Privacy Policy
Last updated: June 10, 2026
This Privacy Policy explains how Maestrly ("Maestrly", "we", "us"), a product operated by Antonio Duarte (Brazil), collects, uses and protects your personal data when you use the Maestrly desktop application and website. We comply with Brazil’s LGPD (Lei Geral de Proteção de Dados) and the EU’s GDPR (General Data Protection Regulation).
Local-first by design
Maestrly is a desktop application. The AI coding CLIs (Claude Code, Codex, Cursor) and their credentials run and are stored locally on your machine, in your operating system’s keychain/keyring. The content of your code, your prompts and the agents’ responses are NOT sent to our servers. We send to the cloud only what is needed to run your account: account data (email, name and avatar from your Google/GitHub login), license identifiers and subscription status. On the Cloud plan, the data you explicitly mark for synchronization is also transmitted, encrypted.
1. Who is the data controller
The controller is Antonio Duarte, operating the Maestrly product. For any privacy request or question, contact: privacy@maestrly.com.
2. What data we collect
| Data | Why |
|---|---|
| Account data — email, name, avatar and the provider account ID from your Google or GitHub sign-in | To create and authenticate your account |
| License & subscription status (plan, trial status, billing status) | To manage your license, trial and access |
| Billing data (processed by Paddle) | Payments, invoices and tax — handled by Paddle as Merchant of Record; we do not store full card data |
| Cloud plan only: data you choose to sync (e.g. notes, boards, conversations) | To synchronize your workspace across devices |
| Basic technical/diagnostic data | Security, fraud prevention and keeping the service working |
We do not collect your source code, prompts, or the AI agents’ outputs — those stay on your machine.
3. Third parties / sub-processors
We share the minimum necessary data with:
- Google LLC — OAuth sign-in and profile data.
- GitHub, Inc. — OAuth sign-in and email.
- Paddle.com Market Ltd. — Merchant of Record: processes payments, taxes/VAT and manages subscriptions.
- Our backend/hosting provider — stores your account and license data in the region described in Section 6.
4. Legal bases (LGPD & GDPR)
- Performance of a contract — to provide the service and your license.
- Legitimate interest — security, fraud prevention and minimal analytics.
- Legal obligation — tax/accounting (via Paddle).
- Consent — where applicable, e.g. marketing communications.
5. Your rights — including export and deletion
You have the right to access, correct, export (data portability) and delete your personal data (right to be forgotten), as well as to object to or restrict certain processing. To exercise any right, email privacy@maestrly.com from the address linked to your account.
- GDPR: we respond within 1 month of the request (extendable by up to 2 further months for complex requests, with notice within the first month).
- LGPD: we respond to access requests within 15 days (and within the legal time frames for other requests).
Because your code, prompts and AI outputs are processed locally and never reach our servers, those are not part of any data we hold about you.
6. Data location & retention
Account and license data are stored with our backend provider in the region indicated in our infrastructure records. We keep account data for as long as your account exists; after deletion, we remove it from active systems within 30 days. Payment/tax records are retained for the legally required period by Paddle.
7. Security
Credentials for the AI CLIs are stored in your OS keychain/keyring on your device. Data transmitted to and synced with our servers is encrypted in transit. We apply reasonable technical and organizational measures to protect your data.
8. Children
Maestrly is a professional developer tool and is not directed to children under 16. We do not knowingly collect data from children.
9. Changes
We may update this policy. Material changes will be reflected here with a new "Last updated" date.
10. Contact / Data Protection
Questions or requests: privacy@maestrly.com.