This Privacy Policy explains how MaxPax (“MaxPax”, “we”, “us”) collects, uses, and safeguards information when you use our quote-automation service at maxpax.ai (the “Service”). The Service connects to your email inbox and your pricing spreadsheet, reads incoming quote requests from customers, and replies with a quote on your behalf.
If you have any questions, or want to access, export, or delete your data, contact us at [email protected].
1. Who this policy covers
This policy applies to:
- Account owners — businesses and individuals who sign up for MaxPax to automate their quoting.
- Team members invited by an account owner.
- End customers — the people who email a MaxPax-connected inbox to request a quote. Their email content is processed on behalf of the account owner.
2. Information we collect
2.1 Account information
- Name and email address (from single sign-on or manual sign-up)
- Account role and permissions (owner, team member, admin)
- Billing information, where applicable, via our payments processor
2.2 Email credentials you provide
- IMAP and SMTP server addresses, ports, usernames, and the password or app password you enter for MaxPax to connect to your inbox
- These credentials are stored in our database and used exclusively to fetch incoming quote requests and to send quote replies on your behalf
2.3 Email content processed on your behalf
- The subject, body, sender address, and received timestamp of incoming quote-request emails in your connected inbox
- The reply we generate and send to your customer
- Related metadata: message IDs (used to avoid duplicate processing), product match, extracted fields, and an audit trail of the AI's reasoning
MaxPax does not read, index, or store emails outside of the quote-request flow. We only process messages that arrive in your connected inbox and that look like quote requests.
2.4 Pricing configuration
- Your product definitions, trigger keywords, customer-segment configuration, and email templates
- The Excel pricing workbook you upload, which we host in cloud storage on your behalf so MaxPax can read live prices from it
2.5 Usage and technical data
- Logs of requests to our web application (IP address, user agent, timestamps)
- Application telemetry (errors, scheduler runs, quote-processing events)
- Aggregate analytics on marketing-site traffic (page views and session counts)
3. How we use this information
- Deliver the Service. Read quote-request emails from your inbox, extract pricing inputs, look up the price in your workbook, and send a reply to your customer.
- Account management. Authenticate you, enforce permissions, and bill you for usage.
- Operate and improve the Service. Monitor reliability, diagnose errors, and improve the accuracy of our AI extraction.
- Security. Detect and respond to abuse, fraud, and attacks.
- Communication. Send transactional emails (sign-in, billing, product updates). We do not sell or rent your data for marketing.
4. Third-party service providers
MaxPax relies on a small number of third-party service providers to run the Service — for example, to host infrastructure, process payments, run AI extraction on the email content you direct us to process, and deliver transactional email. Some of these providers may process data outside Australia.
We do not sell your data. We will not share your data with other third parties except where required by law or to protect the rights, property, or safety of MaxPax, our users, or the public. If you would like a current list of the service providers we use, contact us at [email protected].
5. Data retention
- Quote history is retained for as long as your account is active, so you can review, re-run, or export prior quotes. You can delete individual quotes from the dashboard at any time; deleted quotes are soft-deleted and can be permanently removed on request.
- Credentials and configuration (IMAP/SMTP credentials, products, templates, workbook) are retained while your account is active. They are removed when you delete them or close your account.
- Billing records are retained as long as required by applicable tax and accounting laws.
- Operational logs are retained for a limited period (typically 30–90 days) for debugging and abuse prevention.
- Account closure. If you close your account, we will delete your stored email content, credentials, and configuration within 30 days, except where we are required to retain it by law.
6. Security
- Encryption in transit. Connections to our web application, to your inbox (IMAP over SSL), to your outgoing mail server (SMTP over TLS), and to our service providers run over encrypted channels.
- Per-account isolation. Every quote, credential, product, template, and workbook is scoped to the account it belongs to. Our code paths enforce account-level access on every read and write.
- Access control. Administrative access to production systems is restricted to authorised operators and requires authenticated sessions.
- No system is perfectly secure. We cannot guarantee absolute security, and we encourage you to notify us at [email protected] if you suspect a breach or vulnerability.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete personal information
- Delete your personal information
- Object to, or restrict, certain processing of your personal information
- Receive a portable copy of your personal information
- Withdraw consent (where we rely on consent)
To exercise any of these rights, contact us at [email protected]. We will respond within a reasonable period and, in any event, within the timeframes required by applicable law.
8. International transfers
MaxPax operates from Australia. Some of the service providers we rely on may process data in other countries. Where we transfer personal data across borders, we rely on the safeguards those providers have put in place, including standard contractual clauses where applicable.
9. Children's privacy
MaxPax is a business tool and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll update the “Last updated” date at the top of this page. For material changes, we will give you reasonable advance notice — for example, by email or an in-app notice — before the change takes effect.
11. Contact us
Questions, requests, or complaints about this policy or our data practices: