Legal
Last updated: March 2026 · Maesto AI, Inc.
Maesto AI, Inc. (“Maesto”, “we”, “our”) is committed to protecting your personal information. This policy describes how we collect, use, and share data when you use our platform.
We collect information you provide directly (name, email, company details), usage data (pages visited, features used, timestamps), and technical data (IP address, browser type, device identifiers). When you connect ad platform accounts, we receive performance metrics — we do not store your ad account credentials directly.
We use your data to provide and improve the Maesto platform, send transactional communications (e.g. approval notifications), respond to support requests, and analyse aggregate usage to improve our product. We do not sell your personal data to third parties.
We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting privacy@maesto.ai. We will fulfil deletion requests within 30 days, subject to legal obligations.
Depending on your location, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, contact privacy@maesto.ai. We comply with GDPR (EEA users) and CCPA (California residents).
We use Supabase (database), Vercel (hosting), Resend (email), and Anthropic (AI inference). Each processor is contractually obligated to protect your data in accordance with applicable law.
By accessing or using Maesto, you agree to these Terms of Service. If you do not agree, do not use the platform.
Maesto grants you a limited, non-exclusive, non-transferable licence to use the platform for your internal business purposes. You may not resell, sublicence, or reverse-engineer any part of the service. You are responsible for all activity that occurs under your account.
You agree not to use Maesto to generate content that is illegal, deceptive, harassing, or in violation of any platform's terms (including Meta, TikTok, and Google). You are solely responsible for the advertising content and campaigns you create or publish using our platform.
Paid plans are billed monthly or annually. Fees are non-refundable except where required by law. We reserve the right to change pricing with 30 days' notice. Free trials do not require a credit card and convert to a paid plan only with your explicit consent.
Either party may terminate the agreement at any time. On termination, your access to the platform ceases and your data will be deleted within 90 days, unless you request earlier deletion.
Maesto is provided “as is.” To the maximum extent permitted by law, we are not liable for indirect, incidental, or consequential damages arising from your use of the platform. Our aggregate liability shall not exceed the fees you paid in the 12 months preceding the claim.
These terms are governed by the laws of the State of Delaware, USA. Disputes shall be resolved by binding arbitration under the AAA Commercial Arbitration Rules.
We take the security of your data seriously. Below are the measures we implement to protect your information.
Maesto runs on Vercel (edge compute) and Supabase (PostgreSQL), both of which are SOC 2 Type II certified. All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
We use Supabase Auth with magic-link email authentication. Passwords are never stored in plaintext. We support multi-factor authentication (MFA) for all accounts and recommend enabling it.
All database tables implement Row-Level Security (RLS) enforced at the database layer, ensuring that users can only access data belonging to their own workspace. No cross-workspace data leakage is architecturally possible.
API keys are stored as encrypted environment variables and are never exposed in client-side code or logs. Ad platform credentials are handled via OAuth flows — we store tokens, not passwords.
If you discover a security vulnerability, please report it responsibly to security@maesto.ai. We will acknowledge receipt within 48 hours and aim to resolve confirmed vulnerabilities within 30 days.
Questions about this policy? Contact us at privacy@maesto.ai or write to Maesto AI, Inc., 548 Market St, San Francisco, CA 94104.