top of page

Privacy Policy

Version: 1.1

Last Updated: April 27, 2026

1. Definitions
2. Information We Collect
2.1 Information You Provide Directly
2.2 Information Collected Automatically
2.3 Information We DO NOT Collect

We explicitly do NOT collect:

  • Precise GPS location or geolocation data

  • Contact lists or address books

  • Financial account numbers (Stripe handles payment data directly)

  • Social Security numbers or government IDs

  • Medical diagnoses or treatment records

  • Health insurance information

  • Prescription or medication data

  • Genetic information

  • Browsing history outside our Platform

3. How We Use Information
3.1 Primary Purposes
3.2 Secondary Purposes (Require Consent)
4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland:

You may withdraw consent at any time without affecting the lawfulness of prior processing based on that consent.

5. Third-Party Disclosure

We share data with the following service providers who help us operate the Platform. All providers are bound by Data Processing Agreements.

We DO NOT Share Data For:

  • Advertising or marketing by third parties

  • Data broker sales

  • Social media profiling

  • Insurance underwriting

  • Employment decisions

  • Any purpose unrelated to providing the Service

 

We do NOT sell your personal information.

6. International Transfers
6.1 Where Your Data Is Processed

Your data is primarily processed in the United States. Our service providers operate in the United States.

6.2 Transfer Safeguards

For transfers from the EEA, UK, or Switzerland to the US, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Data Processing Agreements with all service providers

  • UK International Data Transfer Agreement (IDTA) for UK transfers

  • Adequacy decisions where applicable

6.3 Your Rights

You may request a copy of the safeguards used for international transfers by contacting team@maximind.app.

7. Data Retention
7.2 Deletion Process

When you delete your account:

Data marked for deletion immediately

7-day grace period allows account recovery

After 7 days: permanent deletion from primary systems

Within 60 additional days: purged from all backups

8. Privacy Rights
8.1 Rights Available to All Users
8.2 Data Export Formats

Account data: JSON or CSV

Journal entries: JSON or plain text

Audio sessions: MP3 files

Delivery timeframe: Within 30 days of verified request

8.3 Response Time

We respond to all privacy requests within 30 days. Complex requests may require an extension (up to 60 additional days with notice).

8.4 No Discrimination

We will not discriminate against you for exercising your privacy rights. You will not receive different pricing, service quality, or access levels.

9. State-Specific Rights
9.1 California Residents (CCPA/CPRA)

Your Rights:

  • Right to know what personal information we collect, use, and disclose

  • Right to delete personal information

  • Right to correct inaccurate personal information

  • Right to opt out of the sale or sharing of personal information

  • Right to limit use and disclosure of sensitive personal information

  • Right to non-discrimination for exercising privacy rights

  • Right to designate an authorized agent to make requests on your behalf

 

Disclosures:

  • We do NOT sell your personal information

  • We do NOT share your personal information for cross-context behavioral advertising

 

Categories of Information Collected:

  • Identifiers (email, name)

  • Commercial information (subscription status, purchase history)

  • Internet activity (usage data, device information)

  • Inferences (derived from usage patterns)

  • Sensitive personal information (health-related goals)

 

To Exercise Rights: Email team@maximind.app or use Settings > Privacy.

9.2 Virginia Residents (VCDPA)

You have rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising and profiling. You may appeal our decisions by emailing team@maximind.app with "Privacy Appeal" in the subject line.

9.3 Colorado Residents (CPA)

Similar rights to Virginia, plus the right to opt out of the sale of personal data. We do not sell personal data.

9.4 Connecticut Residents (CTDPA)

You have rights similar to California, including consent requirements for sensitive data (consumer health data). See Section 10 for additional CTDPA health data provisions.

9.5 Utah Residents (UCPA)

You have rights to access, delete, and obtain a copy of your data. Right to opt out of sale (we do not sell) and targeted advertising.

9.6 Nevada Residents

We do not sell your personal information. If you wish to submit a request regarding future sales, email team@maximind.app.

10. Consumer Health Data (MHMDA/CTDPA)

This section applies to users in Washington (My Health My Data Act) and Connecticut (CTDPA), and other jurisdictions with consumer health data privacy laws.

10.1 What Is Consumer Health Data?

Under these laws, "consumer health data" includes personal information that identifies your physical or mental health status, including:

  • Personal wellness goals related to mental health

  • Emotional states you report

  • Session preferences (stress, anxiety, focus, calm)

  • Usage patterns that may reveal health-related information

10.2 Health Data We Collect
10.3 Consent

By using the Platform after accepting our Terms of Service, you provide consent to the collection and processing of consumer health data for the purposes described in this Privacy Policy.

Separate consent is obtained for:

  • Sharing health data with each third-party processor (Section 5)

10.4 Your Health Data Rights

Access: Request a copy of your health data

Delete: Request deletion of your health data

Withdraw Consent: Stop using the service and delete your account

No Sale: We NEVER sell your health data

10.5 No Geofencing

We do NOT:

Collect location data near healthcare facilities

Use geofencing to identify consumers seeking health services

Infer health conditions from location data

10.6 Regulatory Contact

Washington Residents:

Washington Attorney General: atg.wa.gov/file-complaint

Connecticut Residents:

Connecticut Attorney General: portal.ct.gov/AG

11. Security
11.1 Technical Safeguards
12.2 Organizational Safeguards

Security awareness training for all employees

Background checks for employees with data access

Data Processing Agreements with all vendors

Incident response procedures and playbooks

Regular security reviews and updates

11.3 Breach Notification

In the event of a data breach affecting your personal information:

Investigation: We immediately investigate and contain the breach

Notification Timeline: Within 72 hours we will:

- Notify affected users via email

- Notify relevant regulatory authorities

FTC Compliance: Per the FTC Health Breach Notification Rule and applicable state laws

Guidance: We provide guidance on protective steps you can take

Report Security Concernsteam@maximind.app

12. Cookies & Tracking
12.1 What We Use
12.2 What We DO NOT Use

Third-party advertising cookies

Social media tracking pixels (Facebook, Twitter, etc.)

Cross-site tracking technologies

Behavioral advertising or retargeting

Fingerprinting for advertising purposes

12.3 TelemetryDeck (Analytics)

TelemetryDeck is a privacy-focused analytics service that:

Does NOT use cookies

Does NOT collect IP addresses

Does NOT create individual user profiles

Is GDPR-compliant by design

Provides only aggregate, anonymized usage statistics

We use it to understand which features are popular, not to track individuals.

12.4 Your Choices

Essential cookies: Required for Platform functionality; cannot be disabled

Analytics (TelemetryDeck): Can be disabled in Settings > Privacy

Error tracking (Sentry): Can be disabled in Settings > Privacy

13. Children's Privacy
13.1 Age Requirement

The Platform is NOT intended for children under 13 years old. We do not knowingly collect personal information from children under 13. Users between 13 and the age of majority in their jurisdiction may use the Platform with parental consent where required by local law.

13.2 If We Discover Underage Data

If we learn we have collected personal information from a child under 13, we will:

Delete the information promptly (within 7 days)

Terminate the associated account

Notify the parent or guardian if contact information is available

13.3 Parental Reporting

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at team@maximind.app. We will investigate within 48 hours.

14. Automated Decision-Making (GDPR Art. 22)
14.1 How We Use Automation

Our Platform uses AI and automated systems to:

Generate personalized scripts based on your goals and preferences

Customize audio content based on your check-in data

Analyze journal entries to provide contextual responses

Moderate user inputs for safety

14.2 Nature of Decisions

These automated processes:

Personalize content to improve your experience

Do NOT produce legal effects or similarly significant effects on you

Do NOT make decisions about your access to services, pricing, or eligibility

14.3 Your Rights

Request human review of any automated decision that significantly affects you

Receive an explanation of how automated decisions are made

Contest automated decisions you believe are incorrect

To exercise these rights, contact team@maximind.app.

15. Changes to Policy
15.1 How We Notify You

When we make material changes to this Privacy Policy:

We will notify you by email at least 30 days before changes take effect

We will display an in-app notification upon login

We will update the "Last Updated" date at the top

We will highlight significant changes in our notification

15.2 Version History

We maintain a version history of this Privacy Policy. You may request previous versions by contacting team@maximind.app.

15.3 Your Choices

If you disagree with changes:

You may delete your account before the changes take effect

Continuing to use the Platform after the effective date constitutes acceptance

16. Contact
16.1 General Privacy Inquiries

Email: team@maximind.app

Response Time: Within 30 days

16.2 Support

Email: team@maximind.app

16.3 Security Issues

Email: team@maximind.app

Response Time: Within 48 hours for security matters

16.4 Legal / Data Protection Officer

Email: team@maximind.app

For GDPR-related inquiries from EEA, UK, or Switzerland residents, our Data Protection Officer can be reached at team@maximind.app.

16.5 Mailing Address

Health Maxers LLC

30 N Gould St #25736

Sheridan, WY 82801

United States

16.6 Regulatory Complaints

You have the right to lodge a complaint with a supervisory authority if you believe our processing violates applicable law:

Summary: Your Data at a Glance

Document Version: 1.01

Effective Date: April 27, 2026

bottom of page