Data and Privacy

How MaxAI handles your data and protects your privacy.

MaxAI is designed with privacy at its core. Your interactions are processed to generate helpful responses and are not used to train or improve the underlying AI models. This page explains exactly how your data is handled.

What Data is Sent to the AI Model?

Data that is included in requests to the AI model:
  • Your query text — the question or instruction you type or speak into MaxAI.
  • Relevant context from your current Unica+ session, such as the module you are in or the report you are viewing.
  • Anonymized campaign, journey, or segment metadata needed to generate an accurate response.
Data that is NEVER included in AI model requests:
  • Personally identifiable customer information (PII) — such as names, email addresses, phone numbers, or ID numbers.
  • Raw customer transaction records or behavioral data.
  • Financial account details or sensitive product-holding data.
  • Credentials, passwords, API keys, or system configuration secrets.

Data Retention

  • Session data: Conversation history is stored for your session and accessible via the history panel in the MaxAI interface.
  • Retention period: Session data is retained for 90 days by default. Your Unica+ administrator can configure this retention period according to your organisation's policy.
  • Third-party sharing: No conversation data is shared with third-party AI providers for the purpose of model training or improvement. HCL's enterprise data processing agreements govern all data handling.
  • Data deletion: Your organisation's admin can request deletion of MaxAI conversation data at any time through the Unica+ admin console under MaxAI Settings.

Cloud vs On Premises Deployment

Cloud Deployment (OpenAI via HCL Enterprise Agreement)

When MaxAI is configured to use a cloud-based LLM (such as OpenAI's GPT models), query data is transmitted to the model provider's API over encrypted HTTPS. HCL's enterprise data processing agreement with OpenAI ensures your data is processed securely and is not used for model training.

On-Premises Deployment (On-Prem LLM)

When MaxAI is configured to use an on-premises LLM (such as the GPT-OSS 120B model via vLLM), all data processing occurs entirely within your own infrastructure. No data leaves your environment. This option is available for organisations with strict data residency, regulatory, or compliance requirements.

Unsure about the deployment your organisation uses? Contact your Unica+ administrator or IT team. They can confirm whether MaxAI is using a cloud model or an on premises model.

Your Privacy Controls

  • MaxAI will not access, display, or share customer PII data even if directly asked. These guardrails are enforced at the system level and cannot be overridden by any user.
  • Role-based access controls (RBAC) in Unica+ determine what data and functionality MaxAI can access on your behalf. MaxAI cannot retrieve information that your user role does not have permission to access.
  • All blocked privacy and compliance requests, including attempts to extract PII, bypass guardrails, or access restricted data, are logged automatically. These logs are available to your compliance team in the MaxAI monitoring dashboard.
  • MaxAI complies with major data protection regulations including GDPR, DPDP (India), and other applicable frameworks, as governed by your organisation's HCL Software agreement.

Reporting a Privacy Concern

If you believe MaxAI has accessed, displayed, or transmitted data in a way that appears to violate your organisation's privacy policy, please report it immediately.

Contact your Unica+ administrator | Support portal: https://support.hcl-software.com/csm | HCL Privacy team: privacy@hcl.com