Privacy Policy

Effective 6 July 2026 · Maestro is operated by Ayres Capital Enterprises LTD., Toronto, Ontario, Canada.

1. Who we are, and our two roles

Maestro is a CRM and email-marketing platform operated by Ayres Capital Enterprises LTD., a Canadian company based in Toronto. Maestro is a Player Piano AI product. We handle personal information in two different roles, and it matters which one applies to you:

  • If you have a Maestro account (you run a workspace), we are responsible for your account information and this policy applies to it directly.
  • If you are a subscriber, contact or customer of a business that uses Maestro, that business decides why and how your information is used — we process it on their behalf to run the service. Your first stop for questions or corrections is that business (the sender named in the emails you receive), but you can also contact us and we will help.

2. What we collect

  • Account data: your name, work email, and a securely hashed password (we never store the password itself); optional two-factor settings; billing details when billing is enabled.
  • Workspace content: the contacts, subscriber lists, campaigns, templates, notes, deals, tasks, bookings and knowledge-base content a workspace puts into Maestro.
  • Forms and bookings: what people submit through a workspace’s hosted forms and public booking page (name, email, and the fields the business asked for), with the IP address recorded as consent evidence where the law calls for it.
  • Email engagement: delivery, bounce, complaint, open and click events on emails sent through Maestro, so senders can see what worked and so we can protect deliverability.
  • Operational data: audit logs of actions in a workspace, and the technical basics needed to run and secure the service. We use only the cookies needed to sign you in — no advertising trackers.

3. How we use it

To provide the service: sending the email you ask us to send, keeping CRM records, drafting with AI when you ask, showing analytics, preventing abuse, and meeting legal obligations (including CASL consent records and unsubscribe handling). We do not sell personal information, and we do not use one workspace’s data for another workspace or to train AI models.

4. Service providers (subprocessors)

We rely on a short list of providers to run Maestro. Each one only receives what it needs:

  • Railway — hosts the application and its PostgreSQL database (where workspace data lives).
  • Amazon Web Services (SES) — delivers the email sent through Maestro and reports delivery/engagement events back to us.
  • Anthropic — powers AI drafting. When a workspace uses an AI feature, the relevant content (for example, the thread being replied to) is sent to Anthropic’s API to generate the draft.
  • Stripe — payment processing for subscriptions (when billing is enabled). We never see or store full card numbers.

Some of these providers process data on servers in the United States, so personal information may be stored or processed outside Canada and be subject to the laws there. We will update this list if the providers change.

5. Your rights (PIPEDA)

Canadian federal privacy law (PIPEDA) gives you the right to know what personal information we hold about you, to access it, to correct it, and to withdraw consent. To exercise any of these, email maestro@playerpiano.ai and we will respond within 30 days. We can also delete your personal information on request, subject to records we must keep by law (such as CASL consent and unsubscribe records, which the law requires senders to retain).

If you are unsatisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca).

6. Unsubscribing

Every marketing email sent through Maestro carries a working unsubscribe link (including one-click unsubscribe for supporting mail clients). Unsubscribing takes effect immediately and is enforced by the platform — a sender cannot override it.

7. Retention and export

We keep workspace data for as long as the workspace is active. When a workspace closes, its data is retained briefly so the owner can export it (contacts and audience export as CSV any time from the app), then deleted in the ordinary course — except suppression lists and consent records kept to honour unsubscribes and legal obligations.

8. Security

Data is encrypted in transit, passwords are hashed, workspaces are isolated from one another at the application layer, actions are audit-logged, and API access uses scoped, revocable keys. No system is perfectly secure; if a breach creates a real risk of significant harm we will notify affected people and the Privacy Commissioner as PIPEDA requires.

9. Changes and contact

We will post updates to this policy here and, for material changes, tell account holders in the app or by email.

Privacy questions or requests: maestro@playerpiano.ai — Ayres Capital Enterprises LTD., Toronto, Ontario, Canada.

Terms of Service · Powered by Maestro — a Player Piano AI product