Privacy Policy
Last updated: October 2, 2025
This Privacy Policy explains how Yerrington Consulting LLC, dba Maximum Labs (“Maximum Labs,” “we,” “us”) collects, uses, and protects personal information in connection with our website and services.
Who We Are (Controller)
Yerrington Consulting LLC, dba Maximum Labs
30 N Gould St Ste N
Sheridan, WY 82801 USA
Contact: privacy [at] maximumlabs.com
We are established in the United States. We do not specifically target the EEA/UK or Japan; however, people from those regions may visit our site or contact us. We currently have no EU/UK/Japan representative. If that changes, we will update this notice.
Scope
- Our website and web forms.
- Scheduling links, contact emails, and support requests.
- Light, privacy-focused analytics and server logs.
It does not cover client data we process under a services agreement—see “Controller vs. Processor.”
Controller vs. Processor
- Controller (this website): For our own marketing site, we are the controller.
- Processor (client work): When we handle data on behalf of a client, we act as a processor and follow the client’s instructions under our agreement and Data Processing Addendum (DPA). View DPA
Information We Collect
- Contact details: name, email, company, role, phone (if provided), and message content submitted via forms or email.
- Project context: goals, timelines, data sources, constraints, and similar details you voluntarily share.
- Usage data: IP address, device/browser info, pages visited, referral URLs, and timestamps (via privacy-focused analytics and server logs).
- Scheduling/communications: meeting times, calendar metadata, and correspondence.
We do not intentionally collect sensitive information via this site.
Sources
- Directly from you (forms, email, scheduling).
- Automatically from your device (logs/analytics).
- Service providers that support our site (see “Sharing”).
How We Use Information
- Respond to inquiries, evaluate readiness, and provide proposals.
- Schedule calls and deliver services.
- Maintain and improve our website and offerings.
- Meet legal, security, accounting, and compliance obligations.
- (If you opt in) send updates or marketing; you can unsubscribe anytime.
Legal Bases (EEA/UK where applicable)
| Purpose | Legal Basis |
|---|---|
| Responding to requests; pre-contract steps; proposals | Contract / pre-contract |
| Scheduling, service delivery, client communications | Contract / legitimate interests |
| Site operation, security, analytics (non-essential only with consent in EEA/UK) | Legitimate interests / consent |
| Legal, tax, and compliance | Legal obligation |
| Direct marketing (where required) | Consent or legitimate interests with opt-out |
Cookies & Analytics
We use only essential cookies by default. Non-essential cookies and similar technologies (e.g., analytics) will run in the EEA/UK only after consent. You can change preferences anytime via “Cookie Settings.” See our Cookie Policy for details.
Sharing (Service Providers)
We do not sell or share personal information for cross-context behavioral advertising. We share limited data with service providers under appropriate contracts (DPAs) to operate our site and services, such as:
- Hosting / forms: Netlify
- Analytics: Plausible (if enabled)
- Scheduling: Cal.com
- Email (transactional): Resend
- Cloud/infrastructure (if used): AWS
These providers may process data in the U.S. and other countries. We require them to protect personal information and use it only to provide their services to us.
International Transfers
We are U.S.-based. If personal information is transferred from the EEA/UK or Japan, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and the UK Addendum) and implement supplementary measures as needed. If we later participate in the EU-U.S. Data Privacy Framework, we will update this section.
Data Retention
| Category | Typical Retention |
|---|---|
| Website inquiries & proposals | 24 months from last interaction |
| Readiness-check (not qualified) | Up to 12 months, then delete or de-identify |
| Client/project files | Duration of engagement + 3 years |
| Legal/accounting records (invoices, contracts) | 7 years |
| Server logs & security records | Up to 12 months |
| Aggregated analytics | Up to 36 months (non-identifying) |
Security
We use administrative, technical, and organizational measures to protect personal information. No method is 100% secure, but we continuously improve safeguards and maintain an incident response process. We will notify you and/or authorities of breaches as required by law.
Your Rights
Your rights depend on where you live.
EEA/UK (GDPR): access, rectification, erasure, portability, restriction, and objection to certain processing (including direct marketing). You may lodge a complaint with your local authority (e.g., ICO in the UK or your EU supervisory authority).
Certain U.S. states (e.g., CA): right to know, access, delete, correct, and limit use of sensitive personal information (not collected here), plus the right to opt out of selling/sharing (we do not sell/share). We will not discriminate for exercising rights.
Japan (APPI): disclosure, correction, suspension of use, and deletion, subject to legal exceptions. For cross-border transfers, we use appropriate safeguards as described above.
How to exercise rights: email privacy [at] maximumlabs.com or submit the form at /privacy-request. We will verify your identity and respond within applicable timelines (GDPR: 30 days; CA: 45 days).
Children
Our site is not directed to children under 16 (or under 13 in the U.S.). If we learn we collected information from a child, we will delete it.
Changes to This Policy
We may update this policy from time to time. Material changes will be noted by updating the “Last updated” date and posting the revised version here.
Contact
Questions or requests: privacy@maximumlabs.com
Postal address: 30 N Gould St Ste N, Sheridan, WY 82801 USA