Maintaro Maintenance ops that keep landlords compliant.
Legal

Data Processing Addendum

Last updated: 20 March 2026

Scope

This Data Processing Addendum ("DPA") forms part of the Maintaro Terms and applies when Wheatley Labs Ltd ("Maintaro") processes personal data on behalf of a customer under UK GDPR/EEA GDPR. By using the services, the customer agrees to this DPA.

Roles

The customer is the controller of personal data submitted to the service. Maintaro acts as a processor and processes personal data only on documented instructions from the customer.

Processing details

  • Subject matter: Maintenance request management and communications.
  • Duration: For the term of the agreement and any retention period required by law or agreed in writing.
  • Nature and purpose: Hosting, ticket routing, notifications, audit logs, and customer support.
  • Categories of data: Names, contact details, property/site identifiers, request history, and communications.
  • Data subjects: Tenants, landlords, contractors, and customer staff.

Processor obligations

  • Process personal data only on documented instructions.
  • Ensure personnel are bound by confidentiality obligations.
  • Implement appropriate technical and organisational measures.
  • Assist with data subject requests and regulator inquiries.
  • Notify customers of personal data breaches without undue delay.
  • Delete or return personal data at termination where feasible.

Security measures

Maintaro maintains a security program that includes encryption in transit, access controls, audit logging, and regular backups. More details are available on request.

Sub-processors

Maintaro uses the sub-processors below to deliver the service. We will notify customers of material changes to this list.

Sub-processor Purpose Location
Amazon Web Services (AWS) Cloud infrastructure and storage United Kingdom / EU
Postmark Transactional email delivery EU / UK
Twilio SMS notifications United Kingdom / EU
Sentry Error monitoring and performance diagnostics EU / US
Stripe Billing and payment processing EU / UK

International transfers

Where data is transferred outside the UK/EEA, Maintaro relies on appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

Audits

Customers may request reasonable information to verify compliance with this DPA. Any on-site audits are subject to reasonable notice and confidentiality obligations.

Contact

For DPA questions or to request a signed copy, contact us at [email protected].

We use essential cookies to keep the site working. You can accept or decline non-essential cookies. Learn more.