Privacy Policy

Last updated: February 2026

Overview

Maestrio ("we", "us", or "our") operates maestrio.aiand related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including when our agentic AI reads and processes your code repositories.

By using the Service you consent to the practices described in this policy. If you do not agree, please discontinue use immediately.

Information We Collect

We collect information in three ways:

Information you provide

Email address (waitlist and account registration)
Name and company name (account setup)
Billing information processed by our payment provider
Communications you send to our support team

Information collected automatically

IP address and approximate location
Browser type, operating system, and device identifiers
Pages visited and interactions within the Service
Crash reports and performance telemetry

Data from connected services

GitHub repository metadata (names, branches, commit history) when you connect your account
Source code files within the directories you explicitly authorize
Pull request contents, diff data, and CI/CD output associated with Maestrio-generated PRs

Code and Repository Data

Because Maestrio's core function is to read, understand, and modify source code, we want to be transparent about how your code is handled:

Scope: We access only the directories and repositories you explicitly authorize. You can revoke access at any time from your account settings.
Transit: Code is transmitted to AI inference providers over encrypted TLS connections solely to generate fixes.
Storage: We do not persistently store your raw source code beyond the duration required to process a single fix request (typically seconds to minutes).
Training:Your code is never used to train Maestrio's models or any third-party models without your explicit written consent.
Isolation: Code processed for one customer is never accessible to another.

How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Authenticate users and enforce access controls
Pass relevant code context to AI inference providers to generate fixes and pull requests
Notify users when fixes ship and close the feedback loop
Respond to support inquiries and resolve issues
Send product updates and launch announcements (waitlist members)
Generate aggregated, anonymized analytics about Service performance
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations

We do not sell your personal data. We do not use it for targeted advertising.

AI Training and Model Improvement

Maestrio uses third-party AI inference APIs (currently Anthropic and OpenAI) to power its code-fix engine. The following applies:

We operate under enterprise API agreements with both providers, which restrict use of API inputs for model training.
Maestrio itself does not use your code or feedback data to train any machine learning model unless you expressly opt in.
If you bring your own API key (BYOK), your data is governed directly by your agreement with the relevant AI provider.

Data Retention and Deletion

We retain personal data for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained until account deletion plus a 30-day grace period for recovery
Code data: Not stored beyond active fix processing (see Code and Repository Data above)
Logs and telemetry: Retained for up to 90 days for security and debugging
Waitlist emails: Retained until launch or until you unsubscribe

To request deletion of your data, email [email protected]. We will process your request within 30 days.

Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Encryption at rest for stored data
Role-based access controls limiting internal access to data
Regular dependency audits and vulnerability scanning
Isolated execution environments per customer

No system is 100% secure. In the event of a breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

International Data Transfers

Maestrio is operated from the United States. If you access the Service from the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, your information may be transferred to and processed in the U.S. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms where applicable. Enterprise customers may request a Data Processing Agreement (DPA) by contacting [email protected].

Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data ("right to be forgotten")
Restrict or object to certain processing
Data portability (receive your data in a structured format)
Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact [email protected]. We will respond within 30 days (or the timeframe required by applicable law).

Cookies

We use a minimal set of cookies necessary to operate the Service:

Session cookies: To keep you logged in during a browser session
Security cookies: CSRF protection tokens

We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, though core functionality may be affected.

Changes to This Policy

We may update this Privacy Policy as our Service evolves. We will notify you of material changes by email (for registered users and waitlist members) and by updating the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact

Questions about this policy or your data? Email us at [email protected].

Maestrio · maestrio.ai