← Back to Maxly
Legal

Privacy Policy

Last updated April 22, 2026

Your photos are sensitive. We treat them that way. This page explains exactly what we collect, why, and what control you have over it.

01What we collect

  • Photos and intake answers you upload during onboarding.
  • Account information — email, hashed password, billing details (processed by Stripe; we never see your card number).
  • Usage data — pages visited, features used, error logs, device and browser metadata.

02How we use it

We use your data only to deliver and improve the service:

  • Generate your facial analysis and personalized protocol.
  • Save your results so you can revisit and re-run them.
  • Process payments and prevent fraud.
  • Diagnose bugs and improve product quality (in aggregate, never tied to your face).
  • Email you about your account, your analysis, and meaningful product updates.

03What we do not do

  • We do not sell your data. Ever. Not to advertisers, brokers, insurers, or anyone else.
  • We do not use your photos to train AI models — yours or anyone else's.
  • We do not share identifiable photos with marketing partners.
  • We do not run ad networks or behavioral retargeting on Maxly.

04How we protect your data

Photos are encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to a small number of authorized engineers, with all access logged and audited. Backups are encrypted with separate keys.

Maxly is a cosmetic-guidance product, not a medical service. We do not collect, store, or process protected health information.

05Sub-processors

We rely on a small set of vetted third parties to operate Maxly:

  • AWS — encrypted storage and compute (us-east-1, us-west-2).
  • Stripe — payment processing (PCI-DSS Level 1 certified).
  • Postmark — transactional email.
  • Sentry — error monitoring (no PII or photos sent).

Each sub-processor is bound by a Data Processing Agreement that mirrors the protections in this policy.

06Your rights

Wherever you live, you can:

  • Access — download a copy of everything we hold on you.
  • Correct— fix anything that's wrong.
  • Delete — wipe your account and all associated photos and analyses, permanently, from any settings page or by emailing us.
  • Port — receive your data in a machine-readable format.
  • Object — opt out of any non-essential processing.

EU/UK and California residents have additional rights under the GDPR and CCPA respectively. We honor all of them — write to privacy@usemaxly.com to exercise any of these.

07Retention

We keep your photos and analysis for as long as your account is active, plus 30 days after deletion to handle accidental cancellations. Billing records are kept for 7 years for tax purposes. Aggregated, anonymized analytics may be retained indefinitely.

08Children

Maxly is for adults 18+. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it immediately.

09Changes to this policy

If we make material changes, we'll email you and post a notice on our site at least 14 days before they take effect. Older versions are available on request.

10Contact

For privacy questions, data requests, or concerns: privacy@usemaxly.com. Our Data Protection Officer can be reached at the same address.

© 2026 Maxly
Terms of Service