This Privacy Policy explains how Axidus LLC (“Axidus”, “we”, “us”) collects, uses, shares, and safeguards information when you use axidus.io and any product or service we offer (together, the “Services”). It also explains your rights and choices regarding that information.
If you do not agree with this Policy, please do not use the Services.
1. Who we are
Axidus LLC is a software company registered in the State of New Jersey, United States. We build creative utilities for designers, developers, and game developers. You can reach us at legal@axidus.io.
2. Information we collect
Information you provide
- Account information. When you create an Axidus account, we collect your email address, a hashed password, and an optional display name.
- Communications. If you contact support, respond to a survey, or sign up for our launch list, we keep your message and any details you choose to share.
Information collected automatically
- Authentication and session data. Cookies set by Supabase (our auth provider) keep you signed in. These are essential to operating the Services.
- Theme preference. A small
localStoragevalue records your light or dark mode choice. It never leaves your browser. - Usage and device information. Once we enable Google Analytics 4 (planned, not yet active), we will collect anonymized usage data including pages viewed, referring URL, approximate location (country and region), browser type, and device class. We will configure GA4 with IP anonymization and disable Google Signals; we do not allow GA data to be used for advertising.
- Server logs. Our hosting provider (Vercel) records standard request logs (IP address, user agent, timestamp, path) for short periods, used for security and debugging.
Information from third parties
- Billing information. When you purchase a subscription, our payment processor Polar (Polar.sh) collects and processes your payment details. Polar shares back with us a customer identifier, your billing email, subscription status, plan, currency, amount, and renewal or cancellation events. We never see, store, or have access to your full card number, CVC, or bank credentials.
3. How we use information
We use the information described above to:
- Provide, operate, and maintain the Services
- Authenticate you and protect your account
- Process payments and manage subscriptions through Polar
- Send transactional emails (sign-up confirmation, password reset, billing receipts) via our email delivery provider Resend
- Respond to your support requests and inquiries
- Understand how the Services are used so we can improve them
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not use your information to train machine-learning models. We do not show third-party advertising on the Services.
4. Legal bases (EEA / UK users)
If you are in the European Economic Area or the United Kingdom, we process your information under one or more of these legal bases:
- Performance of a contract (operating your account, providing paid features)
- Legitimate interests (improving the product, securing the Services, communicating with users), provided those interests are not overridden by your rights
- Consent (where required, such as for non-essential analytics cookies)
- Compliance with legal obligations
You can withdraw consent at any time without affecting the lawfulness of prior processing.
5. How we share information
We share information only with the third-party service providers (sub-processors) listed below, under contract to process it on our behalf, and where required by law.
| Provider | Purpose | Region |
|---|---|---|
Supabase Database hosting, authentication, session storage | Database hosting, authentication, session storage | United States |
Polar Subscription billing, payment processing, merchant of record | Subscription billing, payment processing, merchant of record | United States / EU |
Resend Transactional email delivery (sign-up, password reset, receipts) | Transactional email delivery (sign-up, password reset, receipts) | United States |
Vercel Web hosting, edge network, request logs | Web hosting, edge network, request logs | United States / global edge |
Google Analytics 4 Aggregate website analytics (planned, not yet active) | Aggregate website analytics (planned, not yet active) | Global |
We may also share information:
- With law enforcement, regulators, or other parties when required by valid legal process
- In connection with a merger, acquisition, financing, or sale of assets, where personal information is one of the assets transferred (we will notify you of any such change)
- With your explicit consent
Polar acts as our Merchant of Record. That means Polar is the legal seller for your purchase, owns the customer relationship for tax and compliance purposes, and is a separate data controller for the billing data it collects directly. Polar's privacy policy is available at polar.sh/legal/privacy.
6. International data transfers
Most of our sub-processors are located in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States and other countries that may have different data-protection laws than your own. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.
7. Data retention
We keep your information for as long as your account is active and as long as needed to provide the Services. Specifically:
- Account data: retained until you delete your account, then permanently removed within 30 days, except where we must retain records to comply with legal obligations or resolve disputes
- Billing records: retained as required by tax and accounting law (typically 7 years)
- Server logs: typically retained 30 days
- Support communications: retained for up to 2 years from last contact
8. Your privacy rights
Subject to your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Deleteyour information (the “right to be forgotten”)
- Export your information in a portable format
- Restrict or object to certain processing
- Withdraw consent where we rely on it
- Lodge a complaint with your local data-protection authority
If you are a California resident, the California Consumer Privacy Act (CCPA / CPRA) gives you specific rights, including the right to know what personal information we collect, to delete it, to correct it, and to opt out of any “sale” or “sharing” (we do neither). We do not discriminate against you for exercising these rights.
To exercise any right, email legal@axidus.io with “Privacy request” in the subject line. We will respond within 30 days (45 for complex requests). We may need to verify your identity before acting on a request.
9. Cookies and similar technologies
We use the smallest set of cookies that lets the Services work:
- Essential cookies (set by Supabase) keep you signed in. Without these, you cannot use the authenticated parts of the site.
- Analytics cookies (Google Analytics 4, planned). Once enabled, GA4 sets cookies (
_ga,_ga_*) to measure aggregate usage. We will provide a cookie-consent banner before activating these for users in jurisdictions that require it (EEA, UK, etc.). - Theme preference (
localStorage) stores your light or dark choice client-side.
Most browsers let you refuse or delete cookies through their settings. Refusing essential cookies will prevent you from signing in.
10. Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA / UK). If you believe a child has provided us information, please email legal@axidus.io and we will delete it.
11. Security
We use industry-standard safeguards: TLS in transit, encryption at rest where supported by our providers, hashed passwords, row-level security on our database, and principle-of-least-privilege access for staff. No system is perfectly secure, and we cannot guarantee absolute security. If a breach affects your information, we will notify you and the relevant authorities as required by law.
12. Third-party links
The Services may include links to third-party sites or services. This Policy does not apply to those, and we are not responsible for their practices. Review their privacy policies before sharing information.
13. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date at the top, and for material changes we will notify you by email or by an in-product notice before the change takes effect. Continued use of the Services after changes take effect means you accept the updated Policy.
14. Contact us
Questions about this Policy or our privacy practices? Email legal@axidus.io and we will get back to you.
Axidus LLC
New Jersey, United States
Mailing address available on request.