Privacy Policy

1. What We Collect

When you use MaxAssistant, we collect and store the following information:

• Account information: Email address, name, and hashed password
• Messages: Your conversations with the AI assistant (encrypted — see below)
• Memory: Contextual information the assistant learns about you from conversations (encrypted)
• Connected service data: Email, calendar, finance, smart home, and voice data you choose to connect
• Usage data: Message counts, feature usage, and session information for service improvement
• Location: Only if you explicitly share it, for location-aware features

2. Encryption

Your privacy is fundamental to our design. MaxAssistant uses AES-256-GCM client-side encryption to protect your conversations:

• Your encryption key is derived from your password using PBKDF2 and never leaves your browser
• Messages are encrypted before they leave your device
• Chat messages are encrypted with AES-256-GCM on your device. Connected services (email, calendar, voice) are processed server-side to provide functionality
• Your recovery key is the only backup — if you lose both your password and recovery key, your data cannot be recovered

3. Third-Party Services

We use the following third-party services to provide MaxAssistant:

• Anthropic (Claude): AI processing for conversations. Messages are sent to Anthropic's API for response generation. Anthropic does not use your data for training. We maintain a Data Processing Agreement (DPA) with Anthropic.
• Stripe: Payment processing for subscriptions. We do not store your payment card details — Stripe handles all payment data securely. We maintain a DPA with Stripe.
• Plaid: Bank account connections for financial features. Plaid connects to your bank with read-only access. We maintain a DPA with Plaid.

Connected services (email, calendar, etc.) are accessed only when you explicitly request it through the assistant.

4. Data Retention

Your data is retained until you choose to delete it. Messages remain encrypted on our servers until you delete individual messages or your entire account. When you delete your account, all data is permanently removed from our systems within 30 days, including backups.

5. What We Don't Do

• No banner ads or pop-ups. We may recommend relevant professionals or services based on your needs, and may receive referral fees for connections made. These are always disclosed.
• No data selling. We never sell your personal data to third parties.
• No AI training. Your conversations are never used to train AI models — ours or anyone else's.
• No tracking. We do not use tracking cookies, analytics trackers, or fingerprinting.
• No profiling. We do not build advertising profiles or share data with data brokers.

6. Your Rights

You have the right to:

• Access: View all data we store about you (Settings → Data → Export)
• Export: Download your data in JSON format at any time
• Delete: Permanently delete your account and all associated data
• Correct: Update your personal information through account settings
• Disconnect: Remove any connected service (email, calendar, bank, etc.) at any time

7. Cookies

We use only essential session cookies required for authentication and service functionality. We do not use tracking cookies, third-party cookies, or advertising cookies. No cookie consent banner is needed because we don't track you.

8. Children's Privacy

MaxAssistant is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@maxai.inc.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

10. Contact

For privacy-related questions or requests, contact us at:

Max AI, Inc.
Email: privacy@maxai.inc
Austin, Texas