Max

Max Good

Essential Avatar and Enterprise Subscription Security and Privacy

This policy applies to Essential Avatar and Enterprise subscriptions.

Our overall commitment is to ensure that data privacy is maintained for all individual users of our system, all business users of our system and that security best-practices for SAAS software systems are followed.

Personal Information

Our standard privacy policy applies with the following additional features in the Essential Avatar and Enterprise subscription:

  • The interactions individuals have with MaxGood.work are private between those individuals and Max Good, AI Coach. Only an individual person's notarized, written permission related to a specific interaction or interactions will allow MaxGood.work to share that interaction data with the individual's subscribing organization or if the individual chooses to interact with Max Good, AI Coach through non-private means such as a corporate email server, messaging system or other integration with a corporate system.
  • In user interactions with Max Good, AI Coach, email addresses and phone numbers are automatically anonymized before we send it to third-party AI/ML systems and de-anonymized in the responses we generate to the user.
  • Summary level, non-PII may be accessed by the subscribing organization in the form of reports and analysis.

Encryption

The data and content provided by subscribing organizations in the course of setup and operation of their accounts is, whenever possible transmitted between the subscribing organization and MaxGood.work. In particular:

  • All information in transit through the MaxGood.work website or other future tools such as mobile applications is encrypted from the front end, through to the back-end servers and to third-party systems.
  • Passwords are never stored in plaintext - they are always stored as hashes.
  • On the servers themselves, all user interaction information and subscribing organization reference information is stored in plaintext (non-encrypted) as required by the Large Language Model systems that underlie the capabilities of Max Good, AI Coach. However, we are in the process of converting to the use of encrypted volumes for database storage so that data is encrypted at rest as well as in transit.

Data Retention

When managing data, the subscribing organization always has full control to delete data at will in the self-serve organizational “dashboard” when such data is fully under the control of MaxGood.work:

  • Users and any meta-data associated with those users including user account data, user interaction data, and user activity meta-data.
  • Uploaded organizational reference information (e.g. corporate employee handbooks).
  • The organizational account information.

Note that individual members of a subscribing organization that are interacting with Max Good, AI Coach have no ability to delete their data.

Data that is passed through organizational systems such as email servers, messaging systems or other integrated systems may be retained by the subscribing organization based on their data retention policies, and MaxGood.work has no control over how this data is deleted.

All deletion activities are immediate and permanent. Note that an archiving function is also available which removes users and data from active use in the operation of Max Good, AI Coach.

At this time, MaxGood.work does not perform automated backups of customer data.

Security

Security is built into MaxGood.work's product development and testing right from the start. We:

  • Design and code with security in mind.
  • Perform extensive manual and automated testing.
  • Monitor production systems for problems.
  • Rely on proven third-party tools and systems to add security.
  • Expect attacks at every possible surface of our system.

To that end, we expect that the security of our customer's data is on par with other well-managed SAAS systems.

In the event that we become aware of a data breach and know it's scope (even as that awareness and knowledge of scope evolves) we notify all users and customers affected with whatever information we have about the breach that will allow users and customers to take appropriate action.

Training Data

At no time is user data or client data used to train internal or 3rd party systems. Your data is only used to improve the performance of Max Good, AI Coach on a just-in-time basis and only for your users, never for users outside of the subscribing organization. When you remove your data, it can no longer influence or affect the performance of Max Good, AI Coach.