Skip to main content
Robot Labs Inc. Last updated: April 14, 2026

1. Overview

This Privacy Policy describes how Robot Labs Inc. (“Robot Labs,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal data when you use the Maximus browser extension and website (together, “the Service”). We collect only what we need. We tell you what we do with it. And we give you control over it. If you have questions about this policy or your data, contact us at legal@maximus.trade.

2. Data Controller

The data controller responsible for your personal information is: Robot Labs Inc. 74 E Glenwood Ave, Unit 5377 Smyrna, DE 19977-1002 United States Email: legal@maximus.trade

3. Who This Policy Applies To

This policy applies to all users of Maximus, regardless of where you are located. Where applicable, we comply with:
  • The EU General Data Protection Regulation (GDPR)
  • The UK GDPR
  • The California Consumer Privacy Act (CCPA / CPRA)
  • Other applicable data protection laws in jurisdictions where we operate

4. What We Collect

Information you provide directly

Email address Collected when you join the waitlist or register an account. Used to create your account, communicate product updates, and respond to support requests. Wallet address Collected when you connect your cryptocurrency wallet to the Maximus extension. Used to associate your account with your on-chain activity and deliver features that depend on your trading context.

Information collected automatically

Website usage data (via Google Analytics) When you visit maximus.trade, Google Analytics collects anonymized data including pages visited, session duration, browser type, device type, and IP address. IP addresses are anonymized before storage. This data helps us understand how people find and use our website. AI interaction data When you use Maximus’s conversational features — asking questions, issuing commands through the Magic Bar or Ask Maximus prompt — those interactions are logged. We use this data to review quality, identify errors, and improve the AI’s responses over time. We do not use your interactions to train third-party models without your consent. Extension usage data General usage patterns within the extension: which features are used, how often, and error logs. This does not include the content of your trades.

What we do not collect

  • Private keys or seed phrases. We never request these and you should never share them.
  • Credit card or bank account information. Payments are currently made in USDC on-chain. No credit card data passes through our systems.
  • The content of your trades. Trade execution happens on HyperLiquid’s network. We receive only the information necessary to display your data within the Maximus interface.

On-chain data

Your wallet address and on-chain transactions are public by nature of the blockchain. We do not control this data. It exists on the HyperLiquid network and is accessible to anyone with the wallet address.

5. How We Use Your Data

We use your data to:
  • Provide, operate, and maintain the Service
  • Authenticate your account and maintain your session
  • Process USDC payments for pay-as-you-go access
  • Review and improve AI interaction quality
  • Analyze usage patterns to improve the product
  • Send product updates and service communications (you can opt out at any time)
  • Respond to support and data requests
  • Detect and prevent fraud or misuse of the Service
  • Comply with applicable laws and legal obligations
We do not sell your personal data. We do not use your data for advertising. If you are in the European Economic Area or UK, we process your personal data under the following legal bases:
Processing activityLegal basis
Account creation and service deliveryContract performance — Article 6(1)(b)
Wallet connection and feature deliveryContract performance — Article 6(1)(b)
AI interaction quality reviewLegitimate interests — Article 6(1)(f)
Website analyticsLegitimate interests — Article 6(1)(f)
Marketing and product communicationsConsent — Article 6(1)(a)
Legal compliance and fraud preventionLegal obligation / Legitimate interests — Article 6(1)(c) and (f)
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights, given the limited sensitivity of the data involved and the reasonable expectations of users of a trading tool. You have the right to object to processing based on legitimate interests. See Section 10.

7. Data Storage and Security

Your data is stored on servers provided by Amazon Web Services (AWS), in the eu-central-1 region located in Frankfurt, Germany. This means your data is stored within the European Economic Area (EEA). AWS maintains SOC 2 Type II certification and ISO 27001 certification. We implement the following security measures:
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS.
  • Encryption at rest: Data stored on AWS is encrypted at rest using AES-256.
  • Access controls: Access to personal data is limited to personnel who require it to perform their role. Access is logged.
  • Vendor controls: All third-party processors are bound by data processing agreements.
No system is completely secure. If you discover a security vulnerability, contact us immediately at legal@maximus.trade.

8. Who We Share Your Data With

We share personal data only with the following service providers, and only to the extent necessary for them to deliver their services to us.

Third-party processors

Anthropic We use Anthropic’s AI models to power Maximus’s conversational and analytical features. When you interact with Maximus’s AI, the content of those interactions is processed by Anthropic’s infrastructure. This is governed by Anthropic’s Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) for EU data transfers. Anthropic’s DPA is available at anthropic.com/legal/data-processing-addendum. Amazon Web Services AWS provides our cloud infrastructure. All personal data stored by Robot Labs is hosted on AWS. This is governed by the AWS Data Processing Addendum. Google Analytics We use Google Analytics to collect anonymized website usage data. Google participates in the EU-US Data Privacy Framework. You can opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout. We may disclose your data if required by law, court order, or government authority, or if we reasonably believe disclosure is necessary to protect our rights, our users, or the public.

Business transfers

If Robot Labs is acquired, merged, or undergoes a restructuring, your data may be transferred to the successor entity. We will notify you before any such transfer occurs, and your rights under this policy will continue to apply. We do not sell personal data to any third party.

9. Data Retention

We retain your personal data only for as long as necessary to provide the Service and meet our legal obligations.
Data typeRetention periodBasis
Account information (email, wallet address)Duration of account, plus 2 years after account deletionService delivery and legal compliance
AI chat interaction logs12 months on a rolling basisQuality assurance cycle
Website analytics data26 months (Google Analytics default)Product improvement
Extension usage and error logs90 daysDebugging and monitoring
Legal and financial records7 yearsLegal and tax obligations
When the applicable retention period ends, data is securely deleted or anonymized so it can no longer be attributed to an individual.

10. Your Rights

Depending on where you are located, you have the following rights over your personal data.

All users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate data.
  • Deletion: Request that we delete your data. Note that on-chain data (wallet addresses, transactions) is public and cannot be deleted.
  • Portability: Receive your data in a machine-readable format (JSON or CSV).

EU and UK users (GDPR / UK GDPR)

All of the above, plus:
  • Restrict processing: Ask us to pause or limit how we use your data while a request is being assessed.
  • Object to processing: Object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.
  • Withdraw consent: Where processing is based on consent (e.g., marketing emails), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.

California users (CCPA / CPRA)

  • Know what personal information we collect, use, disclose, and share.
  • Delete your personal information.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information.
  • Non-discrimination: exercising your rights will not result in different service or pricing.

How to submit a request

Email legal@maximus.trade with your full name, the email address associated with your account, and a description of your request. We will verify your identity before processing the request and respond within 30 days. For complex requests, we may extend this period by a further 30 days and will inform you if so. EU and UK users: If you believe we are processing your data in violation of applicable law, you have the right to lodge a complaint with your local data protection authority. In the EU, a list of supervisory authorities is available at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner’s Office (ico.org.uk).

11. Cookies

What we use cookies for

Cookie typePurposeConsent required
Essential cookiesSession management and security. Required for the Service to function.No
Analytics cookiesGoogle Analytics — understanding how visitors use maximus.trade.Yes (EU and UK users)

Managing cookies

EU and UK users will be presented with a cookie consent banner on first visit. You can adjust your preferences at any time through the cookie settings link in the footer of our website. All users can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout, or by adjusting your browser’s cookie settings.

12. International Data Transfers

Robot Labs is based in the United States, but your personal data is stored on AWS infrastructure in Frankfurt, Germany (eu-central-1), within the European Economic Area. For EU and UK users, this means your data does not leave the EEA for storage purposes. Where data is processed by third-party services outside the EEA — including Anthropic (United States) and Robot Labs personnel accessing data from the US — we ensure appropriate safeguards are in place:
RecipientLocationTransfer mechanism
Amazon Web Services (storage)Frankfurt, Germany (EEA)No transfer — data remains in EEA
AnthropicUnited StatesStandard Contractual Clauses (SCCs), via Anthropic’s Commercial Terms DPA
Google AnalyticsUnited StatesEU-US Data Privacy Framework
Robot Labs Inc. (staff access)United StatesStandard Contractual Clauses (SCCs), via AWS Data Processing Addendum

13. Children’s Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from someone under 18, contact us at legal@maximus.trade and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this document. For material changes that affect your rights, we will notify you by email or in-app notice at least 14 days before the change takes effect. Your continued use of the Service after an update constitutes acceptance of the revised policy.

15. Contact

For privacy questions, data requests, or complaints: Robot Labs Inc. 74 E Glenwood Ave, Unit 5377 Smyrna, DE 19977-1002 United States Email: legal@maximus.trade We aim to acknowledge all privacy enquiries within 2 business days and resolve them within 30 days.