Legal / privacy
Privacy Policy
What Maitro collects, why it is used, how long it is retained, who processes it, and how applicants or members can exercise rights.
Claim discipline
Premium does not mean reckless.
This page separates current controls, roadmap targets, illustrative tools, gated economics, and agreement-controlled terms so senior leaders can evaluate Maitro without mistaking posture for guarantee.
Minimum necessary data
Maitro collects identity, application, membership, payment, communication, and security telemetry needed to run the site and tiers.
No sale or model training
Public policy states no data sale and no AI model training on application content.
Primary India posture
Primary hosting is described as India/Mumbai posture, with limited global sub-processors listed plainly.
Policy version
28 April 2026 / Version 2.0 / presentation refreshed 26 May 2026
Presentation has been upgraded for readability. Legal meaning should remain subject to founder/legal review before being treated as final advice.
1. Who we are
Maitro is operated by Talpro India Private Limited. Talpro India Private Limited is the Data Fiduciary under India privacy framing and the controller for personal data processed through maitro.tech where applicable.
Privacy and grievance requests should be sent to privacy@maitro.tech.
2. What we collect
| Group | Examples | Purpose |
|---|---|---|
| Visitors | IP, user agent, page path, referrer | Security, abuse prevention, aggregate analytics |
| Applicants | Name, work email, role, LinkedIn, venture brief, references, conflict disclosures | Eligibility, review, conflict scan, communication |
| Members | Tier, posts, comments, attendance, preferences | Operate Society, Boardroom, Spotlight, and related services |
| Paid users | Billing email, GSTIN where provided, payment confirmation tokens | Invoicing, payment, statutory records |
| Communications | Email threads, form messages, booking metadata | Support, scheduling, records, legal hold where needed |
3. Purpose and lawful basis
Maitro processes personal data for application review, tier operation, requested materials, conflict review, invoices, royalty administration where applicable, fraud prevention, security, and legal obligations. Statutory references should be reviewed by counsel before being treated as legal advice.
4. Retention schedule
| Record | Retention | Note |
|---|---|---|
| Server logs and security telemetry | Short operational period, currently stated as 30 days | Subject to security/legal hold. |
| Unsuccessful applications | Up to 90 days, then deletion/purge cycle where implemented | Used for review and conflict scanning. |
| Active members | Membership plus policy retention period | Needed for service continuity and records. |
| Build Lab records | Agreement and statutory periods | Royalty/tax/company records may need longer retention. |
| Invoices and tax records | Statutory record period | Typically aligned to Indian tax/company law. |
5. Sub-processors and transfers
Maitro does not sell personal data. Limited sub-processors support hosting, email, payments, authentication, anti-bot, analytics, scheduling, error telemetry, and selected AI-assisted workflows.
| Vendor | Purpose | Data category | Region | Status | Notes |
|---|---|---|---|---|---|
| Hostinger KVM | Application hosting | Application, member, and operational records | Mumbai / India posture | Current | Primary production hosting. Exact backup region should be founder/security-confirmed. |
| Cloudflare | DNS, CDN, DDoS protection, Turnstile anti-bot | Network metadata, anti-bot tokens, request metadata | Global edge | Current | Do not claim absolute India-only residency while global edge services are used. |
| Brevo | Transactional and newsletter email | Email address, message metadata, transactional content | EU / vendor-controlled | Current | Email implementation imports Brevo client. |
| Razorpay | Payment processing | Checkout, payment, invoice, and payment confirmation data | India / vendor-controlled | Current | Maitro does not receive full card numbers. |
| Clerk | Authentication and session management | Identity, email, session tokens | US / vendor-controlled | Current | Used on authenticated surfaces. Public pages may set no cookies before sign-in. |
| Cal.com or Calendly | Office-hours scheduling | Calendar metadata and booking details | Vendor-controlled | Configured path varies | Book route supports provider-aware embeds. Avoid naming one exclusive provider in policy copy. |
| Sentry-compatible telemetry / GlitchTip | Error and performance telemetry | Error metadata, route, runtime context | Configured environment | Current when DSN configured | Telemetry should be scrubbed for personal data where practical. |
| Anthropic via internal AI proxy | Spotlight content assistance and internal drafting workflows | Limited non-PII content artifacts where configured | External dependency | Current for selected pipelines | Do not claim application content is used for model training. Do not send secrets or unnecessary PII. |
6. Your rights
Depending on residence and applicable law, you may request access, correction, erasure, withdrawal of consent, restriction, portability, grievance redressal, or nomination. Maitro may verify identity and may refuse or limit requests where law, security, contracts, or statutory records require it.
FAQ
Privacy Policy FAQ
Does Maitro sell personal data?
No. Maitro policy states no data sale. Limited sub-processors may process data on Maitro's instruction.
Does Maitro train AI models on application content?
No public policy should say application content is used for model training. Selected AI drafting workflows must remain minimized and non-PII where configured.
Does all data stay in India?
Primary hosting has an India/Mumbai posture, but some sub-processors operate globally. The policy should not say every byte stays in India.
Related policies
Route-safe next steps for review, application, trust, and policy context.
Policy route
Need this reviewed for your situation?
Use the correct Maitro lane for billing, privacy, legal, or security questions. Do not send confidential idea/IP content through open email.