Privacy Policy

1. Information We Collect

a) Account Information

When you register we collect your name, email address, password (hashed - never stored in plain text), and your role (business owner or CPA / accountant). If you represent a firm or company we also collect the firm or company name.

b) Financial Data

If you connect a bank account via Plaid, we receive and store:

• Account balances (current and available)
• Transaction history (date, amount, merchant, category)
• Institution name and account type

We store an encrypted access token provided by Plaid to keep your data synced. We never store your bank login credentials, those are handled entirely by Plaid.

If you connect a Stripe account, we access revenue and payment data via Stripe's API to provide financial reporting and forecasting. We store only the connection reference - not your Stripe secret keys.

c) Financial Records You Upload or Sync

Revenue figures, expenses, invoices, bills, payroll data, and other financial records you enter or sync via accounting integrations (e.g. QuickBooks, Xero - where available) are stored to power your dashboards, reports, and AI analysis.

d) Usage & Technical Data

We automatically collect standard server logs including IP address, browser type, pages visited, and timestamps. This is used solely for security monitoring and platform reliability.

e) Communications

If you use our AI chat, SMS, or call-scheduling features, message content is stored to maintain conversation history and generate AI responses. SMS messages are processed via Twilio.

f) Payment Information

Subscription and credit-pack payments are processed by Stripe. We store only your Stripe customer ID and subscription status - your card details are never transmitted to or stored on our servers.

2. How We Use Your Data

• Provide and operate the Maxed platform and all its features
• Generate AI-powered financial insights, reports, forecasts, and Monte Carlo simulations
• Display real-time dashboards populated with your financial data
• Send scheduled digests, alert notifications, and call-prep reports via email or SMS
• Process subscription payments and simulation credit purchases
• Allow your linked CPA or accountant to view your company data within the platform
• Detect anomalies and surface financial alerts relevant to your business
• Maintain security, prevent fraud, and ensure platform reliability
• Comply with applicable legal obligations

We do not sell your personal or financial data to third parties. We do not use your financial data to train AI models sold to other parties.

3. AI Processing

Maxed uses Anthropic Claude to power its AI chat, financial analysis, and report generation features. When you interact with AI features, relevant portions of your financial data and your messages are sent to Anthropic's API to generate a response. Anthropic's data handling is governed by their Privacy Policy. We do not send your data to Anthropic for model training purposes.

4. Data Sharing

We share data only in the following limited circumstances:

• Your CPA / Accounting Firm: If your account is linked to a CPA firm via an invite code, that firm's accountants can view your company's financial data and reports within the platform. You control this linkage at account creation.
• Service Providers: We use the following sub-processors to operate the platform - Supabase (database and authentication), Plaid (bank data), Stripe (payments), Anthropic (AI), Twilio (SMS), and Resend (email). Each is bound by data processing agreements.
• Legal Requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

5. Data Retention

We retain your account and financial data for as long as your account is active. If you delete your account, we will delete your personal data and financial records within 30 days, except where we are required to retain records for legal or compliance purposes.

Bank connection tokens (Plaid access tokens) are deleted when you disconnect your bank account or close your account.

6. Data Security

All data is stored in Supabase (hosted on AWS) with encryption at rest and in transit (TLS). Row-level security policies ensure users can only access their own data. Sensitive tokens (bank connection credentials) are stored server-side only and never exposed to the browser.

No system is 100% secure. In the event of a data breach we will notify affected users in accordance with applicable law.

7. Your Rights

Depending on your location you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your data in a portable format
• Disconnect bank or Stripe integrations at any time from the Integrations page
• Opt out of non-essential communications

To exercise any of these rights, email us at privacy@maxed.ai.

8. Cookies

We use session cookies issued by Supabase Auth to keep you logged in. We do not use third-party advertising cookies or tracking pixels. You can clear cookies at any time via your browser settings, which will log you out of the platform.

9. Children's Privacy

The Maxed platform is intended for business use only and is not directed at anyone under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or an in-app notice. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data: