Skip to content

Draft — pending legal review before GA

Privacy notice

MaxoPerf collects the minimum data needed to operate a reliable, secure load-testing platform. This notice explains what we collect, why, how long we keep it, and your rights as a data subject.

1. Who we are

MaxoPerf is a performance-testing platform that lets engineering teams run load tests, inspect results, and integrate testing into CI/CD pipelines. References to "MaxoPerf", "we", "us", or "our" in this notice refer to the company operating the platform at maxoperf.com.

For questions about this notice or to exercise your rights, contact us at privacy@maxoperf.com.

2. What data we collect

Account and identity data

When you create an account we collect your name, email address, and, where applicable, your organisation name. Identity verification is delegated to our authentication provider; we store only the resulting user identifier and profile metadata.

Usage and test data

We store the test scripts, configurations, load profiles, and results you upload or generate through the platform. This includes run metrics (latency, throughput, error rates), runner logs, and any labels or notes you attach to runs. You control this data and can delete it at any time.

Technical and diagnostic data

We collect IP addresses, browser user-agent strings, and request logs for security, abuse prevention, and platform diagnostics. We use structured logging and distributed tracing internally; traces are not shared with third parties for advertising purposes.

Billing data

Payment card details are processed directly by our payment processor and are never stored on MaxoPerf infrastructure. We retain billing records (invoice amounts, plan tier, transaction IDs) for accounting and tax compliance.

Communications data

If you contact support or respond to a survey, we store those communications to help us resolve issues and improve the platform.

3. How we use your data

4. Legal basis for processing (GDPR)

For users in the European Economic Area and United Kingdom we process personal data under the following bases:

5. Data retention

6. Subprocessors and international transfers

We use a small number of subprocessors to deliver the platform — including cloud infrastructure, authentication, payment processing, error tracking, and email delivery providers. A current list of subprocessors is maintained at maxoperf.com/legal/subprocessors/ (to be published before GA).

Where personal data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses or equivalent transfer mechanisms as approved by the relevant supervisory authority.

7. Your rights

Depending on your jurisdiction you may have the right to: access the personal data we hold about you; correct inaccurate data; erase your data (right to be forgotten); restrict or object to processing; receive your data in a portable format; and withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@maxoperf.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data-protection supervisory authority.

California residents (CCPA/CPRA): you have the right to know what personal information we collect and share, to delete your information, to opt out of the sale or sharing of personal information (we do not sell or share personal information for advertising), and to non-discrimination for exercising these rights.

8. Cookies and tracking

The marketing site uses a minimal set of cookies: session cookies required for navigation, and optional analytics cookies (with your consent). The platform console uses session and authentication cookies required for service delivery. No cross-site advertising trackers are deployed.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.2+), encryption at rest, access controls, audit logging, and vulnerability management. No system is perfectly secure; if you discover a security issue, please report it via our responsible disclosure process at maxoperf.com/security/.

10. Changes to this notice

We may update this notice to reflect changes in our practices or applicable law. Material changes will be communicated by email to account holders at least 30 days before they take effect. The date of the most recent revision appears at the top of this page.

Last revised: 2026-06-15 (draft — not yet in effect)