Last Updated: 7th September 2025. We may revise this statement from time to time. Any updates will be reflected in the date above.
Maximos AI is committed to protecting the privacy of our users and their customers. We stay appraised of developments in data protection laws to ensure that you can be confident in your safety while using our platform.
This page explains what the rules are, how they apply to your use of the Maximos AI platform, and the steps we have taken to comply. You should review this document alongside our Privacy Policy and contact a specialist legal professional if you require further advice.
General Data Protection Regulation (EU) 2016/679, more commonly known as the GDPR, is an EU regulation aimed at harmonizing data protection and privacy laws across the EU. The provisions of the GDPR apply wherever personal data of an EU data subject is involved. The GDPR is focused on giving individuals more control over how their data is used and making the collection and processing of data more transparent. The GDPR was incorporated directly into UK law following the end of the Brexit transition period, meaning UK businesses still have to comply through the UK GDPR.
The GDPR imposes various obligations on a person depending on whether they are a controller or a processor of personal data.
A controller is an entity which decides to process personal data and makes decisions regarding the basis of processing and the methods which will be used. A processor is an entity which processes data for and on behalf of a controller, making no independent decisions regarding that data.
When you use the Maximos AI service, you are a controller. You are in control of the data you upload to the Maximos AI system, what you do with that data, and why. As a result, you are responsible for ensuring that you have a legal basis on which to process the data, and that you do not retain the data for any longer than is necessary.
Maximos AI is a data processor. We store and manage the data you have collected under your instructions. We will never use any personal data which you have uploaded to the Maximos AI system for our own purposes or without your instruction.
Personal data may only be collected and processed if there is a legal basis for doing so. As a processor, Maximos AI relies on our customers to select the correct basis under which they will be collecting and processing personal data, and to put the appropriate notices and consents in place. Before you use the Maximos AI service, you should identify which legal bases may be available to you and only collect and retain personal data to the extent necessary to carry out that basis.
The GDPR grants data subjects certain rights relating to their personal data, including the right to access, correct, and delete any data relating to them.
Maximos AI has put in place easy systems for you to inform us if you receive such a request from a data subject, and for us to inform you if we receive such a request. We will ensure that, following your instructions, these requests are promptly complied with.
If you are located in the EU, UK, or EEA and believe your data has been processed unlawfully, you also have the right to lodge a complaint with your local supervisory authority.
Personal data may not be transferred outside the EEA other than under specific circumstances. We utilize the Standard Contractual Clauses as part of our Data Processing Agreement which we sign with all of our customers.
Our GDPR commitments are further detailed in our Data Processing Agreement (DPA), which forms part of our Terms of Service and is available to all customers.
We have put in place strong security safeguards and measures to ensure that any personal data we hold is stored securely. We regularly test our products for bugs and vulnerabilities.
We ensure that we have regular back-up systems in place, and ensure that we have data recovery and data integrity systems and processes to minimize risk of corruption to or loss of personal data.
We retain personal data processed on your behalf only for as long as necessary to provide the Services or as required by law. Upon termination of Services, we will delete or return personal data, subject to our backup retention and secure deletion policies.
We take our duties as a processor very seriously. We have taken a number of steps to ensure that we remain compliant with the GDPR and that you are able to lawfully send personal data collected by you to us:
If you have any questions regarding this GDPR Statement, please contact us at [email protected].