Your data, protected by design
At Maestro Labs, data privacy and security are built into everything we do. Here’s how we keep your information safe:
GDPR Compliant
SOC II Compliant
Microsoft Attested
Google Verified
Data collection, usage, and minimisation
- We only collect the data needed to deliver our services.
- Features are designed with privacy in mind (Privacy by Design & Default).
- User data is only shared with authorised sub-processors under strict contractual safeguards, and never used for advertising or profiling.
Data protection and security
- Data is encrypted at rest and in transit.
- Role-based access, MFA, and least-privilege access controls.
- Regular security audits, SOC 2 Type II certification, and penetration testing.
International transfers and compliance
- GDPR compliant and aligned with other global privacy laws.
- Standard Contractual Clauses (SCCs) in place for international transfers.
- Sub-processor and TIA evaluations are ongoing. Our list is available in our Trust Center.
Your rights and controls
- You can request access, correction, deletion, or restriction of your data.
- We respond quickly and securely to rights requests at support@maestrolabs.com.
Data retention and deletion
- Data is only kept as long as needed to provide the service.
- Zero-day retention is available to enterprise customers.
- When accounts are deleted or inactive, data is deleted, anonymised, or retained only as needed for legal, compliance, or operational purposes.
Incident response and breach notification
- A full incident response plan is in place.
- If a breach occurs, we assess its impact in accordance with GDPR and notify affected users where required.