Effective Date: November 9, 2025
Company: Wave State, LLC (“Wave State”, “we”, “us”, or “our”)
Address: 2033 San Elijo Ave #1011, Cardiff, CA 92007, USA
Contact: support@wavestate.co

This Privacy Policy explains how we collect, use, disclose, and protect information about users of the Maxxd mobile application (the “App” or “Service”).

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

Note: This Policy includes principles from applicable privacy laws (including the California Consumer Privacy Act (CCPA/CPRA) and the EU/UK General Data Protection Regulation (GDPR)). You should have a qualified attorney review for specific compliance needs.

1. Scope

This Privacy Policy applies to information we collect:

  • Through the Maxxd mobile application
  • Through related services and communications
  • Through our support channels

It does not apply to third-party websites, services, or applications, even if accessed through the App.

2. Information We Collect

We collect the following categories of information:

2.1 Account and Profile Information

  • Name, email address, and password
  • Optional profile details such as gender, age range, height, weight, fitness goals, and preferences

2.2 Health, Fitness, and Usage Data

  • Workout history, sets, reps, weights, exercise performance
  • Nutrition data including foods logged, calories, macronutrients, and notes
  • Progress metrics such as weight changes, body measurements, and optional progress photos

Some of this data may qualify as “sensitive personal information” under applicable laws.

2.3 Camera and Photo Data for AI Scanning

When you use our AI scanning features, we collect:

  • Photos captured using your device camera
  • Photos you choose to upload from your device
  • Metadata associated with images (where available)

These images are used to:

  • Detect and identify food items
  • Estimate calories and nutritional content
  • Improve our AI models and recognition systems

Image Processing:
Photos may be processed on our secure servers. When we use them to improve recognition systems, we de-identify or pseudonymize the images whenever feasible.

You can revoke camera or photo access at any time through your device settings.

2.4 Apple Health Integration (HealthKit)

With your explicit permission, Maxxd may read and/or write certain data through Apple Health (HealthKit), such as:

  • Steps, distance, and active minutes
  • Heart rate data
  • Workouts and exercise sessions
  • Weight and body composition metrics
  • Sleep duration and related data

This data is used only to:

  • Personalize workouts, nutrition insights, and recovery recommendations
  • Display analytics, charts, and trends
  • Award points, streaks, and achievements

We do not use HealthKit data for advertising, and we do not sell HealthKit data.
You can enable or revoke permissions at any time via your device settings.

2.5 Device and Technical Information

We may automatically collect:

  • Device identifiers (device ID, OS version, app version)
  • IP address and approximate location (derived from IP)
  • Log data including feature interactions, usage times, crash reports, and diagnostics

2.6 Cookies and Similar Technologies

We may use cookies, SDKs, or similar technologies in web-based components to:

  • Remember your preferences
  • Analyze usage and performance
  • Improve the App

Where required by law, we will request consent before using these technologies.

2.7 Support and Communications

If you contact us, we collect:

  • Your email address
  • The content of your messages
  • Attachments you send
  • Support and feedback records

3. How We Use Your Information

3.1 To Provide and Maintain the App

  • Create and manage user accounts
  • Deliver core features such as workout planning, nutrition logging, and AI scanning
  • Sync and display your progress across devices

3.2 To Operate Our AI and Analytics

  • Process images and data to estimate calorie and nutrient values
  • Improve recognition accuracy, algorithms, and overall app performance
  • Develop new features and functionalities

3.3 To Personalize Your Experience

  • Generate tailored workout recommendations
  • Adjust training volume, difficulty, or nutrition targets
  • Provide suggestions and insights based on your goals and behaviors

3.4 To Communicate With You

  • Respond to messages and provide customer support
  • Send administrative notifications (account security alerts, policy updates)
  • Provide optional feature updates or relevant notices

3.5 For Security and Fraud Prevention

  • Detect, investigate, and prevent unauthorized access
  • Protect users and Wave State from fraudulent or malicious activity
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Respond to lawful requests from authorities

If you are located in the EEA or UK, we process your personal data under one or more of the following legal bases:

  • Contract: To provide and maintain the Service
  • Consent: For processing health-related data, image scanning, and certain communications
  • Legitimate Interests: To improve and secure the App, provided these interests are not overridden by your rights
  • Legal Obligation: To comply with applicable laws

GDPR Controller Statement

For users in the EEA and UK, Wave State, LLC is the data controller for your personal data.

5. How We Share Your Information

We do not sell your personal information for money.

We may share information as follows:

5.1 Service Providers

We use third-party vendors for:

  • Cloud hosting and storage
  • Analytics and crash reporting
  • Payment processing (via app stores)
  • Email delivery and communication

These providers must protect your information and may only use it as instructed.

5.2 AI and Model Infrastructure Partners

When using external infrastructure for model training:

  • We de-identify or pseudonymize data whenever feasible
  • Partners are required to protect data through contractual safeguards

We may disclose information if necessary to:

  • Comply with legal obligations
  • Protect any person’s safety
  • Defend the rights or property of Wave State

5.4 Business Transfers

If Wave State undergoes a merger, acquisition, financing, or sale of assets, your information may be transferred subject to continued protection under this Policy.

5.5 Aggregated and De-Identified Data

We may use or share data that cannot reasonably identify you for analytics, research, or lawful business purposes.

6. Data Retention

We retain your information for as long as reasonably necessary to:

  • Provide and maintain the App
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

Some data may remain in backups for a limited time after deletion.

7. Your Choices and Control

7.1 Camera and Photo Permissions

You may revoke camera or photo access at any time in device settings.
Disabling these permissions prevents use of certain AI scanning features.

7.2 Account and Profile Information

You may update or delete certain account information within the App.
For full account deletion requests, contact support@wavestate.co.

7.3 Marketing Communications

You may opt out of marketing emails using unsubscribe links or by contacting us.
We may still send non-marketing administrative messages.

8. Your Privacy Rights

8.1 California Residents (CCPA/CPRA)

You may have the right to:

  • Request disclosure of personal information collected
  • Request access or deletion
  • Request correction of inaccurate information
  • Limit the use of sensitive personal information
  • Not be discriminated against for exercising your rights

We do not “sell” or “share” personal information for cross-context behavioral advertising.

Submit requests to support@wavestate.co.

8.2 EEA and UK Residents (GDPR)

You may have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent

You may lodge a complaint with your local supervisory authority.

8.3 Other Regions

We will honor privacy rights provided under your local laws where required.

9. Children’s Privacy

The App is not intended for children under 13.
We do not knowingly collect personal information from children under 13.

If you believe we collected data from a child under 13, contact support@wavestate.co.

10. Security

We use reasonable technical and organizational safeguards to protect your information.
However, no system can be guaranteed 100% secure.

You are responsible for maintaining the confidentiality of your login credentials.

11. International Data Transfers

Your information may be transferred to and processed in the United States or other jurisdictions with different data protection laws.

Where required, we implement appropriate safeguards such as standard contractual clauses.

12. Automated Decision-Making and Profiling

Maxxd uses algorithms and AI to:

  • Provide workout and nutrition recommendations
  • Estimate calories and macronutrients
  • Adjust difficulty and schedule insights

These systems are intended to assist, not replace, personal judgment.
Recommendations may not always be accurate or appropriate for every user.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
If changes are material, we will update the Effective Date and may provide in-app or email notice.

Continued use of the App indicates acceptance of any updated Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, contact:

Wave State, LLC
2033 San Elijo Ave #1011
Cardiff, CA 92007
USA

Email: support@wavestate.co