Maxify — #1 Looksmax, Rizz AI & Situationship Report

Effective Date: May 24, 2026
Last Updated: May 24, 2026

1. Introduction and Identity of the Data Controller

This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by Maxify (operated by Maxify, Patiala, Punjab, India) ("we," "us," or "our") in connection with the Maxify mobile application ("Application"). This Policy is binding upon all users of the Application and constitutes a legally enforceable agreement between the user and Maxify.

Maxify is the sole Data Controller with respect to all personal data collected through the Application. All third-party entities engaged by Maxify to process user data operate exclusively as Data Processors or Sub-processors, as defined under Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and are bound by formal Data Processing Agreements ("DPAs").

Contact: app.aifans@gmail.com | Address: Maxify, Patiala, Punjab, India

2. Scope of Data Collection

Maxify collects only the categories of personal data strictly necessary to deliver the features of the Application. The following table constitutes a complete and exhaustive disclosure of all data collected, its purpose, legal basis, and processing destination:

Data Category	Feature(s)	Processing Destination	Retention
Facial images / photographs (front and side)	GlowUp, Max Looks (Facial Scan)	OpenRouter Inc. (securely routed to OpenAI / Google Gemini API)	Deleted upon API response; not retained by sub-processors
Chat screenshots	Situationship Report / Love Vibe, Rizz / Social Mastery	OpenRouter Inc. (securely routed to OpenAI API)	Deleted upon API response; not retained by sub-processors
User-authored relationship context text	Situationship Report / Love Vibe	OpenRouter Inc. (securely routed to OpenAI API)	Deleted upon API response; not retained by sub-processors
Text prompts	Rizz / Social Mastery	OpenRouter Inc. (securely routed to OpenAI API)	Deleted upon API response; not retained by sub-processors
Profile photographs	Maxify, Mog Battles (Android)	Maxify secure servers	Retained until user resets Maxify link or deletes account
Approximate location data (city/area level only)	Maxify sender-hint feature	Maxify secure servers	Retained until user resets Maxify link or deletes account
Anonymous Device ID	All features, purchase verification	Maxify servers, RevenueCat	Retained until user initiates account deletion
Purchase receipt data	Subscription management	RevenueCat	Managed per RevenueCat's Privacy Policy

Precise GPS coordinates are never collected. Location data is rounded to the city or area level prior to storage. Location data is never transmitted to any third-party AI sub-processor under any circumstances.

To the extent facial images processed through the Application constitute biometric information under applicable state law (such as Illinois BIPA or Texas CUBI), such data is processed solely for the purposes described herein and is not sold, leased, or traded.

3. Third-Party AI Sub-Processors and Explicit Consent

3.1 Identity of Sub-Processors

Maxify engages the following entity as a formal Data Sub-processor under Article 28 GDPR for the sole purpose of generating AI-powered analysis:

OpenRouter Inc. — Processes text prompts, relationship context, chat screenshots, and facial images (routing them securely to underlying models such as OpenAI and Google Gemini via zero-data-retention APIs).

Our sub-processor is bound by a Data Processing Agreement contractually prohibiting: (a) use of processed data for any purpose other than generating the requested output; (b) retention of data beyond the duration of the API transaction; and (c) use of any processed data for the training, fine-tuning, or improvement of AI models.

3.2 Mandatory In-App Consent

Pursuant to Apple App Store Review Guideline 5.1.2(i) (revised November 13, 2025) and Google Play Developer Policy, Maxify obtains explicit, affirmative, informed consent from the user prior to the first transmission of any personal data to a third-party AI sub-processor. This consent is obtained via an in-app disclosure screen that:

Identifies the specific data type to be transmitted (e.g., photograph, text, screenshot)
Names the specific sub-processor(s) that will receive the data
States that the data will not be retained after processing
Provides the user with a clear option to decline

Users who decline consent will not have their data transmitted and will not be able to access the relevant AI-powered feature. Consent may be withdrawn at any time via Application Settings → Privacy. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal.

3.3 Legal Basis for Processing

Data Type	Legal Basis (GDPR)
AI-processed data (photos, text, screenshots)	Article 6(1)(a) — Explicit consent
Location data for Maxify	Article 6(1)(b) — Performance of contract / feature delivery
Device ID and purchase data	Article 6(1)(b) — Performance of contract
Usage analytics	Article 6(1)(f) — Legitimate interests

4. Data Storage, Security, and Retention

4.1 Security Measures

All data transmitted between the Application and Maxify servers or sub-processors is encrypted in transit using TLS 1.2 or higher. Data stored on Maxify servers is protected using AES-256 encryption at rest. Access to server infrastructure is restricted to authorized personnel only, under strict access controls and audit logging.

4.2 Retention Schedule

AI-processed data (photos, screenshots, text): Not retained beyond the duration of the API request. Sub-processors do not store this data.
Maxify and Mog Battles profile images: Retained on Maxify servers until the user resets their Maxify link or executes account deletion.
Approximate location data: Retained on Maxify servers until the user resets their Maxify link or executes account deletion.
Device ID: Retained until account deletion is initiated by the user.
Local application data: Stored on-device and deleted automatically upon uninstallation of the Application.

5. Cookies and Tracking Technologies

We do not use tracking cookies, advertising cookies, or tracking pixels on our website (maxify.app) or within the Application. We do not track your activity across third-party websites.

To prevent abuse, fraud, and duplicate submissions on rating features or anonymous Q&A (such as Maxify or Mog Battles), we utilize FingerprintJS. This technology generates an anonymous, unique device identifier (fingerprint hash) based on your browser and device characteristics. This fingerprint is processed solely for security, rate-limiting, and anti-abuse verification purposes, and is not associated with your personal identity or used for behavioral profiling.

6. User Rights and Exercise of Rights

Users retain the following rights with respect to their personal data, exercisable at any time:

Right of Access (GDPR Article 15 / CCPA): The right to request disclosure of all personal data held by Maxify associated with the user's Device ID.
Right to Erasure (GDPR Article 17 / CCPA): The right to permanent deletion of all server-side data. Exercised via the "Delete Account" function in Application Settings. This action is immediate and irreversible.
Right to Withdraw Consent (GDPR Article 7(3)): The right to withdraw consent to AI sub-processor data transmission at any time via Application Settings → Privacy. Withdrawal disables the relevant AI features but does not otherwise affect the user's account or purchases.
Right to Data Portability (GDPR Article 20): The right to receive a copy of data held by Maxify in a structured, machine-readable format. Requests submitted to app.aifans@gmail.com.
Right to Object (GDPR Article 21): The right to object to processing based on legitimate interests.
Right to Know (CCPA): The right to know what categories of personal information are collected, used, shared, or sold.

To exercise any of the above rights, use the in-app "Delete Account" function or contact app.aifans@gmail.com. Because Maxify operates on an anonymous Device ID basis, users must provide their Device ID to enable identification and fulfillment of requests.

7. California Consumer Privacy Rights (CCPA/CPRA) "Do Not Sell or Share" Declaration

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have specific privacy rights. We do not sell your personal information or biometric data to third parties for monetary or other valuable consideration, nor do we share or transfer your data for cross-context behavioral advertising.

Because no such sales or sharing activities occur, Maxify does not provide a "Do Not Sell or Share My Personal Information" link on our services. We only disclose personal information to the third-party AI sub-processor and service providers identified in this Policy for the business purposes described herein, subject to appropriate processing agreements.

8. Data Sharing and Disclosure

Maxify does not sell, rent, or otherwise disclose personal data to independent third parties for commercial, advertising, or marketing purposes. Data is shared only with the following categories of recipients, and only to the extent described in this Policy:

AI Sub-processor (OpenRouter Inc.): Solely for real-time generation of AI analysis as described in Section 3.
RevenueCat Inc.: Solely for subscription and purchase receipt management. Credit card and payment data is handled exclusively by Apple and Google; Maxify and RevenueCat receive only a secure confirmation of purchase.
Law enforcement or regulatory authorities: Only where required by applicable law, court order, or regulatory obligation, and only to the minimum extent required.

9. Children's Privacy and Age Compliance

The Application is strictly intended for users aged 18 and older. Maxify does not knowingly collect or solicit personal data from anyone under the age of 18. If we become aware that we have collected personal data from a minor under the age of 18, we will take immediate steps to delete such data and terminate the associated account.

10. Governing Law and Jurisdiction

This Policy and any dispute arising out of or in connection with it shall be governed by, and construed in accordance with, the same governing law specified in our Terms of Service (EULA). Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction and dispute resolution mechanisms set forth in the Terms of Service.

11. Amendments to This Policy

Maxify reserves the right to amend this Policy at any time. Users will be notified of material amendments via in-app notification prior to the effective date of such changes. Continued use of the Application following the effective date of an amendment constitutes acceptance of the revised Policy. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision.

12. Contact and Complaints

For any privacy-related inquiries, requests, or complaints, contact:
Email: app.aifans@gmail.com
Address: Maxify, Patiala, Punjab, India

Users in the European Economic Area who believe their data protection rights have been violated may lodge a complaint with the relevant supervisory authority in their member state.