Privacy Policy — Max Out

Last Updated: February 6, 2026

Max Out ("the App," "we," "us," or "our") is a personal productivity and wellness iOS application. This Privacy Policy describes what data we collect, how we use it, who we share it with, and your rights regarding that data.

If you have questions or concerns, contact us at:

mayottekyle@gmail.com
rseals13@gmail.com

1. Data We Collect

We organize the data we collect according to Apple's privacy nutrition label categories.

1.1 Contact Info

Data	Collected	Purpose
Name	Yes	Account creation, personalization of AI responses
Email Address	Yes	Account creation, authentication, account recovery

We do not collect your phone number, physical address, or other contact information.

1.2 Health & Fitness

With your explicit permission, we read the following data from Apple HealthKit (read-only — we never write to HealthKit):

Data	Purpose
Steps	Daily activity tracking, task recommendations
Active & Basal Energy Burned	Activity-aware scheduling
Walking/Running Distance	Fitness progress tracking
Heart Rate, Resting Heart Rate, HRV	Recovery and readiness insights
Sleep Analysis (total, deep, REM, light, quality)	Sleep-aware task scheduling
Workouts (type, duration, calories, heart rate, distance)	Automatic task verification
Weight & Height	Fitness goal context

Health and fitness data is used solely to improve your personal health management and productivity within the App. It is never used for advertising, marketing, or data mining. It is never sold to data brokers.

1.3 Location

Data	Collected	Purpose
Coarse Location (category only: home, work, gym)	Optional	Context-aware task suggestions

We store only the category of your location (e.g., "gym," "home"), not raw GPS coordinates. This feature requires your explicit permission and is optional.

1.4 Identifiers

Data	Collected	Purpose
User ID (internal UUID)	Yes	Account management
Device ID (Apple IDFV)	Yes	Push notification delivery, device management

We do not collect the Advertising Identifier (IDFA). We do not track you across other companies' apps or websites.

1.5 User Content

Data	Collected	Purpose
Chat messages	Yes	AI-powered coaching conversations
Goal descriptions (free text)	Yes	Personalized task generation
Task verification proofs (photos, videos, text)	Yes	Verifying task completion
Voice input (processed on-device)	Optional	Hands-free interaction
Uploaded documents, URLs, voice notes	Optional	Personalized knowledge base

1.6 Usage Data

Data	Collected	Purpose
Product Interaction (task completions, feature usage, onboarding steps)	Yes	Improving recommendations, tracking your progress
Screen Time & App Usage (app names, usage minutes)	Optional	Focus and digital wellness features
Notification Interactions	Yes	Optimizing notification timing

1.7 Sensitive Info

During onboarding, you may optionally provide:

Data	Purpose
Fitness level, age, sex	Fitness goal personalization
MBTI personality type	Communication style personalization

This data is provided voluntarily and is used only to personalize your experience.

1.8 Diagnostics

Data	Collected	Purpose
Performance Data	Minimal (server-side logging)	Maintaining app reliability

We do not use third-party crash reporting or analytics services.

1.9 Data We Do NOT Collect

Advertising Identifier (IDFA)
Contacts or address book
Browsing history
Financial or payment information
Precise GPS coordinates (stored server-side)
Biometric authentication data (Face ID / Touch ID are handled entirely by iOS)
Data from other apps (beyond optional screen time with your permission)

2. How We Use Your Data

We use the data described above for these purposes:

Account Management — Creating and maintaining your account, authenticating you, and enabling account deletion.
AI-Powered Coaching — Generating personalized tasks, schedules, and coaching responses based on your goals, health data, calendar, and conversation history.
Task Generation & Verification — Building daily task plans informed by your energy levels, schedule, and progress. Verifying task completion using photos, videos, or text you submit.
Health & Wellness Insights — Using HealthKit data to provide sleep-aware scheduling, recovery recommendations, and activity tracking.
Calendar Integration — Reading your calendar events (Apple Calendar and/or Google Calendar) to schedule tasks around existing commitments.
Digital Wellness — Tracking screen time and app usage (with your permission) to support focus and productivity goals.
Push Notifications — Sending task reminders, streak milestones, motivational messages, and energy check-ins.
Personalization — Adapting the AI persona's communication style to your preferences over time.
Knowledge Base — Storing documents, URLs, and notes you upload to provide contextual AI responses.

We do not use your data for:

Advertising or marketing to third parties
Selling or renting to data brokers
Building profiles for advertising purposes
Tracking you across other apps or websites

3. Third-Party Data Sharing

We share user data with the following third-party services. Each is named explicitly per Apple's requirements.

3.1 Google Gemini (AI Processing)

Provider: Google LLC (Gemini API, accessed directly)
AI Model Used: Gemini 2.5 Flash
Data Sent: Your profile context (name, persona, goals, schedule preferences), health metrics summaries, calendar event summaries, conversation history, and task context.
Purpose: Generating AI coaching responses, personalized task plans, assessments, life-shift detection, and web search grounding.
Retention by Third Party: Google processes requests in real time. Refer to Google's AI Privacy Policy for their data retention practices.

3.2 Google Gemini (Task Verification)

Provider: Google LLC (Gemini API, accessed directly)
Data Sent: Task title, task description, task category, and user-submitted proof content (photos, videos, or text).
Purpose: Automated verification of task completion using multimodal AI analysis.
Retention by Third Party: Refer to Google's AI Privacy Policy for their data handling.

3.3 Google APIs (Workspace Integration — Optional)

Provider: Google LLC
Data Sent: OAuth tokens for Google Calendar, Google Docs, and Google Drive access.
Purpose: Calendar event sync for scheduling, creating documents, and file sharing (user-initiated only).
Retention by Third Party: Google stores data per their standard terms. You can revoke access at any time through your Google Account settings.

3.4 Firebase Cloud Messaging (Push Notifications)

Provider: Google LLC (Firebase)
Data Sent: Device tokens (FCM token, APNs token), notification payloads (task title, message content).
Purpose: Delivering push notifications to your device.
Retention by Third Party: Firebase retains device tokens per Firebase's Privacy Documentation.

3.5 Apple Push Notification service (APNs)

Provider: Apple Inc.
Data Sent: Device token, notification content.
Purpose: Delivering push notifications on iOS.
Retention by Third Party: Per Apple's standard terms.

We Do NOT Share Data With:

Advertising networks
Data brokers
Analytics platforms (Firebase Analytics code exists but is disabled and does not transmit data)
Any other third parties not listed above

All third-party recipients listed above are required to provide protection of your data consistent with this Privacy Policy.

4. Data Storage & Security

Server Location: Your data is stored on our backend servers running PostgreSQL.
Encryption in Transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption.
Password Security: Passwords are hashed using bcrypt with salt rounds before storage. We never store plaintext passwords.
Authentication: Sessions are managed with JSON Web Tokens (JWT) with 7-day expiration.
OAuth Tokens: Google OAuth tokens are stored encrypted server-side and used only for the integrations you authorize.
Vector Embeddings: We generate numerical vector representations (embeddings) of your conversation memories and knowledge documents for semantic search. These are mathematical representations, not plaintext copies.

5. Data Retention

Account Data: Retained for the lifetime of your account.
Health Data: Daily summaries and metrics are retained for the lifetime of your account to enable trend analysis and personalized recommendations.
Conversation History: Retained for the lifetime of your account to maintain context for AI coaching.
Task History: Retained for the lifetime of your account for progress tracking and analytics.
Verification Proofs: Photos, videos, and text proofs are retained for the lifetime of your account.
Calendar Data: Synced calendar events are retained and updated with each sync cycle.
After Account Deletion: All data associated with your account is permanently deleted from our servers (see Section 6).

6. Account Deletion

You can delete your account at any time. When you delete your account:

All personal data is permanently deleted from our servers, including:
- Your profile and onboarding data
- All health and fitness data
- All conversation history
- All tasks and verification proofs
- All calendar data
- All knowledge base content
- All behavioral data and patterns
- All vector embeddings
- All notification preferences and device tokens
Deletion is performed via a cascading database delete, meaning all related records across all tables are removed.
What we cannot delete:
- Data already processed by third-party AI providers (Google Gemini) — refer to Google's privacy policy for their retention and deletion practices.
- Any data Apple retains independently (push notification logs, App Store purchase records).
If you used Google Sign-in for Workspace integration, we recommend also revoking Max Out's access in your Google Account permissions.

7. Your Rights

Regardless of where you live, we provide the following rights to all users:

7.1 Right to Access

You can request a copy of the personal data we hold about you by contacting us at the email addresses listed above.

7.2 Right to Deletion

You can delete your account and all associated data at any time through the App, or by contacting us directly.

7.3 Right to Correction

You can update your profile information, goals, and preferences at any time within the App. For corrections to other data, contact us.

7.4 Right to Data Portability

You can request an export of your personal data in a machine-readable format by contacting us.

7.5 Right to Withdraw Consent

You can revoke any optional permission (HealthKit, Calendar, Location, Notifications, Screen Time) at any time through iOS Settings. Revoking a permission will stop future data collection for that category but will not automatically delete previously collected data. To delete previously collected data, use the account deletion feature or contact us.

7.6 Right to Opt Out of AI Processing

If you wish to stop your data from being sent to third-party AI providers, you may delete your account. The core functionality of the App depends on AI processing, so selective opt-out of AI features while maintaining an account is not available.

8. Children's Privacy

Max Out is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will delete that data.

9. HealthKit Data — Special Protections

In compliance with Apple's HealthKit guidelines:

Health and fitness data obtained from HealthKit is never used for advertising or marketing.
Health data is never sold to data brokers or any third party.
Health data is never used for use-based data mining other than improving your personal health management within the App.
Health data shared with AI providers (Google Gemini) is limited to aggregated summaries (e.g., "slept 7 hours," "walked 8,000 steps") and is sent solely for the purpose of generating personalized health and productivity recommendations.
We do not store personal health information in iCloud.
We do not write data to HealthKit.

10. Permissions We Request

Permission	Required	Purpose
Push Notifications	Optional	Task reminders, motivational messages, streak updates
HealthKit	Optional	Health-aware scheduling and fitness tracking
Calendar (EventKit)	Optional	Scheduling tasks around existing events
Location	Optional	Context-aware suggestions (gym, home, work)
Microphone	Optional	Voice input for hands-free interaction
Camera / Photo Library	Optional	Task verification proof uploads
Screen Time	Optional	Digital wellness and focus features

You can deny any optional permission without losing access to the core features of the App. You can change permissions at any time in iOS Settings.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other means before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: mayottekyle@gmail.com
Email: rseals13@gmail.com

13. Apple App Store Privacy Nutrition Label Summary

For your reference, the following summarizes what we declare in the App Store privacy nutrition labels:

Data Linked to You

Contact Info (name, email)
Health & Fitness (all HealthKit metrics listed in Section 1.2)
Identifiers (user ID, device ID)
User Content (chat messages, goals, verification proofs)
Usage Data (product interaction, screen time, notification interactions)
Location (coarse)

Data Used for App Functionality

All data collected is used for App functionality and personalization. No data is used for tracking or third-party advertising.

Data NOT Used to Track You

We do not track you across other companies' apps or websites. We do not collect the IDFA. We do not share data with advertising networks or data brokers.