PRIVACY POLICY

Last Updated: February 25, 2025

MAXED.VIP ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services (collectively, the "Service").

We take your privacy seriously and encourage you to read this Privacy Policy carefully. By accessing or using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

1. INFORMATION WE COLLECT

We collect several types of information from and about users of our Service:

1.1 Personal Information You Provide

We collect the following categories of personal information that you voluntarily provide to us:

  • Identification Information: Your name, email address, phone number, mailing address, profile photo, username, and password. For creators and fitness professionals, we may also collect professional credentials and social security number for payment processing purposes.

  • Financial Information: Our payment processor, Stripe, Inc. ("Stripe"), collects financial information necessary to process payments through the Service. This information is processed pursuant to Stripe's services agreement and privacy policy, in addition to this Privacy Policy, and our Terms of Service.

  • Communication Information: Information you provide when you contact us with questions, respond to surveys, or participate in market research.

  • Profile Information: Information you provide when setting up your profile, including biographical information, fitness specialties, certifications, and professional experience.

  • Content Information: Information contained in the content you create, upload, or make available through the Service, including workout plans, nutrition guides, coaching materials, and other digital products.

  • Calendar and Booking Information: Information related to appointments, schedules, and availability you set up through our booking features.

  • Demographic Information: Your age, gender, and other demographic details you choose to provide.

  • Social Media Information: When you connect your social media accounts to our Service or interact with our Social Media Pages (such as Instagram, Facebook, YouTube, and TikTok), we may collect information you make available through your settings with those platforms, such as profile details, friend lists, and engagement metrics.

1.2 Information We Collect Automatically

When you visit, use, or interact with our Service, we automatically collect certain information about your device and usage:

  • Log Information: Information that your browser automatically sends whenever you visit the Service, including your Internet Protocol (IP) address, browser type and settings, date and time of your request, and how you interacted with the Service.

  • Device Information: Information about the device you use to access the Service, including device name, operating system, browser type, and mobile network information.

  • Usage Information: Information about how you use our Service, such as the types of content you view or engage with, features you use, actions you take, and the time, frequency, and duration of your activities.

  • Location Information: We derive a rough estimate of your location from your IP address.

  • Analytics Information: We use PostHog, an analytics service, to collect information about how you interact with our Service. This helps us understand user behavior and improve our Service.

  • Email Open/Click Information: We use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.

2. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES

2.1 Cookies

Cookies are small data files that are placed on your computer or mobile device when you visit a website. We use cookies to operate and administer our Service, gather usage data, and improve your experience.

Cookies can be stored on your computer for different periods of time:

  • Session Cookies: These expire after a certain amount of time or when you close your browser.
  • Persistent Cookies: These survive after your browser is closed until a defined expiration date and help recognize your computer when you open your browser and browse the Internet again.

PostHog, our analytics provider, stores some data in cookies to help us understand how users interact with our Service. These cookies collect information about your browsing habits to make advertising relevant to you and your interests.

2.2 Your Choices Regarding Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to alert you when a cookie is being sent. However, if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Service or benefit from its full functionality.

For more information about cookies and how to manage them, visit All About Cookies.

Advertising networks may use cookies to collect personal information. Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative's online resources at http://www.networkadvertising.org and follow the opt-out instructions there.

If you access the Service on your mobile device, you may not be able to control tracking technologies through the settings.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes, including:

  • Providing, operating, maintaining, and improving the Service
  • Setting up and managing your account
  • Processing transactions and sending related information, including confirmations and receipts
  • Understanding how users interact with our Service through analytics
  • Personalizing your experience and delivering content relevant to your interests
  • Responding to your comments, questions, and requests
  • Sending you technical notices, updates, security alerts, and administrative messages
  • Communicating with you about products, services, offers, promotions, and events
  • Monitoring and analyzing trends, usage, and activities in connection with our Service
  • Detecting, preventing, and addressing technical issues, fraud, and illegal activities
  • Carrying out our obligations and enforcing our rights arising from any contracts between you and us
  • Complying with legal obligations

4. HOW WE SHARE YOUR INFORMATION

We may share your personal information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as:

  • Payment Processing: We share information with Stripe to process payments.
  • Analytics: We use PostHog to collect and analyze information about how users interact with our Service. To protect your privacy, we automatically anonymize sensitive personal information before it reaches PostHog, including but not limited to names, email addresses, phone numbers, physical addresses, and any other personally identifiable information. This ensures that our analytics data cannot be used to identify individual users while still allowing us to improve our service based on usage patterns.
  • Email Services: We use email service providers to send communications.
  • Cloud Hosting: We use cloud hosting providers to store data and host our Service.
  • Authentication: Supabase handles authentication and encryption to protect your core data such as name, email, phone number, and additional information. Supabase implements industry-standard security measures, including AES-256 encryption at rest and TLS encryption in transit. They are SOC2 Type 2 and HIPAA compliant, with comprehensive security features including role-based access control, multi-factor authentication, and regular security audits. For detailed information about Supabase's security measures, please visit Supabase's Security Page.

4.2 Platform Interactions

  • Creator-User Relationships: When you, as a user, book services, purchase products, communicate with a creator, or engage with a creator's content through our Service, that creator will receive certain information necessary to fulfill their services. This information may include, but is not limited to, your name, contact details, booking preferences, and any additional information you provide related to the service or product.

  • Creator Content: If you are a creator, information about your offerings, profile, and professional services will be visible to users of the Service. You control what information you make public through your storefront.

  • Creator Data Responsibilities: Creators who receive user data through our platform:

    • Must maintain appropriate confidentiality and security measures for user data
    • Are solely responsible for their use, storage, and handling of user data
    • May use user data only for the specific purposes for which it was collected
    • May send marketing or service-related communications to users who have engaged with their services
    • Must comply with all applicable privacy laws and regulations

  • User Acknowledgment: By engaging with a creator through our Service, you acknowledge that:

    • Your information will be shared with the creator as necessary for service fulfillment
    • The creator may have their own privacy practices and policies governing their use of your data
    • MAXED.VIP is not responsible for how creators use, store, or process your information once shared
    • You should review a creator's privacy practices before sharing sensitive information
    • Creator communications are governed by their own policies, not MAXED.VIP's privacy policy

  • Data Minimization: We limit the personal information shared with creators to only what is necessary for service delivery, payment processing, and communication related to the services provided.

  • Creator Obligations: Creators agree to:

    • Use user data only for legitimate business purposes related to their services
    • Implement appropriate security measures to protect user data
    • Not sell or improperly disclose user data to third parties
    • Delete or anonymize user data when no longer needed
    • Promptly report any data incidents to MAXED.VIP

4.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.5 Protection of Rights

We may disclose your information to protect the rights, property, or safety of MAXED.VIP, our users, or others.

5. DATA SECURITY

We implement appropriate technical and organizational measures to protect the security of your personal information. Through our partnership with Supabase, we maintain a comprehensive security program that includes:

  • Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS.
  • Access Controls: Implementation of role-based access control (RBAC) and strict permission management.
  • Authentication Security: Support for Multi-factor Authentication (MFA) to add an additional layer of security.
  • Regular Backups: Automated daily backups of all databases with point-in-time recovery capabilities.
  • DDoS Protection: Multiple layers of DDoS protection, including CDN-level protection via Cloudflare.
  • Vulnerability Management: Regular penetration testing and security scanning using industry-standard tools.
  • Compliance: Our infrastructure provider, Supabase, maintains SOC2 Type 2 and HIPAA compliance.

For more detailed information about our data processing practices and shared security responsibilities with Supabase, you can review our Data Processing Agreement with Supabase.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

In the event of a data breach that affects your personal information, we will notify you in compliance with applicable laws.

6. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We determine the appropriate retention period based on the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You may request access to your personal information that we collect.
  • Correction: You may request that we correct inaccurate personal information.
  • Deletion: You may request that we delete your personal information.
  • Restriction: You may request that we restrict the processing of your personal information.
  • Data Portability: You may request a copy of the personal information you provided to us in a structured, commonly used, and machine-readable format.
  • Objection: You may object to our processing of your personal information.
  • Withdrawal of Consent: You may withdraw consent where processing is based on consent.

To exercise these rights, please contact us at privacy@maxed.vip. We may need to verify your identity before responding to your request.

8. CHILDREN'S PRIVACY

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as soon as possible.

9. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

Specifically, our servers are located in the United States, and our service providers may be located in various countries. This means that when we collect your personal information, we may process it in any of these countries. By using our Service, you consent to this transfer.

10. THIRD-PARTY SERVICES

10.1 Third-Party Links

Our Service may contain links to third-party websites and services that are not owned or controlled by MAXED.VIP. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of these third-party sites.

10.2 Third-Party Service Providers

We use the following third-party service providers, whose privacy practices are governed by their respective privacy policies:

  • Stripe: For payment processing. Please review Stripe's Privacy Policy for information on how they handle your data.
  • PostHog: For analytics. PostHog's servers are based in the US, which may have implications for GDPR compliance. Please review PostHog's Privacy Policy for more information.
  • Supabase: For authentication and encryption. Please review Supabase's Privacy Policy for information on how they handle your data.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the changes.

12. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: maxed.vip.official@gmail.com

13. REGIONAL PRIVACY RIGHTS

California Residents

If you are a California resident, you can learn more about your consumer privacy rights by visiting the California Office of Attorney General's website at https://oag.ca.gov/privacy/ccpa.

European Residents

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you can learn more about your rights under the General Data Protection Regulation (GDPR) by visiting the European Commission's website at https://ec.europa.eu/info/law/law-topic/data-protection_en.

To exercise any of your privacy rights, please contact us at maxed.vip.official@gmail.com.

By using our Service, you acknowledge that you have read and understood this Privacy Policy.