We'll reach out soon to schedule a conversation to see how Maxxam AI can meet the unique needs of your business.
Want to skip the line?
MAXXAM.ai Privacy Policy Last updated: March 1, 2026
MAXXAM.ai (“MAXXAM,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our websites, applications, AI automation services, and communication channels, including SMS and email (collectively, the “Services”).
By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
1. Information We Collect
1.1 Information you provide
Contact details (name, business name, email address, phone number).
Billing information (processed via third-party payment processors).
Communications you send us (emails, SMS, support tickets).
Client and end-customer data you upload or connect (e.g., customer lists, appointment data, conversation transcripts).
1.2 Information collected automatically
Usage data (pages viewed, features used, timestamps).
Device and technical data (IP address, browser, operating system, device identifiers).
Cookies and similar technologies used for functionality, preferences, and analytics, consistent with applicable privacy laws.
2. SMS Privacy
2.1 How we use phone numbers
Account verification and security notifications.
Service-related alerts and workflow updates.
Marketing or promotional SMS where permitted by law and your preferences.
Sending SMS on your behalf to your customers when you configure automations or campaigns.
2.2 Message content and logs
We process SMS content and related metadata to deliver messages, provide logs and analytics, prevent abuse, and troubleshoot.
We retain logs for a commercially reasonable period for billing, support, and compliance.
2.3 SMS consent and opt-out
You are responsible for obtaining any legally required consent from your contacts before sending SMS via our Services and for honoring opt-out requests.
Where we send SMS directly to you for marketing, you may opt out using instructions in the message (e.g., replying “STOP”) or by contacting us.
We do not sell SMS phone numbers.
3. Email Privacy
3.1 How we use email addresses
Account setup, login, and security (e.g., password resets).
Transactional and service communications (billing notices, product updates, support).
Marketing and newsletters where you have not opted out and where permitted by law.
Sending email on your behalf to your customers when you configure email campaigns or automation.
3.2 Email content and logs
We process email content, subject lines, and metadata to deliver messages, provide analytics, and prevent spam or abuse.
We retain email logs for a commercially reasonable period for security, support, and legal obligations.
3.3 Email preferences
You can unsubscribe from marketing emails at any time via an unsubscribe mechanism or by contacting us.
You may still receive necessary transactional emails.
We do not sell email addresses.
4. Data Privacy and AI Processing
4.1 Data we process for AI
Business and contact data (customer lists, lead data, appointment records).
Interaction data (SMS/email content, call transcripts, chat exchanges).
Configuration and automation data (workflows, rules, tags, settings).
4.2 Purposes of processing
Provide, operate, and improve the Services.
Run automations, campaigns, and analytics you configure.
Enhance features and models in a way that does not uniquely identify individuals where permitted by law.
Detect, prevent, and respond to security incidents or misuse.
Comply with legal obligations and enforce our agreements.
4.3 Legal bases (where applicable)
Depending on your jurisdiction, our legal bases may include:
Performance of a contract (to provide the Services).
Legitimate interests (to secure, maintain, and improve the Services).
Consent (for marketing communications and certain optional features).
Legal obligations (for compliance and reporting).
5. Health Information, PHI, and HIPAA
5.1 Healthcare and PHI
Some customers are mental health, public health, or other healthcare organizations that may process PHI through our Services. HIPAA does not create a special “AI privacy rule,” but AI tools that use or disclose PHI for covered entities fall under existing HIPAA rules and vendor management frameworks.
5.2 Business Associate role
When we sign a BAA with a covered entity or business associate, we act as a Business Associate and handle PHI according to that BAA and HIPAA’s Privacy and Security Rules, implementing appropriate safeguards.
5.3 HIPAA-eligible AI tools
Our AI tools can be configured for PHI only in formally designated, HIPAA-eligible environments and features covered by an active BAA. Customers must ensure PHI is only entered into or transmitted through those HIPAA-eligible components and not into consumer, non-HIPAA services or analytics tools (for example, tools like standard web analytics that are not HIPAA-eligible).
5.4 No PHI without BAA
If we have not executed a BAA with you and designated your account and relevant features as HIPAA-eligible, you must not use the Services to store, process, or transmit PHI. Using PHI in non-eligible features or without a BAA is at your own risk and contrary to this Policy.
5.5 Customer responsibilities
You are responsible for:
Determining whether you are a covered entity or business associate.
Entering into a BAA with us before using the Services with PHI.
Configuring workflows, access controls, and integrations to comply with HIPAA and other applicable laws.
Not sending PHI into non-HIPAA-eligible tools, models, or third-party services.
There is no official HIPAA “certification” for cloud or SaaS services; compliance is demonstrated through safeguards, BAAs, and ongoing risk management.
6. Data Sharing and Disclosure
We do not sell personal information. We may share information:
With service providers (e.g., hosting, SMS/email delivery, analytics, payment processing, support) bound by confidentiality and data protection obligations.
With your organization (e.g., your employer or practice) where your account is provisioned by that organization and subject to its admin controls.
For legal and safety reasons (to comply with law, respond to lawful requests, or protect rights, property, or safety).
In business transfers (e.g., merger, acquisition, or sale of assets) subject to appropriate protections.
7. Data Retention
We retain personal data for as long as necessary to:
Provide and maintain the Services.
Comply with legal and contractual requirements.
Resolve disputes and enforce agreements.
Support accurate billing, security, and auditing.
We may anonymize or aggregate data so it no longer identifies you and use it for analytics and business purposes.
8. Security
We implement reasonable administrative, technical, and physical safeguards to protect your data, aligned with industry practices and applicable laws (for example, encryption in transit, access controls, logging, and security reviews). However, no system is completely secure, and we cannot guarantee absolute security.
9. International Data Transfers
Your information may be stored and processed in countries other than your own. Where required, we use appropriate safeguards, such as contractual clauses, for cross-border transfers of personal data.
10. Your Rights
Depending on your jurisdiction, you may have rights to:
Access your personal information.
Request correction of inaccurate data.
Request deletion of certain data.
Restrict or object to certain processing.
Request a portable copy of certain information.
Withdraw consent where processing is based on consent.
To exercise these rights, contact us using the information below. Where we act as a processor/service provider for a business customer, we may direct you to that customer to handle your request.
11. Children’s Privacy
The Services are not directed to children under 16 (or as defined by local law), and we do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it.
12. Third-Party Services
The Services may link to or integrate with third-party websites and services. Their privacy practices are governed by their own policies, and we encourage you to review them before providing personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. If we make material changes, we will update the “Last updated” date and may provide additional notice (e.g., email or in-app notice). Your continued use of the Services after changes become effective signifies your acceptance.
14. Contact Us
If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact:
