iammax
Legal

Privacy Policy

Last updated: 22 May 2025

iammax (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our registered address is in Manchester, England. If you have any questions about this policy, contact us at privacy@iammax.com.

1. Data We Collect

Account data

When you create an account, we collect your email address and, if you choose to provide it, your full name and skin type preferences. This information is stored securely using Supabase, our database provider.

Purchase data

When you place an order, we collect your delivery address, order contents, and payment reference. Payment card data is processed directly by our payment provider and is never stored on our servers.

AI analysis data

When you use our AI analysis feature, you upload a photograph. This photograph is transmitted to Anthropic (the provider of Claude, the AI model we use) for the purpose of generating your personalised analysis. We do not store your photographs on our servers after your analysis is complete. Please refer to our AI Disclosure for full detail.

Usage data

We collect standard server logs including your IP address, browser type, and pages visited. This data is used solely to maintain the security and performance of our platform.

2. Why We Use Your Data

  • To create and manage your account
  • To process and fulfil your orders
  • To deliver your personalised AI analysis and product recommendations
  • To send you transactional emails (order confirmations, shipping updates)
  • To improve our platform and services
  • To comply with our legal obligations

We will only contact you for marketing purposes if you have explicitly opted in. You can withdraw consent at any time by emailing privacy@iammax.com.

3. Legal Basis for Processing

  • Contract performance — processing your orders and delivering your purchases
  • Legitimate interests — platform security, fraud prevention, improving our services
  • Consent — marketing communications and AI analysis of photographs
  • Legal obligation — tax records, regulatory compliance

4. How Long We Keep Your Data

  • Account data is retained for as long as your account is active
  • Order records are retained for 7 years for tax and legal compliance
  • Analysis photographs are not retained after your session ends
  • Marketing consent records are kept for 3 years after last interaction

5. Who We Share Data With

We do not sell your data. We share data only with:

  • Supabase — our secure database and authentication provider
  • Anthropic — provider of the Claude AI model used for analysis
  • Payment providers — for secure transaction processing
  • Delivery partners — to fulfil and ship your orders
  • Legal and regulatory authorities — where required by law

All third-party providers are bound by data processing agreements and are required to protect your data to the same standard we do.

6. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to how we process your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time where we rely on consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at privacy@iammax.com. We will respond within 30 days.

7. Cookies

We use cookies to keep you signed in and to understand how our platform is used. See our Cookie Policy for full detail.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email if you have an account with us. The date at the top of this page reflects the most recent revision.