inbound-only — no outbound dialing originates from MTAA-operated infrastructure, and SMS marketing requires an additional, specific opt-in. This architecture is designed to satisfy TCPA discovery requests cleanly without the gymnastic reconstruction that broker-sourced leads typically require.
Can a firm or funder audit MTAA's ad spend independently?
Yes. The firm holds admin on its own Meta Business Manager. Every dollar MTAA spends shows up directly in Meta's billing interface — not just in MTAA's monthly report. Reconciliation between Meta's records and MTAA's invoice line items is an arithmetic exercise the firm can perform without MTAA's cooperation. For funders deploying capital, this verification path is part of why MTAA's cost-plus model can be funded with chain-of-custody documentation a broker model structurally cannot produce.
What happens to claimant PII?
Lead submission moves through MTAA's landing-page infrastructure for the few seconds required to validate and route, then passes to the firm's designated intake destination. By default that is CloudIntake — a separate operator with HIPAA-trained intake specialists and procedures for handling medical histories. Firms with their own in-house intake teams can receive leads directly into their CRM (Filevine, Litify, SmartAdvocate, Salesforce, etc.). MTAA does not warehouse medical records, claimant identifiers beyond what is required for lead routing, or signed retainers.
Does MTAA work with firms that have in-house marketing teams?
Yes — frequently. The hybrid engagement model places the firm's in-house team in charge of brand, creative production, and landing page design while MTAA brings pixel infrastructure, audience targeting, media buying expertise, and the ad operations volume that mid-size in-house teams rarely have time to develop. Many firms run their general brand advertising in-house and bring MTAA in specifically for mass tort campaigns where the pixel discipline and audience precision matters most. See the engagement models on the For Lawyers page.
How does MTAA prevent ads from appearing on inappropriate Meta placements?
Placement exclusions are configured at the campaign level: news partner exclusions, in-stream video exclusions during sensitive content categories, exclusion lists for known low-quality publishers, and brand safety filters Meta provides at the ad set level. For sensitive torts (child safety, sexual abuse), additional placement restrictions apply by default. MTAA also reviews placement reports weekly and updates exclusions when patterns emerge.
What's the difference between MTAA's model and a cost-per-case broker?
Three structural differences. (1) Pricing: MTAA bills cost-plus-15% on transparent Meta spend; brokers bill a flat price per signed case that conceals the underlying economics and typically runs three-to-four times higher than cost-plus pricing once the math is exposed. (2) Ownership: MTAA's clients own the Meta ad account, pixel, and audience data; broker arrangements typically retain those inside the broker's infrastructure. (3) Bar-card exposure: MTAA's clients have a direct, first-contact attorney-client relationship with every signed claimant because the lead came from advertising the firm itself approved — not from a case marketplace where the broker initiated contact, qualified the claimant, and then sold the file. The third difference is what's driving the current wave of MDL claw-back and federal RICO exposure against the case-buying market.

Want the operational documentation in writing?

Book a 30-minute call. Jacob walks you through chain-of-custody samples, the TCPA consent template, and the Meta BM view-access workflow. Bring your GC, your CFO, or your funder's risk team.

Book a Strategy Call