Privacy Policy

Effective Date: March 23, 2026

"Everything you share with Max stays between you — we built it that way from day one. We don't want your data. We want your business."

1. Who We Are

Max AI, Inc. is a Texas corporation headquartered in Austin, Texas. We build AI-powered personal assistant tools including MaxAssistant, MaxDockets, MaxLedgers, MaxServices, Sarah AI, and NorthOS.

Email: [email protected]
Legal: [email protected]
Mail: Max AI, Inc., Austin, Texas

2. The Short Version

We collect what we need to run the service. We don't sell your data. We don't train AI on your conversations without your explicit consent. You can delete everything, anytime. That's the deal.

3. What Data We Collect

Account Information

  • Name, email address, and password (hashed)
  • Phone number (if you use voice features)
  • Profile photo (if provided)
  • Account creation date and last login

Usage Data

  • AI conversation history (your messages and Max's responses)
  • Features used and frequency of use
  • Session duration and activity logs
  • Errors and performance data (anonymized)

Voice Data

  • Audio recordings processed for speech-to-text (via Deepgram)
  • Voice interaction logs for Sarah AI features
  • Audio is processed in real time and not stored beyond session unless you enable voice history

Biometric Data (Photo Organization)

  • Face embeddings (mathematical representations) generated from photos you upload for organization
  • Embeddings are encrypted at rest using your account-derived key
  • We cannot access your face embeddings — only you can, with your key
  • Face embeddings are never shared with third parties
  • All biometric data is permanently deleted when you delete your account

Payment Information

  • Payment processing is handled entirely by Stripe
  • We store only the last 4 digits of your card, expiration, and billing address for your records
  • Full card numbers never touch our servers

Device and Technical Data

  • IP address and approximate location (country/city)
  • Browser type and version, or mobile OS
  • Device identifiers
  • Cookies and session tokens (see Cookie Policy)

4. How We Collect It

Directly from you — when you create an account, type messages, upload photos, or contact support.

Automatically — when you use the service, we log technical data needed to operate and secure it.

From third parties — if you sign in via Google or another provider, we receive basic profile info from them. We don't receive data from data brokers.

5. Why We Collect It

We use your data for these purposes only:

  • Delivering the service — your conversations, tasks, and preferences
  • Account security — detecting fraud, protecting your account
  • Customer support — diagnosing and fixing issues you report
  • Service improvement — aggregate, anonymized analysis of how features are used
  • AI model improvement — only if you explicitly opt in (see Section 9)
  • Legal compliance — where required by law
  • Billing and payment processing

We do not use your data for advertising. We do not build ad profiles. We do not sell behavioral data.

6. Third-Party Processors

We share your data with these service providers only to the extent necessary to provide the service. Each is bound by data processing agreements:

  • AI inference providers (Anthropic, DeepSeek, Gemini) — your messages are locally tokenized before being sent. Names, phones, and other identifiers are replaced with placeholders on our servers, then restored after the response. Providers do not train on our API traffic.
  • Stripe — Payment processing and subscription management.
  • Twilio — Voice and SMS infrastructure for Sarah AI and voice features.
  • ElevenLabs — Text-to-speech voice synthesis for AI voice responses.
  • Deepgram — Speech-to-text transcription for voice input.
  • Microsoft (Azure) — Cloud infrastructure, email processing via Microsoft Graph.
  • Google — Authentication (if you use Google Sign-In), cloud services.
  • RunPod — GPU compute infrastructure for AI processing.

We do not sell your data to any of these providers or anyone else. They process it on our behalf.

7. Data Retention

  • AI conversations: Retained for up to 2 years, or until you delete them — whichever comes first.
  • Account data: Retained until you delete your account.
  • Payment records: Retained for 7 years per IRS requirements.
  • Voice audio: Processed in real time; not retained unless voice history is enabled.
  • Biometric data: Deleted immediately upon account deletion.
  • Server logs: Retained for 90 days for security monitoring.

8. Your Rights

You have these rights regarding your data, regardless of where you live:

  • Access — Request a copy of data we hold about you.
  • Correction — Ask us to fix inaccurate data.
  • Deletion — Delete your data or your entire account from Settings → Privacy, or email [email protected].
  • Portability — Export your conversation history and account data in a machine-readable format.
  • Opt-out of AI training — Even if you previously opted in, you can opt out at any time from Settings → Privacy.
  • Opt-out of sale — We don't sell your data, so there's nothing to opt out of. But you have this right by law.

To exercise any right, go to Settings → Privacy, or email [email protected]. We respond within 45 days.

9. AI Training — Our Policy

We do not train AI models on your conversations. Full stop.

If you want to help improve Max AI and earn free credits, you can voluntarily opt in to share anonymized conversation data. This is:

  • Always opt-in — never pre-checked, never default
  • Fully disclosed before consent
  • Rewarded with free credits
  • Revocable at any time — opt out removes your data from our pipeline immediately
  • Anonymized and processed with differential privacy before any use

10. Biometric Data (BIPA Notice)

If you use photo organization features in MaxAssistant, Max AI collects face embeddings — mathematical representations of facial geometry derived from your photos. These are not photographs; they are numerical vectors used to group similar faces.

  • Face embeddings are encrypted at rest using a key derived from your account credentials.
  • Max AI cannot access your face embeddings without your key.
  • Face embeddings are never sold, leased, traded, or otherwise disclosed to third parties.
  • Face embeddings are permanently deleted within 30 days of account deletion.
  • We do not use face embeddings for any purpose other than photo organization features you explicitly use.
  • Retention: Face embeddings are retained only as long as you maintain an active account.

By using photo organization features, you consent to this collection and use as described. You may revoke consent by disabling photo organization in Settings and deleting your uploaded photos.

11. Children's Privacy (COPPA)

Max AI services are not directed to children under 13. We do not knowingly collect personal information from children under 13.

Users aged 13–17 may use Max AI only with verified parental consent. Parents or guardians may:

  • Review their child's account data
  • Request deletion of their child's account and data
  • Revoke consent at any time

If we learn we have collected data from a child under 13 without parental consent, we will delete it immediately. Contact us at [email protected] with parental concerns.

12. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — You can request what categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to Delete — You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale — We do not sell personal information, so this right does not apply in practice.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request: email [email protected] with subject "CCPA Request." We will verify your identity and respond within 45 days.

Categories of personal information collected: identifiers, internet activity, geolocation, audio data, biometric data (if photo features used), commercial information. We do not collect sensitive personal information beyond what is described in this policy.

13. International Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in the United States. We provide appropriate safeguards for such transfers through Standard Contractual Clauses (SCCs) approved by the European Commission.

Our legal bases for processing under GDPR:

  • Contract performance — to deliver the services you signed up for
  • Legitimate interests — security, fraud prevention, service improvement (where not overridden by your rights)
  • Consent — for AI training opt-in and non-essential cookies
  • Legal obligation — where required by law

EEA/UK users may contact our EU representative at [email protected]. You also have the right to lodge a complaint with your local supervisory authority.

14. Security

We take security seriously. Our measures include:

  • Encryption in transit (TLS 1.2+) for all data
  • Encryption at rest for stored data
  • User-key encryption for biometric data — we cannot decrypt without your key
  • Access controls and role-based permissions for employees
  • Regular security reviews and vulnerability testing
  • Incident response procedures

No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by applicable law.

15. Changes to This Policy

When we make material changes, we will:

  • Update the effective date at the top of this page
  • Send an email notification to your registered address
  • Display an in-app notice for at least 30 days

Your continued use of Max AI after the effective date of a material change constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.

16. Contact Us

Privacy questions, requests, and complaints:

Max AI, Inc.
Email: [email protected]
Austin, Texas

We aim to respond to all privacy inquiries within 5 business days and to complete formal requests within 45 days.

Max AI, Inc. · Austin, Texas · [email protected]
Effective March 23, 2026