Privacy Policy

Last updated: April 2026

Introduction

Orchestrel AI ("we", "us", "our", or the "Company") is committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what personal data we collect when you use our services, why we collect it, and what your rights are under applicable data protection law, including the EU General Data Protection Regulation (GDPR).

Data Controller: Orchestrel AI, trading name of Jeremie Tabet EI, SIRET 92433678700016, TVA FR78924336787, 5 rue du Lorguillon, Trieux, France.

1. Data We Collect

We collect the following categories of personal data:

  • Account information: Email address, organizational domain, name, and contact details necessary to create and manage your subscription.
  • Usage metrics: Dispatch counts, feature completion rates, build duration, and aggregate service usage statistics.
  • Conversation and orchestration prompts: We store the prompts and responses exchanged with AI models so that conversations can be resumed and orchestration state preserved across sessions. Prompts are never used for training and are not shared with third parties beyond the AI providers required to fulfill your requests.
  • Payment information: Processed securely by our payment provider (Stripe or equivalent). We do not store credit card numbers or sensitive payment details on our servers.

2. Data We Do NOT Collect

We want to be explicit about what we do not collect:

  • Source code. All code execution, file generation, and code modification occurs on your local machine. No source code is uploaded to or stored on Orchestrel servers.
  • File contents. We do not read, access, or store the contents of files in your development environment or project directories.
  • Keystrokes or screen activity. We do not monitor, record, or capture your keyboard input, screen recording, or other local activity.

3. Purpose of Processing & Legal Basis

We process personal data for the following purposes:

  • Account management: email, domain, name, contract performance (GDPR Art. 6(1)(b))
  • Billing: subscription status, dispatch counts, contract performance (GDPR Art. 6(1)(b))
  • Service improvement: aggregate usage metrics, legitimate interest (GDPR Art. 6(1)(f))
  • Service notifications: email address, contract performance (GDPR Art. 6(1)(b))

4. Data Retention

  • Account data is retained for the duration of your active subscription, plus 30 days after cancellation or termination.
  • Billing records are retained for the period required by applicable legal and tax authorities (a minimum of 10 years under French law).
  • Usage metrics (aggregate and anonymized) may be retained indefinitely for analytical purposes.
  • Payment records are managed by our payment processor in accordance with their retention policies and PCI-DSS requirements.

5. Third Parties

We share limited personal data with the following categories of third parties:

  • Payment processor: Stripe (or equivalent) for billing and payment processing.
  • Infrastructure: The Maestro platform runs self-hosted on premise. Cloudflare is used for DNS and security. Netlify hosts this marketing website.
  • AI model providers: Various LLM providers accessed via our routing infrastructure. Prompts are encrypted in transit within the Maestro ecosystem. We store conversation and orchestration prompts solely to ensure session continuity. They are never used for training or shared with third parties. Note: third-party AI providers may process data on servers located outside the EU. We do not currently guarantee that all inference processing occurs within the EU.

We do not sell, rent, or trade personal data. All third-party data sharing is strictly limited to what is necessary for the operation of the Service.

6. Your Rights (GDPR Articles 15–21)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations for billing records.
  • Right to restriction of processing: Request that we limit how we process your personal data in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

If you are located in the EU, you also have the right to lodge a complaint with the French data protection authority (CNIL, Commission Nationale de l'Informatique et des Libertés).

7. Cookie Policy

We use minimal cookies on our website:

  • Session cookies: If you log into our management console, we use session cookies to maintain your authentication state. These are deleted when your session ends.
  • No tracking cookies: We do not use third-party analytics, advertising cookies, or cross-site tracking.

Our marketing website does not use cookies beyond those strictly necessary for session management.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS 1.3+) for all communications
  • Access controls and authentication for all internal systems
  • No source code or code content is transmitted to or stored on our servers

9. Contact

If you have any questions regarding this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: [email protected]
  • Orchestrel AI, trading name of Jeremie Tabet EI
  • SIRET: 92433678700016 · TVA: FR78924336787
  • 5 rue du Lorguillon, Trieux, France

This Privacy Policy was last updated in April 2026.