Legal
Privacy Policy
Last updated: July 8, 2024
Scope
Major Tech, Inc. (“Major”, “Major Technology”, “we”) operates the Services described in this Privacy Policy. The Policy covers:
- The public website at major.build.
- The Major web application at app.major.build.
- Major-branded bots, APIs, CLI tools, and related interfaces used to access Major.
This Policy does not apply to third-party platforms you connect to Major (for example, GitHub, Jira, or Google Workspace). Please review their privacy notices separately.
1. Data we collect
We collect personal information only where it is necessary to operate and improve the Services.
| Category | Examples | Why we collect it |
|---|---|---|
| Account data | Name, business email, company, role/title, billing details, hashed password or SSO token | Create and secure accounts, provide onboarding and customer support |
| Usage & device data | IP address, browser type, device identifiers, pages and features used, support logs | Improve performance, detect abuse, monitor reliability, compile analytics |
| Integration data (when you connect a source) | Content from tools you authorize Major to access (e.g., GitHub, Jira, Google Workspace, CRMs) | Generate and run your workflows or internal apps under your direction |
We do not knowingly collect sensitive categories of data or data from children under 13, and Major is intended for professional users 18+ (or 16+ in the EEA with the required consent).
2. How we use your data
- Operate, maintain, and secure the Services.
- Generate, orchestrate, and improve AI-assisted development workflows and automations you request.
- Provide customer support, respond to inquiries, and send important service updates.
- Monitor for bugs, abuse, and service health via logging and analytics.
- Conduct research and build new features to enhance the customer experience.
- Comply with legal obligations, enforce agreements, and protect the rights of Major, our users, and the public.
LLM processing
When you invoke Major’s AI capabilities, prompts and related metadata may be processed by the large language model providers we integrate with, including OpenAI, Anthropic Claude, and Google Gemini. We opt out of provider model-training programs, instruct vendors to delete data within 30 days, and encrypt data in transit (TLS 1.3).
Google Workspace and other integrations
When you connect Gmail, Calendar, or other Google Workspace data sources, we only access the minimum data required to perform the actions you authorize. We do not use raw or derived Google Workspace data to develop or train generalized AI or ML models, and we comply with the Google User Data Policy (including Limited Use requirements). The same principle applies to other integrations you enable: we access only what is necessary to deliver the workflow you request.
3. Legal bases for processing
| Purpose | Legal basis |
|---|---|
| Core service delivery, customer support, and integrations you enable | Performance of a contract |
| Security, fraud prevention, analytics, feature research | Legitimate interests (we balance these interests against user rights) |
| Optional product updates or marketing communications | Consent (you may withdraw at any time) |
4. How we share information
We never sell or share your data for cross-context behavioral advertising under the CPRA.
We use the following sub-processors strictly to provide Major's Services:
Current subprocessors
| Vendor | Function |
|---|---|
| Vercel | Hosting and edge delivery |
| AWS | Infrastructure hosting and data storage |
| OpenAI, Anthropic Claude, Google Gemini | LLM APIs powering AI features |
| Datadog | Logging, monitoring, and incident visibility |
| Temporal | Workflow orchestration |
| GitHub | Code hosting and CI/CD automation |
5. Data retention
| Data | Retention |
|---|---|
| Account data | Deleted within 7 days after account termination or when you request deletion |
| System logs | Retained up to 15 days, then permanently purged |
We may retain aggregated, anonymized information that can no longer identify you for longer periods to understand product performance.
6. Security
- HTTPS everywhere with TLS 1.3; AES-256 encryption at rest for customer data.
- Least-privilege IAM, centralized observability, and automated dependency scanning.
- Independent SOC 2 Type 1 targeted for Q4 2025; Type II targeted for Q1 2026.
No security program is perfect, so we continuously evaluate and improve our controls.
7. International transfers
Major is headquartered in the United States. When we transfer personal information outside of your jurisdiction, we rely on appropriate safeguards such as Standard Contractual Clauses and—when available—participation in the EU-U.S. Data Privacy Framework. We are evaluating additional transfer mechanisms (for example, appointing an EU representative and dedicating a Data Protection Officer) and will update this section as those steps are finalized.
8. Your rights
Depending on your location, you may request to access, correct, delete, or port your personal information, or object to or restrict certain processing. To exercise these rights, email support@majortechnology.com. We aim to respond within 30 days and will let you know if we need additional time. You may also unsubscribe from marketing emails via the link in those messages; operational emails will continue as needed.
9. Children's privacy
The Services are not directed to children under 13 (or the minimum age required in your jurisdiction). If we learn that a child has provided us with personal information without appropriate consent, we will delete it promptly.
10. Changes to this policy
We will update this Policy when our practices change. The “Last updated” date reflects the current version. If we make material changes, we will provide additional notice—such as an in-app message or email—at least 30 days before the new terms take effect.
11. Contact us
Questions or concerns? Contact Major Tech, Inc. at support@majortechnology.com or mail us at 548 Market St PMB 465344, San Francisco, CA 94104.