Privacy Policy

MaxxBot by ScaleX (Beta)

Last updated: July 16, 2026

1. Overview

This Privacy Policy explains how MaxxBot ("the Service"), operated by ScaleX LLC, collects, uses, stores, and protects information during the beta period. We have written it to reflect how the Service actually works today — see our Security page for the technical detail behind the data-protection statements below.

2. Information We Collect

a) Account information

When you create an account, our authentication provider (Clerk) collects and stores your email address, your name if you provide it, and authentication metadata such as sign-in timestamps. We use this to identify your account and secure your sign-in.

b) Chat content

The questions you ask MaxxBot and the responses it generates are stored so your chats persist across sessions and devices. Chat titles may be generated automatically from the content of a conversation.

c) Uploaded spend data

If you use the spend-analysis feature, the CSV files you upload and the classified breakdown we produce from them are stored against your account so your dashboard persists. Please review section 6 before uploading sensitive data.

d) Feedback

If you send feedback through the in-app feedback tool, we store the message you write, the category you select, and — only if you leave the "include a snapshot of this chat" box checked — a copy of the recent messages in the chat you were viewing, so we can act on your report.

e) Operational logs

To keep the Service available and to prevent abuse, we keep limited operational records such as rate-limiting counters (an opaque account or network identifier plus a timestamp — no message content) and standard server logs.

3. How We Use Information

  • To operate the Service and answer your questions
  • To persist your chats, uploads, and dashboards across sessions
  • To secure accounts and prevent abuse (including rate limiting)
  • To diagnose errors and improve response quality and our knowledge base

We do not sell your data, and we do not serve third-party advertising.

4. Where Your Data Is Stored & How It Is Isolated

Your account's chats, uploaded spend data, and feedback are stored in a dedicated Supabase (PostgreSQL) database. Every row of your data is tagged with your account identifier and protected by database-enforced Row-Level Security, so one account cannot read or modify another account's data. The application connects using a least-privilege database role that cannot bypass this isolation. You can read the technical evidence for this on our Security page.

The reference data MaxxBot answers from (rate benchmarks, vendor and service information, methodology) is a shared, read-only knowledge base that contains no customer data. It is the same library for every customer and cannot be written to by a user request.

5. Third-Party Processors

The Service relies on a small number of infrastructure providers who process data on our behalf:

  • Clerk — authentication and account management (email, name, sign-in metadata).
  • Supabase — the PostgreSQL database that stores your chats, uploaded spend data, and feedback.
  • Anthropic(accessed via the Vercel AI Gateway) — the large-language model that generates MaxxBot's responses. Your messages are sent to it to produce an answer.
  • Vercel — application hosting and serverless compute.
  • Sentry — crash and error diagnostics for the mobile app, to help us keep the Service stable. No personal information (such as your email or IP address) is attached to these reports.

These providers process data under their own terms and privacy commitments. We do not control, and this policy does not speak for, their internal practices beyond how we configure the Service.

6. AI Model Processing

MaxxBot generates responses using a third-party AI model (Anthropic's Claude, accessed via the Vercel AI Gateway). Your chat messages are sent to that provider only to generate a response. We do not use your data to train public AI models, and the AI provider's handling of the data it receives is governed by its own enterprise data policy.

7. Data Security

Measures currently in place include:

  • Database-enforced per-account isolation (Row-Level Security) on all user data
  • A least-privilege application database role that cannot bypass that isolation
  • Encryption in transit (TLS/HTTPS) for connections to the app and the database
  • Authentication handled by a specialised provider (Clerk)
  • Per-account and per-network rate limiting to bound abuse

We are honest about the limits of a beta product: MaxxBot does not yet hold a SOC 2 or ISO 27001 certification and has not yet undergone an independent penetration test. See the Security page for the full, plainly-stated list of what is and is not yet in place. No system is 100% secure.

8. Data Retention & Deletion

We retain your account data (chats, uploaded spend data, feedback) for as long as your account is active, so the Service continues to work for you. You may request deletion of your data or your account at any time by emailing contact@yourscalex.com, and we will complete the deletion within 30 days of your request.

9. What You Should Not Upload

MaxxBot is a beta product. Please do not upload or paste:

  • Highly confidential or privileged contracts
  • Personal data about others (PII)
  • Regulated data (e.g. HIPAA, PCI)
  • Sensitive internal documents you are not authorised to share

10. Your Rights

You may request to:

  • Access the data associated with your account
  • Delete your data or your account
  • Stop using the Service at any time

Requests can be made via contact@yourscalex.com.

11. Changes to This Policy

This Privacy Policy may be updated as the Service evolves out of beta. Material changes will be reflected in the "last updated" date above.

12. Contact

For privacy questions, contact contact@yourscalex.com.