← Back to Home

Privacy Policy

Last updated: July 1, 2025

1. Introduction

MaxyService ("we", "our", "us") operates the maxyservice.com platform — a cloud-based service management solution for repair businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and organization name. If you subscribe to a paid plan, our payment processor (Stripe) collects billing information — we never store your full credit card number.

2.2 Customer & Device Data

Data you enter about your customers (names, phones, emails, addresses) and their devices (brand, model, serial numbers, IMEI) is stored securely and is only accessible to authorized members of your organization.

2.3 Usage Data

We automatically collect technical information including browser type, device type, pages visited, and timestamps via Vercel Analytics. This data is anonymized and used solely to improve the service.

3. How We Use Your Information

  • To provide and maintain the MaxyService platform
  • To process subscriptions and payments via Stripe
  • To send transactional emails (invoices, estimates, status updates) via Resend
  • To send SMS notifications via Twilio when enabled by you
  • To provide customer support and respond to inquiries
  • To detect, prevent, and address technical issues
  • To analyze usage patterns and improve the service (anonymized data only)

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with row-level security (RLS) policies ensuring strict tenant isolation — your data is never accessible to other organizations. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). The application is hosted on Vercel with automatic HTTPS.

5. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

  • Supabase — Database hosting and authentication
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Twilio — SMS notifications
  • Vercel — Application hosting and analytics
  • Upstash — Redis caching and rate limiting
  • Google Calendar — Calendar integration (when enabled)
  • Sentry — Error monitoring (no personal data sent)

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing of your personal data

Organization administrators can export or erase customer data directly from the MaxyService dashboard. For account-level requests, contact us at privacy@maxyservice.com.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all associated data (organization, customers, devices, service requests, invoices) is permanently deleted within 30 days. Backup copies are purged within 90 days.

8. Cookies

MaxyService uses essential cookies only — for authentication session management (Supabase auth tokens) and theme preferences. We do not use advertising or tracking cookies. Vercel Analytics uses privacy-focused, cookie-free analytics.

9. Children's Privacy

MaxyService is a business-to-business (B2B) service and is not intended for children under 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For questions about this Privacy Policy or your data, contact us at: privacy@maxyservice.com