How we hold your data.

Every row in MAXFORCE belongs to exactly one user. Every database query checks ownership at two layers — your application session and a database-level Row Level Security policy that enforces the same rule independently.

If application code ever forgets to filter by user, the database refuses to return the row. Two locks, not one. Both are enabled on every maxforce_* table. RLS is on by default; service-role access paths still apply the application-layer filter explicitly.

OAuth tokens for connected integrations — Salesforce, Google Workspace, Slack, and every future connector — are encrypted with AES-256-GCM before they touch the database. The encryption key lives outside the database, supplied to the application as an environment-scoped secret. Even with full database access, an attacker would not have your credentials.

All traffic between you and MAXFORCE, and between MAXFORCE and every sub-processor, is encrypted in transit with TLS. Plaintext HTTP is not accepted; HSTS is enforced at the edge.

When you connect an integration, MAXFORCE signs a short-lived JWT that embeds your user ID, the credential ID, and a nonce. The provider returns it on callback. We verify the signature and expiry and reject the callback if the session user does not match the user baked into the state. This prevents leaked or replayed authorization codes from landing under the wrong account.

When you disconnect an integration: revoke the token at the provider, purge the local credential, write an audit entry. Provider failure does not block the local purge — disconnect always succeeds on our side.

You leave clean. We never hold a credential you have asked us to drop.

A dedicated audit table records every state-changing write with actor user ID, action, resource, action-specific metadata, request ID, and timestamp. The actions logged today include:

Account creation, sign-in, sign-out, password change, profile changes, training log create and update, OAuth connect, OAuth disconnect, calendar follow-up scheduling, Salesforce stage transitions, data export, and account deletion.

Audit entries are retained for seven years. They are the foundation for security investigations, incident response, and SOC-2-ready posture.

Two endpoints are live in your account settings. The export endpoint returns every row scoped to your user as structured JSON, including audit log entries — one click, no email request, no waiting period. The deletion endpoint cascades through every table, revokes every connected integration via the three-step disconnect, invalidates your session, and writes a final audit entry.

Available to every user. Backups are purged within ninety days of deletion.

API keys, encryption keys, OAuth client secrets, and signing keys are stored as environment-scoped secrets in our hosting provider, separate from the application database. Secrets are not committed to source control; the repository is configured to ignore environment files and we do not log secret values.

Production database and hosting access is limited to the founder. Administrative reads and writes — when they occur — are recorded in the audit log with the target user ID. We do not have a customer support team that browses user data ad hoc; if support needs access to investigate an issue you have raised, that access is scoped, time-limited, and logged.

If we confirm a security incident that compromises the confidentiality, integrity, or availability of personal information, we will notify affected users no later than seventy-two hours after confirmation, consistent with applicable law. Notice will include what happened, what data was involved, what we are doing about it, and what you can do.

If you believe you have found a security vulnerability, email max@maxforce.ai with a description and reproduction steps before disclosing it publicly. We will acknowledge receipt within five business days and work in good faith to resolve verified issues. Coordinated disclosure protects users; we will not pursue legal action against researchers acting in good faith under this policy.

We do not claim SOC 2 — we have not undergone an audit. We do not claim HIPAA — we do not process Protected Health Information. Two-factor authentication is on the near-term roadmap. When any of these change, this page changes. Not before.

Reach us at max@maxforce.ai.