Privacy Policy

MIX2MAX, LLC ("MIX2MAX," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to mix2max.com, the MIX2MAX AI workforce dispatch platform, and our affiliated services — including GoGo AI Team (gogoaiteam.com), GoGo POS (gogopos.com), BSG Enterprise Support (bsg.gogoaiteam.com), Server2Agent (server2agent.com), and our cloud-licensing & managed-tenant services for Microsoft 365, Azure, Google Cloud, Google Workspace, and AWS (collectively, the "Services").

1. Information We Collect

1.1 Information you provide

• Contact details — name, email address, phone number, and company name submitted through forms, email, or sales calls.
• Account & billing information — payment method, billing address, and transaction history when you purchase our Services or licenses. Payment card details are handled directly by our PCI DSS Level 1 payment processor and never stored on our servers.
• Service inputs — orders, reservations, support tickets, dispatch requests, server-management instructions, license requests, and any content you voluntarily send to a MIX2MAX AI agent or human teammate.

1.2 Information collected automatically

• Voice & SMS interactions — when you call or text a phone number operated by a MIX2MAX AI agent (including for our GoGo AI Team, GoGo POS, and BSG products), we record the call, generate a real-time transcript, and store the order, reservation, or ticket metadata produced from that interaction. Each call begins with an audible recording-disclosure announcement; continued participation on the call constitutes consent to recording under applicable law. Outbound communications are limited to (a) responses to an inbound interaction, (b) callbacks the customer requested, and (c) SMS to opted-in recipients per 10DLC registration.
• Server & endpoint telemetry — for Server2Agent and managed-tenant customers, we collect event logs, performance metrics, patch status, and configuration data needed to administer the systems you authorize us to manage.
• Usage data — pages viewed, referring URL, device type, browser, operating system, and approximate location (derived from IP address).
• Cookies & similar technologies — used to remember preferences (e.g. language), authenticate sessions, and measure aggregate traffic.

1.3 Information from third parties

• Bank-Account Verification Provider — when you, as a MIX2MAX subscription customer, link a bank account to set up ACH billing, our SOC 2 Type II bank-account verification provider returns the account-verification metadata required to authorize that ACH billing relationship. MIX2MAX does not retrieve or store account transaction history, balance, identity, or investments data.
• Microsoft, Google, and AWS tenants — when MIX2MAX administers a tenant or workload on your behalf, we receive directory, license, billing, and audit-log data from those platforms strictly to perform the requested administration.
• Analytics partners — may provide aggregated insights about how users discover and use the Services.

2. How We Use Information

• Operate the AI workforce that processes your calls, tickets, dispatch requests, reservations, server operations, and licensing actions.
• Quality-review and tune our AI agents using de-identified, aggregate service metrics and (where applicable) tenant- or operator-approved sample interactions.
• Process payments and manage subscriptions through our payment processor; verify your bank account for ACH billing where you have authorized it.
• Respond to inquiries, provide customer support, and send service notifications.
• Send marketing communications where permitted by law (you may opt out at any time).
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use customer prompts, transcripts, or content to train third-party AI foundation models. Bank-account verification data is never routed through voice or SMS channels, never appears in call transcripts, and is never used to train, tune, or improve any AI model. Per-call transcripts and recordings are used only to deliver, monitor, and improve the Service you have engaged us for.

3. Third-Party Service Providers

We work with trusted vendors who process data on our behalf under contractual confidentiality and security obligations:

• Payments Processor — payment processing (PCI DSS Level 1 certified).
• Bank-Account Verification Provider — bank-account verification used solely to authorize ACH billing of MIX2MAX subscription customers (SOC 2 Type II).
• Telephony & SMS Provider — SMS, voice, and notification delivery for AI phone agents (SOC 2, TCPA / 10DLC-aligned).
• AI model providers — Anthropic (Claude), OpenAI (GPT), Google (Gemini), and xAI (Grok), each operated under enterprise data terms that prohibit training on customer prompts.
• Microsoft — Cloud Solution Provider relationship for Microsoft 365 and Azure tenant administration.
• Google Cloud & Google Workspace — Google Cloud Partner and authorized Google Workspace reseller for tenant provisioning and administration.
• Amazon Web Services — AWS Partner Network member; production hosting, encryption, backups, and secrets management.

Each provider adheres to industry-standard security frameworks and applicable data protection laws.

4. Legal Bases & Disclosures

We process personal data based on one or more of the following: your consent, performance of a contract, compliance with a legal obligation, or our legitimate business interests. We may disclose information to comply with lawful requests, enforce our rights, or during a corporate transaction (merger, acquisition, or asset sale) with appropriate safeguards.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal, tax, and regulatory obligations, and to resolve disputes. Default retention for the major categories produced by our AI workforce:

• Voice recordings — up to 90 days, then deleted (longer if required for an active dispute, legal hold, or quality review of a flagged interaction).
• Call & ticket transcripts — up to 12 months for quality assurance and agent tuning.
• Order, reservation, dispatch, and ticket metadata — for the duration of the active customer relationship plus the period required by applicable accounting, tax, and consumer-protection law.
• Server / endpoint telemetry — rotated within 90 days online; security audit logs retained for at least 1 year.
• Bank-account verification metadata — for the duration of the active ACH billing relationship; the underlying verification record is removed via the verification provider's removal API on disconnect or deletion request.

Full retention rules are described in our companion Data Retention and Disposal Policy. When retention is no longer required, data is deleted or irreversibly anonymized.

6. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest (AES-256), enforced multi-factor authentication, role-based access control, secrets management, vulnerability scanning, centralized logging, and a documented incident response procedure. Full controls are described in our Information Security Policy. No method of transmission or storage is 100% secure, but we continuously work to strengthen our defenses.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal data, as well as to object to certain uses and withdraw consent. California residents have rights under the CCPA/CPRA; residents of the EEA and UK have rights under the GDPR/UK GDPR. To request that a recording, transcript, ticket, or account be deleted, or to exercise any other right, contact us at info@mix2max.com or support@mix2max.com. We will respond within 30 days.

8. International Data Transfers

MIX2MAX is headquartered in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. under appropriate legal safeguards.

9. Children's Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children. If we learn we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be communicated through the Services or by email where appropriate.

11. Contact Us