Skip to main content
Mainto

Privacy Policy

Last updated: February 27, 2026

1. Introduction

Mainto (“we,” “us,” or “our”) operates the Mainto platform at mainto.ai and the Mainto iOS application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, password (hashed), and organization name when you register.
  • Property data: Property names, addresses, building system details, vendor information, service records, work orders, and compliance documents you upload or create.
  • Payment information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number — Stripe handles all payment data under their PCI-DSS compliant infrastructure.
  • Communications: Messages you send through the Maia AI copilot, support requests, and any feedback you provide.
  • CSV uploads: Property data files you import during onboarding, which may contain property names, addresses, system types, and vendor details.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken, timestamps, and session duration.
  • Device information: Browser type, operating system, device type, and screen resolution.
  • Log data: IP address, referral URLs, and error logs for debugging purposes.

2.3 Cookies and Tracking

We use only essential cookies required for the Service to function — such as session authentication tokens. We do not use advertising cookies or third-party tracking pixels. We do not sell or share your browsing data with advertisers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including property tracking, compliance monitoring, vendor management, and AI-powered features.
  • Process payments and manage your subscription through Stripe.
  • Send transactional communications — account verification, password resets, compliance alerts, and deadline notifications.
  • Power AI features including the Maia copilot, automated vendor outreach, response analysis, and scheduling suggestions.
  • Improve and develop the Service based on aggregated, anonymized usage patterns.
  • Respond to support requests and communications.
  • Detect and prevent fraud, abuse, or security incidents.

4. AI and Large Language Model Usage

Mainto uses third-party AI services (Anthropic Claude) to power features like the Maia copilot, automated vendor outreach email generation, and vendor response analysis. When you use these features:

  • Relevant property, system, and vendor data is sent to the AI provider to generate responses.
  • Maia conversation history is stored in our database and associated with your organization.
  • We do not use your data to train third-party AI models. Anthropic does not use API inputs for model training.
  • AI-generated content (such as vendor outreach emails) is reviewed and sent on your behalf only when triggered by Mainto's automation system or your direct interaction.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Vercel: Web hosting and deployment.
  • Neon: PostgreSQL database hosting.
  • Stripe: Payment processing and subscription management. Stripe's privacy policy governs payment data handling.
  • Resend: Transactional email delivery (alerts, notifications, vendor outreach).
  • Anthropic: AI/LLM services for Maia copilot and vendor outreach generation.
  • Apple Push Notification Service: Push notifications for the iOS app.

Each provider processes data on our behalf under their respective data processing agreements and privacy policies. We only share the minimum data necessary for each service to function.

6. Data Storage and Security

  • All data is stored in encrypted PostgreSQL databases hosted in the United States.
  • All connections use TLS encryption in transit.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Session tokens are signed and expire after a configurable period.
  • Access to production infrastructure is restricted to authorized personnel.
  • We conduct periodic security reviews of our codebase and infrastructure.

7. Data Retention

  • Active accounts: We retain your data for as long as your account is active and you maintain a subscription.
  • After cancellation: When you cancel your subscription, your data is retained for 30 days in case you reactivate. After 30 days, account data is queued for permanent deletion.
  • Deletion requests: You can request immediate deletion of your data at any time by contacting us. We will process deletion requests within 30 days.
  • Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which backups are rotated and purged.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (“right to be forgotten”).
  • Export: Export your property data, service records, and compliance documents from the Settings page at any time.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing of your data for certain purposes.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@mainto.ai. We will respond within 30 days.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Email: info@mainto.ai