ModelMax
ModelMax Protocol

ModelMax Privacy Policy

Last Updated: April 9, 2026

Clink Lab Limited ("Company", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you access or use the ModelMax platform and related services (the "Service"), visit our website at https://www.modelmax.io, or otherwise interact with us.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

Clink Lab Limited
RM 10D R1, 10/F KIN GA IND BLDG
9 SAN ON ST, TUEN MUN
HONG KONG

Email: support@modelmax.io

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information. When you register for an Account, we collect your name, email address, and authentication credentials (including third-party login information such as Google or GitHub accounts).
  • Billing Information. When you purchase credits or subscribe to a paid plan, our third-party payment processors collect your payment card details directly. We do not receive or store full card numbers; we only receive limited billing and transaction information (such as the last four digits of your card, billing address, transaction amounts, and payment status) from our payment processors.
  • Communications. When you contact our support team, submit feedback, or otherwise communicate with us, we collect the content of your messages, your contact details, and any attachments you provide.
  • Enterprise Information. For enterprise customers, we may collect company name, job title, business contact details, and information provided in order forms or service agreements.

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

  • Usage Data. API request logs, token usage, model selection, latency metrics, error rates, and response status codes. This data is essential for billing, observability features, and service optimization.
  • Device and Connection Information. IP address, browser type and version, operating system, device identifiers, and general geographic location derived from IP address.
  • Website Analytics. Pages visited, time spent on pages, clickstream data, referral URLs, and interaction patterns when you visit our website.
  • Log Data. Server logs that record requests made to our Service, including timestamps, request metadata, and system performance data.

1.3 Information from Third Parties

  • Authentication Providers. If you sign in using a third-party service (e.g., Google, GitHub), we receive basic profile information (such as name, email, and profile picture) as permitted by your account settings with that provider.
  • Payment Processors. We receive transaction confirmations, payment status, and limited billing details from our payment processors.
  • Analytics Services. We may receive aggregated analytics data from third-party analytics providers that help us understand usage patterns and improve the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis (GDPR)
Provide, operate, and maintain the ServicePerformance of contract
Process transactions, bill accurately, and send invoicesPerformance of contract
Monitor API usage, enforce rate limits, and prevent abuseLegitimate interest
Detect and prevent fraud, security incidents, and unauthorized accessLegitimate interest
Send technical notices, security alerts, and service updatesPerformance of contract
Respond to support requests and communicate with youPerformance of contract / Legitimate interest
Analyze usage trends and improve the ServiceLegitimate interest
Debug and troubleshoot technical issuesLegitimate interest
Comply with legal obligations and enforce our Terms of ServiceLegal obligation / Legitimate interest
Send marketing communications (only with your consent)Consent

We will not use your Customer Data (prompts and outputs routed through the Service) to train our own AI models unless you have provided explicit consent.

3. Data Processing with AI Model Providers

3.1 How Routing Works

ModelMax functions as an API gateway that routes your requests to third-party AI Model Providers (such as OpenAI, Anthropic, Google, and others). When you submit a request through our Service, your prompt data is transmitted to the selected Model Provider for processing.

3.2 Our Commitment

  • Where available and enabled, we configure our integrations with Model Providers to minimize the retention of your data by those providers.
  • We do not sell your Customer Data to any third party.
  • We may retain request metadata and limited Content as reasonably necessary for billing, abuse prevention, security monitoring, debugging, and legal compliance, as described in our Terms of Service.

3.3 Model Provider Policies

Each Model Provider has its own privacy policy and data handling practices. We encourage you to review the privacy policies of the Model Providers you access through our Service. We are not responsible for the data practices of third-party Model Providers.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We may share information when you direct us to or provide explicit consent to do so.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating and improving the Service, including:

  • Payment processors (e.g., Stripe) for transaction processing
  • Cloud infrastructure providers for hosting and data storage
  • Analytics providers for usage analysis and service improvement
  • Communication tools for customer support and email delivery

These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with applicable data protection laws.

4.3 AI Model Providers

As described in Section 3, your request data is transmitted to third-party Model Providers to fulfill your API requests.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or regulatory request;
  • Protect and defend our rights or property;
  • Prevent fraud or address security or technical issues;
  • Protect the personal safety of users or the public.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.6 Aggregated or De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analytics, and business development.

5. Cookies and Tracking Technologies

5.1 What We Use

We use cookies and similar tracking technologies on our website to collect and store information. These include:

TypePurposeDuration
Essential CookiesRequired for website functionality (e.g., authentication, security)Session / Persistent
Analytics CookiesHelp us understand how visitors interact with our websitePersistent
Preference CookiesRemember your settings and preferencesPersistent

5.2 Your Choices

Most web browsers allow you to control cookies through their settings. You can:

  • Block or delete cookies through your browser settings;
  • Set your browser to notify you when a cookie is being set;
  • Use browser extensions to manage tracking preferences.

Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.allaboutcookies.org.

5.3 Do Not Track

Our website does not currently respond to "Do Not Track" signals from browsers. However, you can use the cookie controls described above to manage your preferences.

6. Data Retention

6.1 We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

Data TypeRetention Period
Account informationDuration of your Account plus a reasonable period after deletion
Billing and transaction recordsAs required by applicable tax and financial regulations
API usage logs and metadataA limited period for operational purposes, unless longer retention is required for billing disputes or legal compliance
Support communicationsA reasonable period after resolution
Website analytics dataA reasonable period (aggregated)

6.2 After the applicable retention period, we will securely delete or anonymize your personal information. Backup copies may be retained for a limited additional period for data recovery purposes.

6.3 We may retain certain information for longer periods where required by law, regulation, or to protect our legal rights (e.g., in connection with ongoing litigation or regulatory investigations).

7. Data Security

7.1 We implement appropriate technical and organizational security measures designed to protect your personal information against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. These measures include:

  • Encryption of data in transit (TLS/SSL);
  • Access controls and authentication mechanisms;
  • Regular security assessments and monitoring;
  • Employee access restrictions on a need-to-know basis.

7.2 While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information, and you transmit data at your own risk.

7.3 If we become aware of a security breach that affects your personal information, we will notify you and any applicable regulatory authority in accordance with applicable law.

8. International Data Transfers

8.1 Your information may be processed and stored in jurisdictions outside of your country of residence, including Hong Kong, the United States, and other countries where our service providers and Model Providers operate.

8.2 Where we transfer personal information outside of jurisdictions with data protection laws (such as the European Economic Area or the United Kingdom), we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data processing agreements with our service providers;
  • Other legally recognized transfer mechanisms.

8.3 By using the Service, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection standards than your own. We will ensure that any such transfer is carried out in accordance with applicable data protection laws and with appropriate safeguards in place.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 Rights Under GDPR (EEA / UK Residents)

  • Right of Access. Request a copy of the personal information we hold about you.
  • Right to Rectification. Request correction of inaccurate or incomplete personal information.
  • Right to Erasure. Request deletion of your personal information, subject to legal retention requirements.
  • Right to Restrict Processing. Request that we limit our processing of your personal information in certain circumstances.
  • Right to Data Portability. Request a machine-readable copy of your personal information.
  • Right to Object. Object to processing based on our legitimate interests.
  • Right to Withdraw Consent. Where processing is based on consent, you may withdraw consent at any time.

9.2 Rights Under PDPO (Hong Kong Residents)

Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to:

  • Request access to your personal data;
  • Request correction of your personal data;
  • Request that we cease using your personal data for direct marketing.

9.3 Rights Under Other Jurisdictions

Residents of certain other jurisdictions (including California under the CCPA/CPRA) may have additional rights. We will comply with applicable local data protection laws.

9.4 How to Exercise Your Rights

You may exercise your rights by:

  • Accessing your account dashboard settings;
  • Contacting us at support@modelmax.io;
  • Specifying the right you wish to exercise and providing sufficient information for us to verify your identity.

We will respond to valid requests within the timeframes required by applicable law (typically within 30 days, or 40 days under the PDPO). We may charge a reasonable fee for requests that are manifestly unfounded, repetitive, or excessive.

10. Children's Privacy

10.1 The Service is designed for business professionals and is not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction).

10.2 We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete such information promptly.

10.3 If you believe that a child has provided us with personal information, please contact us at support@modelmax.io so that we can take appropriate action.

12. Changes to This Privacy Policy

12.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post the updated Privacy Policy on our website and update the "Last Updated" date at the top of this page.

12.2 For material changes, we will make reasonable efforts to provide additional notice, such as via email to the address associated with your Account or through a prominent notice on our website.

12.3 We encourage you to review this Privacy Policy periodically. If you continue to use the Service after changes take effect, we will treat your continued use as awareness of the updated practices. If you do not agree with the revised policy, you may discontinue use of the Service and request deletion of your Account.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Clink Lab Limited
RM 10D R1, 10/F KIN GA IND BLDG
9 SAN ON ST, TUEN MUN
HONG KONG

Email: support@modelmax.io

For data protection inquiries specifically related to GDPR, you may also contact us using the same email address with the subject line "GDPR Request".