Privacy Policy
1. Data Controller
The data controller for your personal data is:
Rexalto Inc.
- 850 New Burton Road, Suite 201, Kent, DE 19904, United States
- State of incorporation: Delaware
- Privacy inquiries: privacy@maesense.com
This Privacy Policy ("Policy") describes how we collect, use, store, and protect the personal data of users of the maesense platform ("Platform").
By using the Platform, you acknowledge that you have read this Policy and consent to the processing of your personal data as described herein.
2. Information We Collect
2.1. Registration Data
When you create an Account, we collect:
- first and last name;
- email address;
- company name;
- country;
- company address;
- role / job title.
2.2. Usage Data
As you use the Platform, we automatically collect:
- service usage metrics: number of messages processed, tags applied, sessions conducted;
- activity logs: authentication events, pages viewed, operations performed;
- technical data: IP address, browser type, operating system, screen resolution, interface language.
2.3. Payment Data
Payments are processed through Stripe. We do not store your payment card information — it is processed and stored exclusively by Stripe in compliance with PCI DSS standards.
We retain only:
- the fact that a payment was made;
- the amount and currency of the transaction;
- Stripe's external transaction identifier.
2.4. Third-Party Authentication Data
When you sign in via Google, GitHub, or Yandex, we receive your name and email address from the provider. We do not receive or store your password for the provider account.
3. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Performance of contract |
| Providing Platform services | Performance of contract |
| Payment processing and invoicing | Performance of contract; legal obligation |
| Customer support | Performance of contract |
| Service improvement and usage analytics | Legitimate interest |
| Platform security | Legitimate interest |
| Service notifications | Performance of contract |
| Compliance with legal requirements | Legal obligation |
4. Data Storage and Security
4.1. Storage Location
Personal data is stored on servers located in the European Union or the United States.
4.2. Retention Periods
We retain your personal data for the duration of your Account and for 3 (three) years after Account deletion — for compliance with legal requirements, dispute resolution, and fraud prevention.
Payment records (transaction fact, amount, external identifier) are retained in accordance with applicable tax and accounting laws.
Activity logs are retained for no more than 12 (twelve) months.
4.3. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- encryption of data in transit (TLS/SSL);
- access to personal data restricted on a least-privilege basis;
- regular backups;
- access controls on server infrastructure.
5. Sharing Data with Third Parties
We do not sell your personal data or share it with third parties for their own marketing purposes.
We may share data with the following categories of recipients solely for the purpose of providing the Service:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment data (processed on Stripe's side) |
| Postmark | Sending service email notifications | Email address, name |
| AI model providers | Generating analytical reports (AI Reports) | De-identified data only (no link to individual users) |
We may also disclose your data when required by law: in response to lawful requests by government authorities, in connection with legal proceedings, or to protect the rights and legitimate interests of the Company.
6. International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence, including the United States and countries within the European Union, for the purposes of hosting, processing, and providing the Service.
When we transfer data internationally, we ensure an adequate level of protection by:
- transferring data only to countries that provide adequate data protection standards;
- entering into agreements with data recipients that include obligations regarding confidentiality and data security;
- de-identifying data before transfer where possible (particularly for AI model processing).
7. Cookies
The Platform uses cookies for the following purposes:
- Session cookies (essential) — required to maintain your authenticated session. These expire when you close your browser or when the session times out.
- Preference cookies (functional) — store your selected interface language and user preferences. These persist for up to 1 year.
We do not use cookies for advertising tracking or share cookie data with advertising networks.
You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using the Platform.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request information about what personal data we hold about you and how it is processed;
- Correction — request correction of inaccurate or incomplete personal data;
- Deletion — request deletion of your personal data, subject to applicable legal retention requirements;
- Restriction — request restriction of processing in certain circumstances;
- Data portability — request a copy of your data in a structured, machine-readable format;
- Withdrawal of consent — withdraw previously given consent to data processing.
8.1. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes for collection, and categories of third parties with whom we share it;
- Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions;
- Right to opt-out of sale — we do not sell your personal information. If this practice changes, we will provide a clear opt-out mechanism;
- Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise your CCPA/CPRA rights, contact us at privacy@maesense.com. We will verify your identity before processing your request and respond within 45 days.
8.2. Exercising Your Rights
To exercise any of your rights, please send a request to privacy@maesense.com. We will process your request within 30 days of receipt.
If you believe your data protection rights have been violated, you have the right to file a complaint with the appropriate supervisory authority in your jurisdiction.
9. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such data promptly.
10. Changes to This Policy
The Company may update this Policy from time to time. The current version will be posted on the Platform with the date of last revision. Material changes will be communicated via email or through the Platform interface.
Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.
11. Contact
If you have questions or concerns regarding the processing of your personal data:
- Privacy inquiries: privacy@maesense.com
- Legal inquiries: legal@maesense.com
Rexalto Inc.
850 New Burton Road, Suite 201
Kent, DE 19904, United States