Privacy Policy

Last Updated: April 23, 2026

1. Introduction

MAXXLIFE ("the App," "we," "us," or "our") is a personal health and peptide tracking application. We take your privacy seriously, especially because the data you log here is sensitive. This Privacy Policy explains what we collect, why, who we share it with, how long we keep it, and what rights you have.

If you have any questions, reach us at privacy@maxxlife.fit. A physical mailing address is available on request.

2. Data We Collect

We collect the following categories of information:

  • Account information: email address, name, and profile details you provide at sign-up or later.
  • Health data: peptide and supplement logs (name, dose, timing, notes), body weight, goals, age, sex, height, workouts, nutrition, hydration, and related metrics you enter yourself.
  • Sleep and recovery data: metrics synced from connected wearables (Oura Ring, WHOOP), such as sleep stages, HRV, resting heart rate, SpO2, body temperature, and readiness or recovery scores. We only access this data after you explicitly authorize it through the device's OAuth flow.
  • AI chat transcripts: the messages you send to, and receive from, the in-app AI assistant. These are stored so you can review past conversations and so the assistant has context.
  • Usage and device data: pages visited, features used, browser type, operating system, and device identifiers for functionality, analytics, and troubleshooting.

3. Third Parties We Share Data With

We do not sell your data. We share limited data with the following service providers, only as needed to run the App:

  • Supabase: database hosting, authentication, and storage. Your account and health data live here.
  • Anthropic: powers the in-app AI assistant. When you send a message to the assistant, the relevant prompt and context is sent to Anthropic's API to generate a response. Anthropic processes this data under their own privacy terms and does not train their models on your data by default.
  • Oura and WHOOP: we hold OAuth tokens to read your wearable data on your behalf. We do not send your MAXXLIFE data back to these providers. You can disconnect at any time.
  • Vercel: web application hosting and deployment infrastructure.

We do not share your data with insurance companies, employers, or data brokers. We do not share your data with government agencies unless we are legally compelled to (for example, by a valid court order or subpoena).

4. Security

We use standard security practices to protect your data: TLS encryption in transit, encryption at rest on our database provider, and role-based access controls so only authorized systems and personnel can reach production data. No system is perfect, but we treat your health data as sensitive and design accordingly.

5. Data Retention and Deletion

We keep your data for as long as your account is active. If you delete your account, we remove your personal data from our production systems within 30 days. Backups that include your data are rotated out on a rolling basis and fully purged within 90 days. Some anonymized or aggregated data (which cannot be tied back to you) may be retained for product analytics.

You can request account and data deletion at any time from within the App or by emailing privacy@maxxlife.fit.

6. International Data Transfers

MAXXLIFE is operated from, and your data is processed and stored in, the United States. If you are accessing the App from outside the US, including from the European Union or United Kingdom, your data will be transferred to and processed in the US. By using the App, you consent to this transfer.

7. Your Rights Under GDPR (EU and UK Users)

If you are in the European Economic Area or the United Kingdom, the GDPR gives you the following rights over your personal data:

  • Access: request a copy of the data we hold about you.
  • Correction: ask us to fix data that is inaccurate or incomplete.
  • Deletion: ask us to delete your data (the "right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format, or have it transferred to another provider.
  • Objection: object to certain types of processing, including anything based on our legitimate interests.
  • Restriction: ask us to pause processing while a dispute or correction is being worked out.
  • Withdraw consent: where our processing is based on your consent, you can withdraw it at any time.
  • Lodge a complaint: file a complaint with your local data protection supervisory authority if you believe we have mishandled your data.

To exercise any of these rights, email privacy@maxxlife.fit. We will respond within 30 days.

8. Your Rights Under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act gives you the following rights:

  • Right to know: what personal information we collect, use, and share.
  • Right to delete: personal information we have collected from you.
  • Right to correct: inaccurate personal information.
  • Right to opt out of sale: of your personal information. Note: MAXXLIFE does not sell personal information, and has never done so.
  • Right to non-discrimination: we will not deny, charge different prices for, or provide a lower quality of service because you exercise any of your CCPA rights.

To exercise these rights, email privacy@maxxlife.fit. We may need to verify your identity before processing the request.

9. Children's Privacy

MAXXLIFE is intended for adults only. Because the App covers peptides, supplements, and other adult-oriented health topics, it is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 13 (in compliance with the Children's Online Privacy Protection Act, COPPA) or from minors under 18.

If you believe a child or minor has provided us with personal information, contact privacy@maxxlife.fit and we will delete it promptly.

10. Cookies and Analytics

We use cookies and similar technologies for session management, authentication, and basic product analytics so we can understand how the App is used and improve it. We do not use third-party advertising trackers or sell analytics data.

11. HIPAA Disclaimer

MAXXLIFE is not HIPAA-compliant and is not a covered entity under HIPAA. The App is a personal health tracking tool for educational purposes, not a healthcare provider, health plan, or healthcare clearinghouse. If you need HIPAA-compliant health data management, use a service specifically designed for that purpose.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you in the App, by email, or both before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

13. Contact

For any privacy-related question, data request, or to exercise your rights, contact us at privacy@maxxlife.fit. A physical mailing address can be provided on request.

Disclaimer: MAXXLIFE is not a medical provider. The information and recommendations on this platform are for educational and informational purposes only and should not be considered medical advice. We are not doctors, nurses, or licensed healthcare professionals. Always consult a qualified healthcare provider before beginning any new supplement, peptide, workout, or health protocol. If you are unsure about anything, please ask your doctor first. We are here to guide and help answer questions, not replace professional medical care.

Terms of ServicePrivacy Policy