Privacy Policy

Introduction

This Privacy Policy describes how MiniMax M2 ("we," "our," or "us") collects, uses, discloses, and safeguards information when you use our API service available at minimaxm2.io (the "Service"). We are committed to protecting your privacy and ensuring the security of your information.

Information We Collect

Information You Provide

Account Information: When you create an account, we collect your name, email address, and password credentials
API Credentials: We generate and store API keys associated with your account
Billing Information: If you subscribe to paid plans, we collect payment information through our payment processor
Communications: When you contact us for support, we collect the information you provide

Information Automatically Collected

API Usage Data: We collect data about your API requests including:
- Request timestamps
- Input and output token counts
- Model used (MiniMax-M2)
- Response time and status
- Rate limit information
Log Data: Server logs containing IP addresses, user agents, and request details
Device Information: Browser type, operating system, and device identifiers
Website Analytics: Pages visited, time spent, and referral sources for our website

Information from Third Parties

Authentication Providers: If you sign in with Google or GitHub, we receive basic profile information
Payment Processors: Billing and transaction information from our payment partners
Analytics Providers: Aggregated, anonymized usage statistics

How We Use Your Information

Service Provision

To process your API requests and generate responses
To authenticate your access to our Service
To maintain and improve Service performance
To monitor and enforce rate limits

Account Management

To create and manage your account
To provide customer support
To communicate Service updates and maintenance notices
To process payments and billing

Service Improvement

To analyze usage patterns and optimize our models
To debug technical issues and improve reliability
To develop new features and capabilities
To conduct research and analytics (in aggregated, anonymized form)

Legal and Security

To comply with applicable laws and regulations
To detect, prevent, and address fraud, abuse, and security threats
To enforce our Terms of Service
To protect our rights and property

Data Retention

Account Information: Retained while your account is active and for 30 days after deletion
API Logs: Retained for 90 days for security and debugging purposes
Billing Data: Retained for 7 years as required by tax and accounting regulations
Support Communications: Retained for 3 years for quality assurance

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

Service Providers

We work with trusted third-party providers who assist in operating our Service:

Cloud hosting providers (for data storage)
Payment processors (for billing)
Analytics providers (for usage statistics)
Customer support tools (for support communications)

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose information when required by law or to:

Comply with legal processes or government requests
Enforce our Terms of Service
Protect our rights, privacy, safety, or property
Investigate fraud or security issues

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

Encryption in transit (TLS 1.2+) and at rest
Secure API key generation and rotation
Regular security audits and penetration testing
Access controls and authentication for internal systems
Network segmentation and firewalls

Organizational Measures

Employee training on data protection and security
Background checks for employees with data access
Incident response procedures
Regular security policy reviews

Data Anonymization

We aggregate API usage data for analytics
Personal identifiers are removed from analytical datasets
We do not link API usage to individual users in our analytics

Your Rights and Choices

Access and Control

Account Access: View and update your account information through the dashboard
API Key Management: Regenerate your API keys at any time
Data Deletion: Request deletion of your account and associated data
Data Portability: Download your data in JSON format

Communication Preferences

Marketing Communications: Opt out of promotional emails
Service Notifications: You cannot opt out of essential service communications
Support Communications: Control how we contact you for support

If you are located in the European Union, you have the right to:

Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing
Data portability
Object to processing
Lodge a complaint with supervisory authorities

CCPA Rights (California Users)

If you are a California resident, you have the right to:

Know what personal information we collect
Know whether we sell or disclose personal information
Say no to the sale of personal information
Access personal information
Delete personal information
Equal service and price, even if you exercise your privacy rights

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Adequacy decisions by relevant authorities
Standard contractual clauses
Certification schemes
Other appropriate safeguards as required by law

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

API-Specific Privacy Considerations

Input Data

We process your API inputs to generate responses
We do not store your inputs unless required for debugging or optimization
Inputs are not used to train models available to other customers
You retain all rights to your input data

Output Data

The responses generated by our API are yours to use
We do not claim ownership of API outputs
We do not use your outputs to train models for other customers
You are responsible for reviewing outputs for accuracy and appropriateness

Model Training

We do not use customer data to improve MiniMax M2
We do not train on API inputs or outputs
Separate research and development datasets are used for model improvements
Any future training uses only carefully curated, permissioned datasets

Cookies and Tracking

Our website uses cookies and similar technologies:

Essential Cookies

Authentication and session management
Security and fraud prevention
Load balancing and performance

Analytics Cookies

Google Analytics for website usage analytics
Aggregated, anonymized data only
You can opt out of Google Analytics

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

Third-Party Links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make material changes, we will:

Notify you via email if you have an account
Post a notice on our website
Update the "Last Updated" date

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Mailing Address: MiniMax M2 Privacy Team [Address to be provided]

Data Protection Officer: [email protected]