M
MAXOO

Privacy Policy

Effective date: January 1, 2025

This Privacy Policy explains how Maxoo ("Maxoo", "we", "us", or "our") collects, uses, discloses, stores, and protects personal information when you visit or use the Maxoo website and services (the "Platform"), including creation, export, and download of AI-generated content, and payments via third-party processors (e.g., Stripe).

By using the Platform you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

1. Scope

This policy applies to personal data of individuals who use Maxoo as customers, visitors, or end users (collectively, "Users"). It does not replace the separate Creator Privacy Policy, which governs Creators who publish and sell tools on the Platform.

2. What Personal Information We Collect

2.1 Information you provide directly

When you register, use tools, purchase or export content, or contact support, we may collect:

  • Full name and display name
  • Email address
  • Billing and invoicing details (e.g., billing address) — note: we do NOT store full card numbers (cards processed by Stripe)
  • User uploaded files, images, and documents (for processing/export)
  • Inputs you type into AI tools (prompts, variables, template fields)
  • Account authentication data (password hashes, OAuth tokens)
  • Support messages, feedback, and correspondence
  • Public profile information (if you create one)

2.2 Automatically collected data

When you interact with the Platform we automatically collect:

  • IP address, approximate location (city/country)
  • Device data (device type, OS, browser)
  • Usage and telemetry (pages viewed, clicks, tool use, timestamps)
  • Cookies, local storage identifiers, and analytics identifiers
  • Performance and error logs (for debugging)

2.3 Third-party data

When you connect third-party services or use embedded/external functionality, we may receive:

  • OpenAI / AI provider usage metadata and model results (API responses)
  • Payment metadata from Stripe (transaction IDs, status, amounts)
  • File previews or metadata from cloud storage (if you connect Drive/Dropbox)
  • Public profile info from social logins (Google) if you choose to authenticate that way

3. How We Use Your Personal Information

We use personal data to:

  • Provide, operate, maintain, and improve the Platform and features (tool execution, export, storage)
  • Execute AI requests and produce outputs (send user inputs to third-party AI providers)
  • Process purchases, refunds, and payouts (via Stripe or other payment processors)
  • Personalise your experience and show relevant tools/offers
  • Communicate with you (transaction emails, support responses, updates)
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Analyze usage and perform internal analytics to measure and improve our services
  • Comply with legal obligations and enforce our Terms & Conditions

We only use data for the purposes described in this policy or as otherwise disclosed at collection and permitted by applicable law.

4. Legal Bases for Processing (EU / EEA residents)

If you are in the EU/EEA, we rely on one or more of the following legal bases:

  • Performance of contract: to provide our services and fulfil orders.
  • Consent: where you have given consent (e.g., marketing communications, cookies). You can withdraw consent at any time.
  • Legitimate interests: for platform security, fraud prevention, analytics, and product improvements (balanced against your rights).
  • Legal compliance: to comply with legal obligations or respond to lawful requests.

5. Sharing & Disclosure of Personal Information

We may share information with:

5.1 Service providers & vendors

  • AI providers (e.g., OpenAI): to process AI prompts and return outputs. We may send user prompts and selected metadata to these providers.
  • Payment processors (e.g., Stripe): to process payments; Stripe receives billing and transaction details.
  • Hosting & infrastructure providers: cloud storage, databases, CDN, backups.
  • Email providers, analytics, and CRM tools for communications and analytics.

We only share the minimum data needed for each provider to perform its function and require them to act per our instructions and privacy standards.

5.2 With Creators or Sellers

If you purchase or request delivery of content from a Creator, Maxoo may share relevant order or delivery data with the Creator (e.g., order ID, fulfillment details). We do not disclose your payment method details to Creators.

5.3 Legal & Safety disclosures

We may disclose information to comply with laws, legal processes, or to protect rights, safety, and security (including requests by law enforcement). We may also disclose data to prevent fraud, abuse, or security incidents.

6. How Long We Keep Your Data (Retention)

We retain personal data only as long as necessary for:

  • Providing the service and performing the contract (account active + reasonable post-termination period for disputes)
  • Legal obligations (e.g., finance / tax records)
  • Fraud prevention and security needs

Typical retention examples (subject to change):

  • Account data (profile, email): retained until account deletion + 90 days archival.
  • Transaction records & invoices: retained 7 years (for tax/legal compliance).
  • AI interaction logs & usage telemetry: retained 6–24 months for analytics and abuse detection (aggregate logs may be retained longer).
  • Backups & logs: retained per backup policy (encrypted) — up to 2 years.

If you request deletion, we will delete or anonymise your personal data unless we must retain it for legal or legitimate business reasons; we will notify you if deletion is restricted.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access personal data we hold about you
  • Correct or update inaccurate personal data
  • Request deletion (right to be forgotten)
  • Request portability of your data in a structured, machine-readable format
  • Object to or restrict processing in certain circumstances
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data protection authority

California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Request disclosure of personal data categories collected/sold/shared in the prior 12 months
  • Request deletion of personal information (with certain exceptions)
  • Opt out of sale of personal information — Maxoo does not sell personal data

To exercise rights, contact privacy@maxoo.com. We will respond within legally required timeframes (e.g., 30 days for GDPR/CCPA).

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Platform:

  • Essential cookies: required for authentication and core functionality.
  • Performance/analytics cookies: to measure usage and improve the product.
  • Preferences cookies: store theme, language, and preferences.
  • Marketing cookies: for advertising and personalization (only with consent where required).

You may manage or block cookies through your browser settings. Disabling certain cookies may impact functionality.

9. Security Practices

We implement reasonable administrative, physical, and technical safeguards, including:

  • Encryption in transit (TLS) and encryption at rest for sensitive stored data
  • Strong access controls and least privilege for internal tools
  • Regular security assessments and monitoring
  • Secure key management for API credentials

However, no system is perfect. We cannot guarantee absolute security. If a data breach occurs that is likely to cause serious harm, we will notify affected users and regulators as required by law.

10. International Data Transfers

Maxoo is hosted on cloud providers which may process and store data across multiple jurisdictions. By using Maxoo you consent to transfer, processing, and storage of your information in countries outside your country of residence. We use appropriate safeguards (standard contractual clauses, contractual protections) to protect transfers from the EU/EEA and UK.

11. Minors & Children

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected such data, we will delete it as soon as possible. Parents or guardians may contact privacy@maxoo.com to request deletion of data for children.

12. Changes to this Policy

We may update this Policy to reflect changes in our practices, services, or legal requirements. We will post the updated Privacy Policy with a new effective date and, where appropriate, notify users by email or in-app notification. Continued use after updates indicates your acceptance of the revised policy.

13. Contact Us

For questions about this Privacy Policy, to exercise rights, or report concerns, contact:

Privacy Team — Maxoo

Email: privacy@maxoo.com

Support: support@maxoo.com.au

Website: www.maxoo.com.au