Draft — pending legal review before GA
Privacy notice
MaxoPerf collects the minimum data needed to operate a reliable, secure load-testing platform. This notice explains what we collect, why, how long we keep it, and your rights as a data subject.
1. Who we are
MaxoPerf is a performance-testing platform that lets engineering teams run load tests, inspect results, and integrate testing into CI/CD pipelines. References to "MaxoPerf", "we", "us", or "our" in this notice refer to the company operating the platform at maxoperf.com.
For questions about this notice or to exercise your rights, contact us at privacy@maxoperf.com.
2. What data we collect
Account and identity data
When you create an account we collect your name, email address, and, where applicable, your organisation name. Identity verification is delegated to our authentication provider; we store only the resulting user identifier and profile metadata.
Usage and test data
We store the test scripts, configurations, load profiles, and results you upload or generate through the platform. This includes run metrics (latency, throughput, error rates), runner logs, and any labels or notes you attach to runs. You control this data and can delete it at any time.
Technical and diagnostic data
We collect IP addresses, browser user-agent strings, and request logs for security, abuse prevention, and platform diagnostics. We use structured logging and distributed tracing internally; traces are not shared with third parties for advertising purposes.
Billing data
Payment card details are processed directly by our payment processor and are never stored on MaxoPerf infrastructure. We retain billing records (invoice amounts, plan tier, transaction IDs) for accounting and tax compliance.
Communications data
If you contact support or respond to a survey, we store those communications to help us resolve issues and improve the platform.
3. How we use your data
- Service delivery: run tests, store results, send alerts, and provide the console and API.
- Security and abuse prevention: detect and block unauthorised access, rate-limit misuse, and investigate incidents.
- Billing and compliance: process payments, issue invoices, and meet tax obligations.
- Product improvement: analyse aggregated, de-identified usage patterns to prioritise features. We do not sell individual usage data.
- Communications: send transactional emails (account events, run alerts) and, where you have opted in, product updates and announcements.
4. Legal basis for processing (GDPR)
For users in the European Economic Area and United Kingdom we process personal data under the following bases:
- Contract performance — account, test, and billing data required to deliver the service you signed up for.
- Legitimate interests — security logging, abuse prevention, and aggregated analytics, balanced against your privacy interests.
- Legal obligation — billing records retained for statutory accounting periods.
- Consent — optional marketing communications; you may withdraw consent at any time.
5. Data retention
- Account data: retained while your account is active and for 90 days after account closure.
- Test scripts and run results: retained for the duration of your subscription and deleted on account closure unless you export them first.
- Security and access logs: retained for 12 months.
- Billing records: retained for 7 years to meet accounting obligations.
6. Subprocessors and international transfers
We use a small number of subprocessors to deliver the platform — including cloud infrastructure, authentication, payment processing, error tracking, and email delivery providers. A current list of subprocessors is maintained at maxoperf.com/legal/subprocessors/ (to be published before GA).
Where personal data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses or equivalent transfer mechanisms as approved by the relevant supervisory authority.
7. Your rights
Depending on your jurisdiction you may have the right to: access the personal data we hold about you; correct inaccurate data; erase your data (right to be forgotten); restrict or object to processing; receive your data in a portable format; and withdraw consent where processing is based on consent.
To exercise any of these rights, email privacy@maxoperf.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data-protection supervisory authority.
California residents (CCPA/CPRA): you have the right to know what personal information we collect and share, to delete your information, to opt out of the sale or sharing of personal information (we do not sell or share personal information for advertising), and to non-discrimination for exercising these rights.
8. Cookies and tracking
The marketing site uses a minimal set of cookies: session cookies required for navigation, and optional analytics cookies (with your consent). The platform console uses session and authentication cookies required for service delivery. No cross-site advertising trackers are deployed.
9. Security
We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.2+), encryption at rest, access controls, audit logging, and vulnerability management. No system is perfectly secure; if you discover a security issue, please report it via our responsible disclosure process at maxoperf.com/security/.
10. Changes to this notice
We may update this notice to reflect changes in our practices or applicable law. Material changes will be communicated by email to account holders at least 30 days before they take effect. The date of the most recent revision appears at the top of this page.
Last revised: 2026-06-15 (draft — not yet in effect)