Terms & Privacy

FAQ

Is Maestra GDPR compliant?

Yes. Maestra is GDPR compliant through its Dutch (European Union) legal entity, which was audited in 2025.

Additional details:

  • Maestra operates under both Dutch (European) and US legal entities to support different customer needs and jurisdictions

  • Maestra uses first-party data only — we don’t scrape third-party data

  • Uses essential cookies that don’t require explicit consent

What security standards does Maestra meet?

  • SOC 2 Type II certified (completed 2025)

  • GDPR compliant

  • CCPA compliant

  • HIPAA-friendly

  • ADA-friendly

What cookies does Maestra use?

Maestra uses only essential (strictly necessary) cookies and relies on first-party data collection from your own properties.

How tracking works:

  • Cookies are used to enable core functionality and a privacy-first setup

  • Maestra can track behavior across customer sessions once an email is captured, using first-party data from your owned channels and properties

How is customer data stored and protected?

Maestra stores customer data in isolated environments (not shared across companies) and uses multiple controls to protect access.

Security controls (high level):

  • Isolated environments per company

  • Two-factor authentication (2FA) via SMS or email

  • Password hashing (SHA‑512 + salt)

  • Account lockout after failed login attempts

  • Password expiration policies available

  • Role-based access controls (RBAC) and comprehensive audit logs

  • Data masking controls, including masking for Maestra employees

  • SIEM support

How does Maestra handle personal data and customer right requests?

Maestra is designed so customers maintain full ownership of their data and can support documented, auditable privacy workflows.

Capabilities:

  • Immutable consent logs for personal data and marketing permissions

  • Supports GDPR right-to-deletion workflows

  • Can automatically sync deletions from Shopify to help maintain compliance

  • Personal data processing is documented and auditable

Is Maestra HIPAA compliant for health data?

Maestra supports HIPAA compliance for customers handling protected health information (PHI).

What that means in practice:

  • Maestra can support HIPAA-aligned safeguards and policies

  • Business Associate Agreements (BAAs) are available upon request

How does Maestra ensure SMS compliance?

Maestra supports SMS compliance through product features and operational controls.

Key measures:

  • Maintains compliance with Texas SMS laws and other regional regulations

  • Double opt-in capabilities built in

  • Partners with SMS gateways to support carrier-level compliance

Does Maestra share data with third parties?

Maestra does not sell or share customer data outside the stated purposes.

In practice:

  • No data selling

  • No third-party data brokers

  • First-party data only

  • Transparent approach — Maestra can address specific vendor or integration concerns as needed

Can Maestra support multi-brand & multi-region data isolation?

Yes. Maestra can isolate data between legal entities and support multi-brand setups with separation controls.

How it works:

  • Supports multi-brand configurations with separate data silos

  • Can isolate data between legal entities

  • Provides consolidated reporting for headquarters while maintaining legal separation

  • Can operate under different jurisdictions (EU/US entities available)

Where is customer data stored? Which legal jurisdictions govern access to that data?

Customer data is stored on AWS in the United States. Governing law: Delaware law (US).