Privacy & data

Data handling & privacy

How your data is processed when you call MaxModel verified output. Every statement here reflects how the gateway actually behaves.

The short version

We do not store your prompts, sources, or model outputs. The verification layer is stateless, and the gateway keeps only request metadata — never your message content.

What we receive

When you call verified.create (or eval / extract), we receive your messages, your sources, and your API key (a maxmodel.com gateway token). There is no separate account profile attached to a verified call.

What happens to it

  1. EXTRACT — your messages + sources are sent to the model you selected, through the maxmodel.com gateway, which routes to that model’s provider.
  2. VERIFY — runs in our service as deterministic code, with no model and no network call. The grounding check happens in memory.
  3. Return — we return the result to you.

The verification service is stateless: it holds your request in memory for the duration of the call and writes nothing to disk or any database — no request bodies, no content logs. It is reachable only through our gateway, never directly.

Retention

  • Your prompts, sources, and outputs: not stored. They exist only for the lifetime of the request and are not persisted by the verification layer.
  • Request metadata: the gateway retains operational metadata for billing and abuse prevention — model name, token counts, timestamps, request status, and quota usage. This metadata does not contain your message content (no prompt, source, or answer text).

Sub-processors

A verified call sends your messages + sources only to the provider of the model you choose.

  • Model providers: Anthropic, OpenAI, Google, xAI, DeepSeek, Alibaba (Qwen), Baidu (ERNIE), ByteDance (Doubao). The live set is published at maxmodel.com/models/list.json.
  • You control where your data goes by which model you call. If you only call, say, Anthropic or OpenAI models, your data never reaches any other provider on this list.
  • Infrastructure / hosting: GoDaddy, Singapore.
  • Datastore: the gateway’s operational database, which holds metadata only (see Retention).

Training

MaxModel does not train any model on your sources, messages, or outputs. Separately, each model provider we route to has its own data-use terms; the model-selection control above lets you restrict your data to providers whose terms you accept.

Encryption

  • In transit: TLS 1.2 / 1.3 for all API traffic.
  • At rest: we minimize at-rest exposure by never persisting your prompts, sources, or outputs — the datastore holds only non-content metadata.

Access, deletion, residency

  • Internal access: access to the metadata datastore is limited to IT administrators, and is granted only under dual authorization with an audit-qualified approver.
  • Deletion requests: email it@maxmodel.com.
  • Data residency: processing currently occurs in our Singapore region. We do not offer separate EU/US data-residency options at this time.

Compliance posture

We do not hold formal third-party certifications (such as SOC 2 or ISO 27001) yet. Our approach instead rests on principles we can show in the product: data minimization (we never persist your message content), deterministic verification (no second model sees your data to “grade” it), encryption in transit, and least-privilege access to the limited metadata we keep. We’re glad to walk security and procurement teams through this in a due-diligence review.

PricingPython SDK