Privacy Policy

The MaestroPEP website and platform are operated by MaestroPEP.

Contact: [PRIVACY CONTACT EMAIL].

We may collect:

• account details such as name, email address, organisation, role and password credentials where email/password sign-up is used;
• authentication details from providers such as Maestro, Google, Microsoft, LinkedIn and GitHub, including name, email address, profile identifier and provider account ID;
• billing and subscription information processed through Stripe;
• platform usage data including login events, audit logs, screening activity, plan usage and support requests;
• screening data entered into the platform, such as names, dates of birth, company names and other information needed to perform AML checks;
• technical data such as IP address, browser type, device information, cookies and security logs.

We use personal data to:

• create and manage MaestroPEP accounts;
• authenticate users and keep accounts secure;
• provide sanctions, PEP, adverse media and compliance screening services;
• generate audit trails, reports and usage summaries;
• process subscriptions and payments;
• provide support and respond to enquiries;
• monitor, secure and improve the platform;
• comply with legal, regulatory and financial crime prevention obligations.

Depending on the context, we process personal data because:

• it is necessary to provide the MaestroPEP service under contract;
• it is necessary for legitimate interests, including platform security, fraud prevention, service improvement and business administration;
• it is necessary to comply with legal obligations;
• consent has been given, where required.

If you choose to sign in using Google, Microsoft, LinkedIn, GitHub or Maestro OAuth, we receive limited profile and authentication data from that provider. We use this data only to create, secure and manage your MaestroPEP account. We do not receive your provider password.

MaestroPEP may process personal data submitted by customers for AML screening purposes. Customers are responsible for ensuring they have a lawful basis to submit screening data to MaestroPEP. MaestroPEP processes that data to provide the screening service, return results, maintain audit records and support compliance workflows.

We may share personal data with service providers who help us operate MaestroPEP, including hosting, database, authentication, email, analytics, payment, support and screening infrastructure providers. These may include Vercel, Neon, Stripe, email delivery providers, OAuth providers and AML data/search providers. We may also disclose personal data where required by law, regulation, court order or competent authority.

Some service providers may process data outside the UK or EEA. Where required, we rely on appropriate safeguards such as adequacy regulations, standard contractual clauses or equivalent protections.

We retain personal data only for as long as necessary for the purposes described in this policy. Account data is kept while the account remains active. Billing and transaction records may be kept for legal and accounting purposes. Screening and audit records may be retained for compliance, contractual and evidential purposes, depending on the customer’s configuration and legal obligations.

We use technical and organisational measures designed to protect personal data, including access controls, authentication safeguards, audit logging, encryption in transit, secure hosting and least-privilege operational practices. No online service can guarantee absolute security, but we take reasonable steps to protect the data we process.

Depending on your location and the applicable law, you may have rights to access, correct, delete, restrict or object to the processing of your personal data. You may also have the right to data portability and the right to withdraw consent where processing is based on consent.

To exercise your rights, contact us at [PRIVACY CONTACT EMAIL].

If you are in the UK and are unhappy with how we handle personal data, you may contact the UK Information Commissioner’s Office. We would appreciate the opportunity to deal with your concern first.

We may use cookies and similar technologies to operate the website, keep users signed in, secure the platform and understand basic usage. If non-essential analytics or marketing cookies are added later, we will update this policy and add an appropriate cookie consent mechanism if required.

We may update this Privacy Policy from time to time. The latest version will always be available at /privacy.