your data is yours.

Effective: May 1, 2026 Last updated: May 1, 2026

this policy explains what data Maximo collects when you install the app, what we do with it, and what we will never do with it. plain language, no dark patterns. if anything is unclear, email privacy@getmaximo.ai and we'll fix the wording.

The short version

we collect store data to sync your catalog and track conversions. we never sell it. we never use your individual customer data, store data, or product data to train shared AI models. you can export or delete everything at any time.

Who we are
What we collect
How we use it
Who we share it with
AI & training data
Security & storage
Your rights
Cookies & tracking
Retention
Changes to this policy
Contact

01 Who we are

Maximo is a Shopify app operated by mthd studio, llc., a Delaware limited liability company. when this policy says "we", "us", or "Maximo", we mean mthd studio, llc.

our registered address and a contact email are listed at the bottom of this page.

02 What we collect

From your Shopify store

once you install Maximo and grant access, we read:

product data — titles, descriptions, prices, images, variants, inventory, metafields, and collections
order data — line items, totals, currency, customer location (country / region), and order timestamps. we do not retrieve full customer PII (names, emails, addresses) unless required for a specific tracking integration you enable, and only the minimum needed for that integration
shop configuration — your domain, currency, locale, and which sales channels you have connected

From your ad platform accounts

when you connect Google, Meta, or TikTok, we receive read/write access to specific ad and catalog endpoints. we use this access only to publish feeds and conversion events on your behalf.

From your website visitors (via the Maximo pixel)

if you install our first-party tracking pixel, we collect:

a first-party visitor identifier stored on your subdomain
page views, product views, add-to-cart, checkout, and purchase events
browser metadata (user agent, viewport, referrer)

we do not collect any data that would let us identify a visitor outside the context of your store.

03 How we use it

we use the data we collect for one purpose: to operate the Maximo product for your store. specifically:

building and syncing your product catalogs to Google Merchant Center, Meta Catalog, and TikTok Shop
publishing conversion events to ad platforms via their server APIs (Google Ads, Meta CAPI, TikTok Events API)
generating channel-specific AI suggestions on titles, descriptions, and attributes — scoped to your products, with results visible only inside your shop's Maximo dashboard
sending you operational emails (account, billing, security)
diagnosing issues you report

05 AI & training data

Commitment

your individual store data, product data, customer data, and order data are never used to train shared AI models — ours or anyone else's. ever.

Maximo uses third-party LLMs (currently OpenAI and Anthropic) to generate product suggestions. our enterprise contracts with these providers explicitly prohibit them from training on data we send via the API.

we may build Maximo-internal models trained on aggregate, anonymized signal — for example, "products with X attribute structure tend to perform better on PMAX." these models never contain identifiable store, product, customer, or order data, and never produce output specific to one merchant's catalog.

if you would prefer Maximo not use any AI features at all, you can disable them entirely in your shop settings. the rest of Maximo (catalog sync, tracking) continues to work without them.

06 Security & storage

data is encrypted in transit (TLS 1.2+) and at rest (AES-256). access to production systems is restricted to a small number of Maximo engineers, audited, and gated by hardware 2FA.

data is stored in AWS regions in the United States and the European Union. for EU and UK merchants, all data is processed and stored in the EU. we have a Data Processing Addendum (DPA) available on request — email privacy@getmaximo.ai.

we report a security incident within 72 hours of confirmation, in line with GDPR Article 33 and Shopify partner obligations.

07 Your rights

regardless of where you're located, you can:

access — request a copy of all data Maximo holds about your store
export — download your catalog, suggestion history, and event logs at any time from your settings
correct — fix any data we hold
delete — uninstall the app or email privacy@getmaximo.ai to wipe everything within 30 days
portability — receive your data in a structured, machine-readable format

under GDPR (EU/UK), CCPA/CPRA (California), and similar regimes, you may also lodge a complaint with your local data protection authority. but we'd much rather you tell us first.

08 Cookies & tracking

the Maximo admin app uses session cookies for authentication only. no analytics cookies, no marketing cookies.

the Maximo pixel — installed only if you choose to enable first-party tracking on your storefront — sets a first-party cookie on your subdomain to identify returning visitors for the purpose of attributing their conversions. this cookie is governed by your store's own cookie banner and consent flow, not ours.

09 Retention

active store data — retained while you're an active Maximo customer
conversion events — retained for 24 months for attribution windows, then deleted
AI suggestion history — retained for 12 months, then deleted
billing records — retained for 7 years (legal/tax requirement)
uninstalled stores — all non-billing data deleted within 30 days of uninstall

10 Changes to this policy

if we make material changes, we'll email the primary contact on your Maximo account at least 30 days before they take effect. we'll also post a changelog at getmaximo.ai/privacy/changelog. continued use of Maximo after the effective date means you accept the updated policy.

11 Contact

privacy questions: privacy@getmaximo.ai
everything else: hi@getmaximo.ai