Produkt
Sicherheit
Security
Resources
Kostenlos starten
Mit dem Vertrieb sprechen

Your data, protected by design

At Maestro Labs, data privacy and security are built into everything we do. Here’s how we keep your information safe:

App lock icon
GDPR Compliant
Check
Aicpa soc
SOC II Compliant
Check
HIPPA Compliant
Check
Microsoft
Microsoft Attested
Check
Google
Google Verified
Check
Tier 2 - CASA Verified
Check

Data collection, usage, and minimisation

  • We only collect the data needed to deliver our services and it is never used to train AI models.
  • Features are designed with privacy in mind following the principles of privacy by Design and by Default.
  • User data is only shared with authorised sub-processors under strict contractual safeguards, and never used for advertising or profiling.
  • For customers handling Protected Health Information (PHI), we implement HIPAA-aligned controls and can execute a Business Associate Agreement (BAA) on request.
  • For customers handling Protected Health Information (PHI), we implement HIPAA-aligned controls and can execute a Business Associate Agreement (BAA) on request.

Data protection and security

  • Data is encrypted at rest and in transit.
  • Role-based access, MFA, and least-privilege access controls.
  • Regular security audits, SOC 2 Type II certification, and penetration testing.
  • Administrative, physical, and technical safeguards aligned with the HIPAA Security Rule, including audit logging and access monitoring for PHI.

International transfers and compliance

  • GDPR compliant and aligned with other global privacy laws.
  • Standard Contractual Clauses (SCCs) in place for international transfers.
  • Sub-processor and TIA evaluations are ongoing. Our list is available in our Trust Center.
  • BAAs are in place—or available—for any sub-processors that may support PHI, in accordance with HIPAA requirements.

Your rights and controls

  • You can request access, correction, deletion, or restriction of your data.
  • We respond quickly and securely to rights requests at support@maestrolabs.com.
  • HIPAA customers can request a copy of our standard BAA or execute a customer-specific BAA.

Data retention and deletion

  • Data is only kept as long as needed to provide the service.
  • Zero-day retention is available to enterprise customers.
  • When accounts are deleted or inactive, data is deleted, anonymised, or retained only as needed for legal, compliance, or operational purposes.
  • For PHI, retention and disposal follow HIPAA-aligned procedures and the terms outlined in your BAA.

Incident response and breach notification

  • A full incident response plan is in place.
  • If a breach occurs, we assess its impact in accordance with GDPR and notify affected users where required.
  • If PHI is involved, we notify you in line with the HIPAA Breach Notification Rule and your BAA.

Learn more about our best-in-class approach to data security in our Trust Center

Access our Trust Center