Privacy Policy

Privacy Policy

Brand Max AI, LLC Last Updated: June 30, 2026

Brand Max AI, LLC (“Brand Max AI,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our services, or otherwise interact with us, including our compliance obligations under the Health Insurance Portability and Accountability Act (HIPAA) where applicable, and the General Data Protection Regulation (GDPR) for individuals located in the European Union (EU) and European Economic Area (EEA).

By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our website and services.


1. Information We Collect

We may collect the following categories of information:

  • Contact Information: name, email address, phone number, company name, job title, mailing address
  • Business Information: information you provide about your company, marketing goals, budget, or industry
  • Website Usage Data: IP address, browser type, device information, pages visited, referring URLs, and time spent on our site (collected via cookies and analytics tools)
  • Communications: records of correspondence, including emails, form submissions, and call inquiries
  • Marketing Data: information related to your interactions with our advertising and email campaigns

We do not knowingly collect Protected Health Information (PHI) through this website unless explicitly required as part of a contracted service for a healthcare client, in which case a separate Business Associate Agreement (BAA) will govern that relationship (see Section 8).


2. How We Use Your Information

We use collected information to:

  • Provide, operate, and improve our digital marketing services
  • Respond to inquiries and provide customer support
  • Send marketing communications, newsletters, and promotional offers (with opt-out options)
  • Analyze website traffic and improve user experience
  • Comply with legal obligations
  • Protect against fraud, unauthorized access, and security incidents

We do not sell your personal information to third parties.


3. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze site traffic. You may control cookie preferences through your browser settings. Disabling cookies may affect website functionality.

We may use third-party analytics and advertising tools (such as Google Analytics, Google Ads, and Meta Pixel) that collect data in accordance with their own privacy policies.


4. How We Share Your Information

We may share information with:

  • Service Providers: third-party vendors who assist with hosting, analytics, email marketing, CRM, and advertising platforms (e.g., Google, Meta, HubSpot, LinkedIn)
  • Legal Compliance: when required by law, subpoena, or government request
  • Business Transfers: in the event of a merger, acquisition, or sale of assets

All third-party service providers are required to maintain appropriate confidentiality and security standards.


5. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These safeguards may include, where applicable: encryption of data in transit and at rest, access controls and role-based permissions, firewalls and intrusion detection systems, regular security assessments, employee confidentiality agreements, and vendor security review prior to onboarding any third-party service provider.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and any transmission of personal information is done at your own risk.

5.1 Data Breach Response Plan

In the event of a data breach involving personal information, Brand Max AI, LLC will take the following steps:

  • Containment: Immediately investigate and contain the breach to prevent further unauthorized access or disclosure.
  • Assessment: Evaluate the scope of the breach, the categories of data affected, and the likely risk to affected individuals.
  • Notification: Notify affected individuals, clients, and applicable regulatory authorities without undue delay, and in accordance with applicable law:
    • Under GDPR, supervisory authorities will be notified within 72 hours of becoming aware of a breach where feasible, and affected individuals will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
    • Under HIPAA, any breach involving unsecured PHI handled under a Business Associate Agreement will be reported to the covered entity in accordance with the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414).
    • Under applicable U.S. state breach notification laws, affected individuals and, where required, state attorneys general will be notified within the statutory timeframe.
  • Remediation: Take corrective action to address the cause of the breach and reduce the likelihood of recurrence, which may include patching vulnerabilities, revoking compromised credentials, and updating internal security protocols.
  • Documentation: Maintain internal records of the breach, our response, and corrective actions taken, to demonstrate compliance with applicable data protection obligations.

5.2 Limitation of Liability

While we take data security seriously and apply industry-standard safeguards, Brand Max AI, LLC’s liability in connection with any data breach or unauthorized access to personal information is limited as follows, to the maximum extent permitted by applicable law:

  • We are not liable for damages arising from breaches caused by factors outside our reasonable control, including but not limited to cyberattacks employing methods not reasonably foreseeable or preventable through industry-standard safeguards, acts of third parties, or client-side security failures (e.g., compromised user credentials).
  • Our liability for any claim arising from a data breach is limited to the extent permitted under our service agreements and applicable law, and in no event will exceed the amount paid by the affected client for services in the twelve (12) months preceding the incident, except where such limitation is prohibited by law.
  • Clients and users are responsible for maintaining the confidentiality of their own account credentials and for promptly notifying us of any suspected unauthorized access.
  • This limitation of liability does not affect statutory rights that cannot be waived or limited under applicable law, including certain consumer protections under GDPR and U.S. state privacy statutes.

Nothing in this section is intended to exclude or limit liability for fraud, willful misconduct, or gross negligence, where such exclusion is not permitted by law.


6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.


7. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including the right to access, correct, delete, or restrict its use. To exercise these rights, contact us using the information in Section 11.


8. HIPAA Compliance (Where Applicable)

Brand Max AI, LLC is a digital marketing agency and is generally not a HIPAA “Covered Entity.” However, in instances where we provide services to healthcare organizations that involve access to Protected Health Information (PHI), we act in accordance with HIPAA requirements as follows:

  • We enter into a Business Associate Agreement (BAA) with any covered entity or business associate client prior to accessing, processing, or storing PHI.
  • We implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule to protect any PHI encountered in the course of providing contracted services.
  • We limit access to PHI to authorized personnel on a need-to-know basis.
  • We do not use or disclose PHI for marketing purposes without proper authorization, as required under the HIPAA Privacy Rule.
  • In the event of a breach involving unsecured PHI, we will notify the affected covered entity in accordance with the HIPAA Breach Notification Rule.

If you are a healthcare provider or organization and require HIPAA-compliant data handling for a specific engagement, please contact us to execute a formal BAA prior to sharing any PHI.


9. GDPR Compliance (For EU/EEA Individuals)

If you are located in the European Union or European Economic Area, the following additional rights and disclosures apply under the General Data Protection Regulation (GDPR):

9.1 Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Your consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Our legitimate interests (e.g., improving our services, marketing), provided these interests are not overridden by your rights

9.2 Your Rights Under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erasure (“right to be forgotten”)
  • Restrict processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing, including for direct marketing purposes
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with a supervisory authority in your country of residence

9.3 International Data Transfers

As a U.S.-based company, your data may be transferred to and processed in the United States. Where applicable, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data during international transfers.

9.4 Data Protection Contact

EU/EEA individuals seeking to exercise their GDPR rights may contact us using the information in Section 11. We will respond to verified requests within the timeframes required under GDPR (generally one month).


10. Children’s Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take steps to delete it.


11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Brand Max AI, LLC 30 N Gould St, STE R Sheridan, WY 82801

Phone: (201) 932-0250 Email: info@brandmaxai.com


12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the top of this page indicates when the policy was last revised. Continued use of our website after changes constitutes acceptance of the updated policy.

Cart (0 items)

Helping B2B Brands Generate More Leads, Sales & ROI with AI

30 N Gould St, STE R
Sheridan, WY
Call Us: ‪(201) 932-0250
(Sat - Thursday)
Monday - Friday
24/7