Privacy Policy

Last updated: 2026-04-25

This Privacy Policy describes what information MaxAI collects, how we use it, and the choices you have about your data. By using MaxAI you agree to the practices described here.

This policy is a working draft prepared in advance of MaxAI's general launch. It will be replaced with reviewed legal language. Functionally accurate today; specific phrasing will be updated.

What we collect

Account information

  • Name, email, password hash, role within your tenant.
  • Tenant identifiers (slug, organization name) you provide at signup.
  • Stripe customer ID and subscription state for paid accounts.

Integration credentials

Credentials you enter for NetSapiens, Bandwidth, Commio, Sendgrid, OpenAI, and other connected services are stored encrypted at rest (AES-256-GCM). MaxAI uses these only to perform the operations you initiate.

Operational data

  • Chat transcripts and tool-call logs from your sessions.
  • Audit log entries (who did what, when, with what risk level).
  • Pre-state snapshots captured before write operations.
  • LLM token usage and credit ledger entries.

Technical data

  • IP address and user agent for security and rate-limiting.
  • Server-side error reports (via Sentry) when configured.

How we use it

  • To provide, maintain, and improve the Service.
  • To authenticate you and authorize tenant-scoped operations.
  • To process payments and prevent fraud.
  • To send transactional emails (password reset, payment notices, support replies).
  • To debug failures — engineers may access aggregated logs; access to specific tenant data is logged.

How we share it

We share data only with the third-party systems necessary to operate the Service:

  • Anthropic / Amazon Bedrock — LLM inference. Prompts and outputs from your chats are sent for processing.
  • OpenAI — Whisper transcription and TTS audio generation when you use those features.
  • Stripe — payment processing.
  • Sendgrid — transactional email delivery.
  • NetSapiens / Bandwidth / Commio / SkySwitch — only when you initiate operations against them with credentials you provided.

We do not sell your data. We do not share data for cross-context advertising.

Sensitive disclosures

Some operations (e.g., revealing a voicemail PIN) require an explicit operator-supplied reason captured in a confirmation modal. The reason is recorded in the audit log; secret values are redacted from audit records.

Data retention

  • Active account data persists while your account is active.
  • Audit logs retained for 7 years for compliance.
  • Chat transcripts retained until you delete them or close your account.
  • On account closure: we will export your data on request and delete it within 30 days unless legal retention applies.

Security

  • Credentials and other secrets encrypted with AES-256-GCM at rest.
  • All traffic over TLS.
  • Tenant-scoped data isolation enforced at the database layer.
  • Role-based access (Admin / Operator / Viewer) limits what each user can do.
  • Every write operation requires explicit operator confirmation; destructive operations require a typed phrase.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. Email andy@sknk.us with the request and we will respond within 30 days.

Children

MaxAI is not intended for individuals under 18.

Changes

We may update this policy. Material changes will be announced via email and reflected on this page; the “Last updated” date at the top tracks revisions.

Contact

Privacy questions or requests: andy@sknk.us.