Privacy Policy for Client Max Limited

Effective Date: 1st January 2025

1. Introduction

Client Max Limited (“Client Max,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of any personal data you share with us. This Privacy Policy outlines how we handle your data when you use our services, including access to the Client Max platform (the “Platform”) powered by HighLevel Inc. and related third-party tools (e.g. Lead Connector).By using our Service, you confirm your understanding of and agreement to the practices outlined in this Privacy Policy.

2. Definitions

  • Service: The software and related support services provided by Client Max Limited.

  • Personal Data: Any information relating to an identified or identifiable individual.

  • Usage Data: Information automatically collected, such as IP addresses, device data, and user interactions.

  • Data Controller: The party that determines the purpose and means of processing personal data.

  • Data Processor: The party that processes personal data on behalf of the Data Controller.

3. Roles and Responsibilities

You (the Client): You are the Data Controller of the personal data you upload to and process within the Platform. You are responsible for ensuring compliance with applicable data protection laws.

Client Max Limited: We are a Data Processor with respect to any data you upload to the Platform. Separately, we are the Data Controller of data we collect about you as a user or account holder.

HighLevel Inc.: HighLevel is the sub-processor and infrastructure provider. It may use additional sub-processors such as Lead Connector. You are responsible for reviewing and understanding their privacy policies.

Our Data Processing Agreement (DPA) governs our responsibilities as a processor. It forms part of our Terms of Service and is available upon request or via https://clientmax.co.uk/client-max-ltd-terms-of-service-

4. Information We Collect

4.1 Data You Upload to the Platform (Controller-Processor Relationship)

  • Contact names, email addresses, phone numbers, and other CRM-related data

  • Message history (e.g. emails or SMS sent through the Platform)

  • Files, forms, or tags associated with your leads and clients

We do not access or use this data unless required for support or system maintenance under our DPA.

4.2 Data We Collect as a Controller

We collect and process the following personal data as a data controller, for business and service operations:

  • Your name, business name, email address, and contact details

  • Account login credentials and usage logs

  • Billing and payment details

  • Support and communication records (e.g. emails, chat history)

  • Website usage data, including cookies and IP addresses

5. Lawful Basis for Processing

We process personal data under the following lawful bases, as outlined in UK GDPR:

  • Contractual Obligation: To deliver and manage your subscription, provide platform access, and handle payments and support.

    updates about using the Client Max platform

  • Legitimate Interests: To operate, improve, and secure our services, communicate with you about your account, and

    send you relevant marketing communications via email, SMS, or WhatsApp, where these communications relate to products and services similar to those you’ve purchased or expressed interest in. We carefully assess and balance our legitimate interests against your rights and freedoms.

  • Legal Obligation: To comply with tax, accounting, fraud prevention, and other regulatory requirements.

  • Consent: For marketing communications where consent is legally required, or for optional features like cookie tracking where applicable. You may withdraw consent at any time.

6. Marketing Communications

We may send you marketing communications by email, SMS, or WhatsApp based on our legitimate interest in promoting our products and services, as permitted under UK data protection and e-privacy laws (including the Privacy and Electronic Communications Regulations 2003).

These messages may include:

  • Tips and updates about using the Client Max platform

  • Announcements of new features or services

  • Special offers, content, or event invitations

  • Reminders to take action on your account

You can opt out of marketing messages at any time by:

  • Clicking the unsubscribe link in emails

  • Replying STOP to SMS or WhatsApp messages

  • Contacting us at [email protected]

Please note: opting out of marketing does not affect essential service communications (e.g. billing alerts or platform updates).

7. Cookies and Tracking

We use cookies and similar technologies to enhance website and Platform functionality, analyse traffic, and improve the user experience. You may manage cookie preferences through your browser settings. Disabling cookies may affect functionality.

8. Sub-Processors and Third Parties

Your data may be processed by our authorised sub-processors, including:

  • HighLevel Inc. – Infrastructure provider (USA)

  • Lead Connector – Integrated communication tool

  • Amazon Web Services (AWS) – Data hosting

    A current list of authorised sub-processors is available at:

    clientmax.com/subprocessors

    We will notify users of any material changes in advance.

Each sub-processor maintains its own privacy and data security policies. You are responsible for reviewing those policies.

9. International Data Transfers

To provide our services, your personal data may be transferred to and processed in countries outside the UK, including the United States.

When we transfer data internationally, we take appropriate steps to protect it in line with UK data protection law. This may include using Standard Contractual Clauses or working with providers certified under approved data transfer frameworks.

10. Data Retention

We retain your account and support data only for as long as necessary to provide services and comply with legal obligations. Uploaded data on the Platform is controlled by you and can be deleted at any time.

Upon account closure, all Platform data is deleted in accordance with our Terms and the Platform’s retention policy.

11. Data Security

We implement appropriate technical and organisational security measures including:

  • SSL/TLS encryption for data in transit

  • Role-based access controls

  • Regular security assessments and audits

No system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and taking appropriate measures on your end.

12. Your Rights under UK GDPR

As a data subject or Controller, you have rights including:

  • Access – Request a copy of your personal data

  • Rectification – Correct inaccurate or incomplete data

  • Erasure – Request deletion of your personal data

  • Restriction – Ask us to limit data use

  • Portability – Request transfer to another provider

  • Objection – Object to certain types of processing

  • Withdraw Consent – Where applicable

To exercise any rights or make a complaint, contact us at [email protected] .

13. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Any changes will be posted on our website with the updated effective date. Significant changes will be notified by email or via the Platform.

14. Contact Us

If you have questions or concerns about this policy or your personal data, please contact:

Client Max Limited

Lower Ground Floor, 122 Bath Road, Cheltenham, Gloucestershire, United Kingdom, GL53 7JX

[email protected]