Privacy Policy
This policy explains what information Maxx Stacks collects, why we collect it, how we use it, and the rights you have over your information. We are committed to handling your data with transparency and care.
We collect information you provide directly, information collected automatically through your use of our services, and information from third parties.
Information you provide:
- Account registration information (name, business email, company name, job title)
- Contact form submissions and support requests
- Request Access form submissions including organizational details
- Payment information (processed by our payment processor; we do not store card data)
- Communications you send to us, including emails
Information collected automatically:
- Log data (IP address, browser type, operating system, referring URL, pages visited, time spent)
- Device identifiers and characteristics
- Usage data and feature interaction patterns within the platform
- Cookie and tracking technology data (see the Cookies section below)
Customer data: When you use the MSIL platform, you may provide or connect organizational data sources. This data is processed on your behalf as a data processor and is governed by your Master Services Agreement and Data Processing Addendum.
We use the information we collect to:
- Provide, operate, and improve the Maxx Stacks platform and services
- Process and fulfill your access requests and account registrations
- Communicate with you about your account, updates, and support requests
- Send marketing communications where you have given consent or we have a legitimate interest
- Analyze usage patterns to improve product experience and performance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our agreements
- Respond to legal requests and court orders
We do not use customer data to train shared AI models or provide data from one customer to another.
For individuals in the European Economic Area, United Kingdom, and Switzerland, our legal bases for processing personal data are:
| Processing Purpose | Legal Basis |
|---|---|
| Providing services you have requested | Contract performance (Art. 6(1)(b)) |
| Sending transactional communications | Contract performance (Art. 6(1)(b)) |
| Analytics and platform improvement | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) or legitimate interests |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not sell your personal data. We share information only in the following circumstances:
- Service providers and subprocessors: We engage third-party companies to help operate our business (cloud infrastructure, payment processing, analytics, customer support). These parties are contractually bound to process data only as directed by Maxx Stacks.
- Business transfers: If Maxx Stacks is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify users via email or platform notice.
- Legal requirements: We may disclose information when required by law, court order, or governmental authority.
- With your consent: We share information in other circumstances only with your explicit consent.
Our current list of subprocessors is available at maxxstacks.com/subprocessors. Enterprise customers are notified 30 days before any new subprocessor is added.
We use cookies and similar tracking technologies on our website and platform. For a complete description of the cookies we use and your opt-out options, please review our Cookie Policy.
Essential cookies required for platform function cannot be disabled. All other cookies may be managed through your browser settings or our cookie consent banner.
We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 3 years |
| Platform audit logs | 7 years (compliance requirement) |
| Marketing contact records | Until opt-out or 3 years of inactivity |
| Support tickets | 3 years from resolution |
| Payment records | 7 years (financial regulation requirement) |
| Website analytics | 26 months |
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact privacy@maxxstacks.com. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Maxx Stacks is headquartered in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission where applicable.
We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include AES-256 encryption at rest, TLS 1.3 in transit, access controls, and regular security audits. For a full description of our security posture, visit our Security & Trust page.
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly. Contact privacy@maxxstacks.com if you believe we have inadvertently collected data from a minor.
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email (if you have an account) and by posting the updated policy with a new effective date. Your continued use of our services after notification constitutes acceptance of the updated policy.
For privacy inquiries, data subject requests, or questions about this policy:
- Email: privacy@maxxstacks.com
- Mail: Maxx Stacks Inc., Attn: Privacy Team, [Address on file with registered agent]
- Data Protection Officer: dpo@maxxstacks.com
- EU Representative: Contact us at the DPO email for EU representative details.