Privacy Policy

This policy explains what data AXIOM-EMU (“we”, “us”) collects when you visit the website, create an account, purchase a license, or run the Software. We aim to collect the minimum data needed to operate the service and comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act.

If you do not agree with how your data is handled, do not use the website or Software.

We collect the following categories of data:

• Account data: email address, display name, password (stored only as a one-way cryptographic hash), account role, email verification status.
• License data: hardware identifiers (HWIDs) bound to your license, activation timestamps, license key, purchased package and add-on IDs.
• Billing data: order amount, PayPal transaction ID, subscription status. Card numbers and bank details are handled by PayPal and never reach our servers.
• Technical data: IP address at login, registration, rate-limit checks, and Software activation. User-agent string. Session token.
• Support data: messages you send to us through the portal, Discord, or email.
• Analytics data: anonymized page views, referrers, approximate country, device type, and clicks on tagged calls-to-action (see §5).

We process your data only for these purposes:

• Authenticate your account and maintain your session.
• Issue, activate, bind, and validate licenses.
• Process purchases and deliver the Software.
• Prevent fraud, abuse, and chargebacks, and enforce rate limits.
• Respond to your support requests.
• Send transactional emails (verification, password reset, order confirmation, license expiry notices).
• Measure overall website traffic to improve content and pricing.
• Comply with tax, accounting, and legal obligations.

We do not sell, rent, or trade your personal data. We do not use your data for advertising or profile you for third-party ad networks.

We use exactly one cookie on this website:

• axiom_session — a signed JWT that authenticates your login session. HTTP-only, Secure, SameSite=Lax. Expires when you log out or after the session lifetime. Strictly necessary under ePrivacy Directive Article 5(3) — you cannot log in without it, so no consent banner is required.

We do not use marketing cookies, tracking pixels, session replay, or third-party advertising cookies. PayPal may set its own cookies on its own domain during checkout; see the PayPal privacy notice.

We use Umami Cloud to measure aggregate traffic. Umami does not use cookies or local storage. It identifies unique visitors by hashing your IP address and user-agent on a daily-rotating salt; the raw IP is never stored. Umami servers are hosted in the EU.

We tag specific calls-to-action (pricing, trial sign-up, Discord, documentation) so we can see which pages drive interest. No personal identifier is attached to these events. You can opt out by blocking requests to /stats/ on this domain, or by enabling your browser’s “Do Not Track” preference which Umami honours.

We share limited data with the following processors strictly to operate the service:

• PayPal — payment processing. Receives order amount and email; handles card data entirely on its infrastructure.
• Umami Cloud — anonymized analytics (see §5).
• Email delivery provider — receives your email address and the transactional message content needed to deliver verification, reset, and receipt emails.
• Hosting provider — stores the database and processes requests on our behalf, bound by a data processing agreement.

We do not share data with any party for their own marketing use.

We retain data only as long as it serves a legitimate purpose:

• Account and license data: for the lifetime of the account. Deleted within 30 days of a verified deletion request, except where retention is legally required.
• Billing records: 7 years, as required by accounting and tax law.
• IP logs and rate-limit data: up to 90 days, then purged.
• Support messages: up to 2 years after the issue is resolved.
• Umami analytics: 6 months rolling window on the Umami Cloud hobby plan.

Passwords are stored as Argon2/bcrypt hashes and are never recoverable. Sessions are signed JWTs. All traffic is served over HTTPS. License validation and activation traffic is authenticated and cryptographically signed. We do not log passwords, session tokens, or payment card numbers in any system.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33.

Our servers and processors may be located outside your country. Where data is transferred outside the EU/UK, we rely on Standard Contractual Clauses or processor certifications (e.g. PayPal, Umami) to ensure an equivalent level of protection.

If you are in the EU, UK, or another jurisdiction with equivalent protections, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your account and associated data (subject to legal retention for billing records).
• Port your data in a machine-readable format.
• Restrict or object to processing in specific circumstances.
• Withdraw consent where processing is based on consent.
• Complain to your national data protection authority.

To exercise any right, contact us through the official Discord or the customer portal. We respond within 30 days.

The Software and website are not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

We process your data on the following legal bases (GDPR Article 6):

• Contract — account, license, and billing data needed to deliver the Software you purchased.
• Legitimate interest — fraud prevention, rate limits, aggregated analytics, support.
• Legal obligation — tax, accounting, breach notification.

We may update this policy. Material changes will be announced in Discord and at the top of this page. The “Last updated” date above always reflects the current version.

For privacy questions or to exercise any right under §10, reach us through the official Discord or via the customer portal contact form.