Privacy Policy

Who We Are
Information We Collect
How We Use Your Information
Legal Basis for Processing
Sharing Your Information
Data Retention
Security
Your Rights
Children's Privacy
Cookies & Tracking
International Transfers
Changes to This Policy
Contact Us

We built MaxBack with privacy by design. We collect only what we need to provide the service, we never sell your data, and we give you full control over your information.

1. Who We Are

MaxBack is a product of Future Build Cov Ltd, a company registered in England and Wales. When this policy refers to "MaxBack", "we", "us", or "our", we mean Future Build Cov Ltd as the data controller responsible for your personal information.

Our app, available at maxbackapp.com, helps users track cashback rewards, coupons, and gift cards. This privacy policy explains how we handle your personal data when you use our app, website, or services.

2. Information We Collect

Information you provide directly

Account details: Full name, email address, phone number, country of residence, preferred language.
Financial tracking data: Details of your payment cards (bank name, card network, nickname — we do NOT collect card numbers, CVV, or PINs), cashback rules, coupon details, gift card details (store, balance, expiry — we do NOT collect gift card PINs unless you voluntarily enter them).
Photos: Optional images of coupons or gift cards you choose to upload.
Communications: Messages you send us via email or contact forms.

Information collected automatically

Device information: Device type, operating system, app version, unique device identifiers.
Usage data: Which features you use, when you use them, crash reports.
Location data: GPS location, only when you actively use the "Use My Location" feature in the Smart Advisor. We do not track your location in the background.
Push notification tokens: Required to deliver expiry alerts.

3. How We Use Your Information

To create and manage your account.
To provide the core app features: cashback advice, coupon tracking, gift card management.
To send you push notifications about expiring coupons and gift cards (only if you grant permission).
To sync your data across devices via Firebase Firestore.
To respond to your support requests.
To improve the app through anonymised usage analytics.
To comply with legal obligations.

We do not use your data for advertising. We do not sell your data to third parties. We do not share your financial tracking data with banks, retailers, or any other commercial parties.

4. Legal Basis for Processing (UK & EU Users)

Under UK GDPR and EU GDPR, we process your personal data on the following legal bases:

Contract performance: Processing necessary to provide the MaxBack service you signed up for.
Legitimate interests: Improving the app, preventing fraud, maintaining security — where these interests are not overridden by your rights.
Consent: Push notifications, optional location access, optional photo uploads. You can withdraw consent at any time.
Legal obligation: Where required by applicable law.

We share your data only with service providers who help us operate MaxBack, and only to the extent necessary:

Google Firebase: Authentication, database (Firestore), cloud storage, and push notifications (FCM). Firebase processes data in accordance with Google's privacy terms.
Analytics providers: Anonymised, aggregated usage data only. No personally identifiable information.

All service providers are contractually required to protect your data and use it only for the purposes we specify. We will disclose your data if required to do so by law or to protect the rights, property, or safety of MaxBack, our users, or others.

6. Data Retention

We retain your account and tracking data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal reasons (e.g. financial records for up to 6 years under UK law).

Anonymised analytics data may be retained indefinitely as it cannot be used to identify you.

7. Security

We take the security of your data seriously. Measures include:

All data transmitted between your device and our servers is encrypted using TLS.
Firebase Firestore access is restricted by authentication rules — you can only access your own data.
We do not store complete card numbers, bank PINs, or gift card PINs on our servers.
Regular security reviews of our codebase and infrastructure.

No system is 100% secure. If you believe your account has been compromised, please contact us immediately at hello@maxbackapp.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of access: Request a copy of the data we hold about you.
Right to rectification: Correct inaccurate data.
Right to erasure: Request deletion of your data ("right to be forgotten").
Right to restrict processing: Ask us to limit how we use your data.
Right to data portability: Receive your data in a machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time via the app settings or by contacting us.

To exercise any of these rights, contact us at hello@maxbackapp.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Children's Privacy

MaxBack is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

10. Cookies & Tracking

Our mobile app does not use traditional browser cookies. We use Firebase SDKs which may use device identifiers for analytics and crash reporting. Our website (maxbackapp.com) uses essential cookies only — no advertising or tracking cookies.

11. International Data Transfers

Your data may be processed in countries outside the UK or EU, including the United States, where Google Firebase servers are located. We ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data when transferred internationally, in accordance with UK GDPR.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via a notification in the app or by email. The "last updated" date at the top of this page will always reflect the most recent version. Continued use of MaxBack after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: hello@maxbackapp.com
Company: Future Build Cov Ltd
Website: maxbackapp.com

Contents