Privacy Policy

1) Introduction and About Us

Axis Platforms, Inc. ("Axis," "we," "us," or "our") is a business-to-business (B2B) technology infrastructure company headquartered at:

Axis provides a unified SaaS platform — infrastructure for betting platforms — that enables operators to design, launch, and grow online betting, gaming, prediction-market, and related wagering applications (collectively, "Operator Platforms").

This Privacy Policy describes how Axis collects, uses, processes, stores, shares, and protects personal information and business data in connection with:

• our corporate website at https://axis.inc (the "Website");
• the Axis SaaS platform, APIs, dashboards, and related developer tools (the "Platform"); and
• our interactions with Operators, their end users, and other individuals who interact with us.

2) Scope and Who This Policy Covers

This policy applies to three distinct categories of individuals and entities:

2.1 Operators (B2B Clients)

Companies or individuals who enter into an agreement with Axis to access the Platform and build or manage Operator Platforms (e.g., online sportsbooks, casinos, prediction-market applications). Operators are typically corporate entities; however, the individuals employed by or representing an Operator (such as account administrators, developers, compliance officers, and finance contacts) are natural persons whose data we also handle.

2.2 End Users of Operator Platforms

Natural persons who register for, interact with, or transact on an Operator Platform powered by Axis infrastructure. In most instances, Axis processes end-user data as a data processor acting on behalf of the Operator, who is the data controller. End users should primarily consult the privacy notice provided by the Operator Platform they use. However, Axis may independently process certain technical data for security, fraud prevention, and service delivery purposes as described in this policy.

2.3 Website Visitors

Individuals who visit https://axis.inc for informational purposes, submit inquiries, or interact with our marketing materials without necessarily entering into a commercial relationship.

Note: This policy does not apply to third-party websites or services that Axis does not own or control, including any Operator Platform built on top of our infrastructure.

3) Information We Collect

3.1 Information Collected from Operators and Their Personnel

When an Operator registers for or uses the Platform, we collect:

• Account and Identity Information: Business name, legal entity type, registration number, tax identification number, registered address, operating jurisdictions, and licensing details.
• Contact Information: Names, job titles, work email addresses, telephone numbers, and professional profiles of Operator personnel.
• Financial and Billing Information: Bank account details, payment card information, billing addresses, invoicing records, and transaction history related to Axis's fees.
• API Credentials and Technical Configuration: API keys, OAuth tokens, webhook endpoints, IP allowlists, integration settings, and developer credentials.
• Compliance and Regulatory Documentation: Gaming licenses, Know-Your-Business (KYB) documentation, AML policies, and other regulatory materials.
• Communications: Emails, support tickets, live-chat transcripts, call recordings (where applicable), and other correspondence.

3.2 Information Processed on Behalf of Operators Regarding End Users

As part of providing the Platform, Axis may process the following categories of end-user data on behalf of Operators as a data processor:

• Registration and Identity Data: Name, username, date of birth, nationality, government-issued identification documents, and biometric data where required.
• Contact Data: Email address, phone number, and residential address.
• Financial and Transactional Data: Deposit and withdrawal history, wallet balances, payment instrument details, and fiat-to-crypto transaction records.
• Wagering and Gaming Activity: Bet history, game session data, prediction-market positions, bonus eligibility, and responsible gaming metrics.
• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, and geolocation data.
• Behavioral and Analytics Data: Clickstream data, session duration, feature engagement, and A/B test participation.
• Communication Preferences: Marketing consent status, opt-in/opt-out records, and notification preferences.

Axis processes this data strictly in accordance with Operator instructions and applicable data processing agreements ("DPAs"). End users wishing to exercise rights over this data should contact the relevant Operator directly.

3.3 Information Collected from Website Visitors

• Name, email address, company name, and message content submitted through contact or demo-request forms.
• Technical metadata including IP address, browser type, referring URL, and pages visited.
• Cookie and tracking data as described in Section 6.

3.4 Information for Which Axis Acts as an Independent Controller

Notwithstanding its processor role, Axis independently controls and processes certain data for its own legitimate purposes, including:

• Security and fraud monitoring across Platform infrastructure;
• Abuse detection, rate limiting, and system integrity checks;
• Aggregated and anonymized analytics to improve Platform features;
• Internal compliance, audit logs, and legal hold obligations; and
• Commercial relationship management with Operators and prospective Operators.

4) How We Use Information

4.1 To Provide and Operate the Platform

• Provisioning, configuring, and maintaining Operator accounts and Platform environments;
• Processing financial transactions, including fee collection, payout processing, and fiat-to-crypto onramp services;
• Delivering the Axis marketing engine, operator analytics dashboards, and reporting tools;
• Enabling integrations with third-party gaming content providers, payment processors, and KYC/AML vendors; and
• Supporting Operators in fulfilling their own compliance obligations.

4.2 For Safety, Security, and Fraud Prevention

• Detecting, investigating, and preventing fraudulent transactions, money laundering, underage gambling, and other prohibited activities;
• Verifying identity and jurisdiction eligibility;
• Monitoring for unauthorized access, cyberattacks, and abuse of Platform APIs; and
• Maintaining audit trails and supporting law enforcement or regulatory investigations where required by law.

4.3 For Business and Commercial Purposes

• Billing Operators for Platform usage, GGR-based fees, and payment processing charges;
• Managing the commercial relationship, including contract execution, renewals, and customer success;
• Sending operational communications (e.g., service status updates, maintenance notices, invoice delivery); and
• Sending marketing communications to Operators and prospects (subject to applicable consent requirements).

4.4 For Analytics and Product Improvement

• Generating aggregated, non-personally-identifiable insights to improve Platform features and performance;
• Conducting A/B testing and product experiments; and
• Benchmarking Operator Platform performance against anonymized industry metrics.

4.5 To Comply with Legal Obligations

• Fulfilling reporting obligations to gaming regulators, financial intelligence units, and tax authorities;
• Responding to lawful requests from courts, law enforcement, or regulatory bodies;
• Retaining records as required by applicable law; and
• Enforcing our Terms of Service and other agreements.

5) Legal Bases for Processing (GDPR and UK GDPR)

To the extent that Axis processes personal data of individuals in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases:

• Contract Performance (Art. 6(1)(b)): Processing necessary to enter into or perform a contract with an Operator or their personnel, including account setup, billing, and service delivery.
• Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, security monitoring, product improvement, and direct marketing to business contacts, where our interests are not overridden by data subjects' rights.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with gaming regulations, AML/KYC laws, tax obligations, and other applicable legal requirements.
• Consent (Art. 6(1)(a)): Where we rely on consent (e.g., for marketing communications or non-essential cookies), you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
• Vital Interests (Art. 6(1)(d)): In exceptional circumstances, processing necessary to protect an individual's safety (e.g., responsible gaming interventions).

For special categories of data (such as biometric identity data used for KYC), we rely on explicit consent (Art. 9(2)(a)) or the substantial public interest ground for anti-money-laundering and fraud prevention purposes (Art. 9(2)(g)).

6) Cookies and Tracking Technologies

6.1 What We Use

Axis uses cookies and similar tracking technologies on the Website and within the Platform dashboard. These include:

• Strictly Necessary Cookies: Required for authentication, session management, and security. These cannot be disabled without impacting core functionality.
• Functional Cookies: Retain your preferences and display settings (e.g., language, dashboard layout). These persist for up to one year.
• Analytics Cookies: Collect aggregate, anonymized data about how visitors use our Website and Platform to improve our services.
• Marketing Cookies: Used to deliver relevant advertising and track marketing campaign effectiveness. Only placed with prior consent where required by law.

6.2 Managing Cookies

You can manage or withdraw consent for non-essential cookies via our cookie preference center (accessible via the "Cookie Settings" link in the Website footer). You can also configure your browser to refuse or delete cookies; however, doing so may affect Platform functionality.

6.3 Third-Party Tracking

Some cookies are set by third-party services integrated into our Website and Platform, including analytics, monitoring, and customer communications tools. These third parties have their own privacy policies and we encourage you to review them.

7) How We Share Information

7.1 With Operators

End-user data processed on behalf of an Operator is shared with and accessible to that Operator through the Platform dashboard and APIs. Operators are responsible for their own use of that data in accordance with their privacy policies and applicable law.

7.2 With Subprocessors and Third-Party Service Providers

Axis engages a limited number of third-party subprocessors to assist with delivering the Platform and related services. These include:

• Cloud Infrastructure: Amazon Web Services (AWS) for hosting, compute, and storage; Supabase for database infrastructure.
• Payment Processing: Stripe, Swapped, MoonPay, Kraken, Banxa, and St8.
• KYC / AML Providers: Identity verification, document authentication, and sanctions screening vendors.
• Analytics and Monitoring: Application performance monitoring, error tracking, and product analytics tools.
• Email and Notifications: Transactional and marketing email service providers.

A current list of Axis's subprocessors is available upon request by contacting support@axis.inc.

7.3 With Gaming Regulators and Law Enforcement

We may disclose personal data to gaming licensing authorities, financial intelligence units, law enforcement agencies, and courts where required to do so by law, regulation, court order, or regulatory directive.

7.4 Business Transfers

In the event of a merger, acquisition, asset sale, financing, or restructuring of all or part of Axis's business, personal data may be transferred to the relevant third party.

7.5 With Your Consent

We may share data with third parties for purposes not described in this policy where we have obtained your prior, informed consent.

7.6 What We Do Not Do

Axis does not sell personal data to third parties. We do not share personal data with advertisers for the purpose of targeting advertisements to individuals without explicit consent.

8) Data Retention

We retain personal data for as long as necessary to fulfil the purposes set out in this policy. Our retention schedule is as follows:

• Operator Account Data: Retained for the duration of the Operator's agreement with Axis, plus 2 years following termination.
• Financial Records: Transaction records, invoices, and GGR-related data are retained for a minimum of 2 years in accordance with applicable tax and AML requirements.
• End-User Data (Processor Role): Retained per the Operator's documented instructions. Default retention is 2 years following the last user activity or account closure.
• Security and Audit Logs: Retained for 2 years for security incident investigation, platform integrity monitoring, and regulatory audit purposes.
• Website Visitor Data: Contact form submissions retained for 2 years; anonymized analytics data retained indefinitely.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in a manner that prevents reconstruction.

9) International Data Transfers

Axis is incorporated in the State of Delaware, United States, and its primary infrastructure is operated through AWS within the United States. Where personal data of EEA or UK residents is transferred to or processed in the US, Axis relies on Standard Contractual Clauses (SCCs) and, where applicable, UK International Data Transfer Agreements (IDTAs) as the lawful transfer mechanism.

Additional transfer safeguards include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• UK International Data Transfer Agreements (IDTAs) or UK Addenda to EU SCCs, where applicable;
• Binding Corporate Rules, where Axis has adopted these; and
• Adequacy decisions issued by the European Commission or UK Secretary of State.

You may request a copy of the relevant transfer safeguards by contacting support@axis.inc.

10) Data Security

Axis implements technical, administrative, and physical security measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher and encryption of data at rest;
• Role-based access controls and principle-of-least-privilege across Platform systems;
• Multi-factor authentication (MFA) for administrative access to production systems;
• Regular vulnerability assessments and penetration testing;
• Secure Software Development Lifecycle (SDLC) practices;
• Incident response and data breach notification procedures; and
• Contractual security obligations imposed on all subprocessors.

No system can guarantee absolute security. In the event of a personal data breach likely to result in high risk to individuals, we will notify affected parties and relevant supervisory authorities in accordance with applicable law.

11) Age Restrictions and Minors

The Axis Platform is designed exclusively for use by Operators who hold valid gaming or prediction-market licenses in their respective jurisdictions. Operators are contractually obligated to ensure that their end-user platforms comply with a minimum age requirement of 18 years of age. No individual under the age of 18 may register for or use any Operator Platform powered by Axis infrastructure.

Axis does not knowingly collect or process personal data of individuals under 18 years of age. If Axis becomes aware that personal data of an underage individual has been submitted to the Platform, it will take steps to delete that data and notify the relevant Operator promptly.

Axis's Website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact support@axis.inc.

12) Your Data Subject Rights

12.1 Rights Under GDPR and UK GDPR

If you are located in the EEA or the United Kingdom, you have the following rights:

• Right of Access: Request a copy of the personal data Axis holds about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction: Request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK).

12.2 Rights Under the California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you may have additional rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale / Sharing: Axis does not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Personal Information: Request limited use of sensitive personal information.
• Right to Non-Discrimination: You will not be discriminated against for exercising any of these rights.

To submit a verifiable consumer request, please contact us at support@axis.inc with the subject line "Privacy Rights Request." We will respond within 45 days.

12.3 Rights for End Users of Operator Platforms

If you are an end user of an Operator Platform and wish to exercise rights over data processed by Axis on behalf of the Operator, you should direct your request to the Operator in the first instance. Axis will cooperate with Operators to fulfil data subject requests in accordance with our DPA obligations.

13) Operator Responsibilities and Data Processing Agreements

Operators who use the Axis Platform to process personal data of their end users are responsible for:

• Maintaining a lawful basis for collecting and processing end-user personal data;
• Providing end users with a privacy notice that accurately describes all data processing, including processing conducted by Axis on the Operator's behalf;
• Ensuring end-user platforms comply with applicable age verification, gambling, and data protection laws in each jurisdiction of operation;
• Implementing appropriate responsible gaming tools (e.g., self-exclusion, deposit limits, cooling-off periods) as required by their license conditions; and
• Executing a Data Processing Agreement (DPA) with Axis prior to processing any personal data through the Platform, as required by Art. 28 GDPR and equivalent provisions.

Standard DPA terms are available upon request at support@axis.inc. Operators should not activate end-user data processing functionality within the Platform prior to executing a DPA.

14) Payment Processing and Financial Data

Axis facilitates payment processing for Operators through integrations with the following third-party payment processors: Stripe, Swapped, MoonPay, Kraken, Banxa, and St8. Depending on the integration model:

• Direct Integrations: Where Axis acts as a distribution layer activating payment services across downstream Operators, Axis's contractual and privacy obligations to those processors apply at the platform level.
• Operator-Direct Integrations: Where an Operator independently contracts with a payment processor using credentials or connectivity facilitated by Axis, the relevant processor's privacy policy governs the processing of financial data.

Payment data processed through these providers is subject to each provider's own PCI-DSS compliance obligations. Axis does not store full payment card numbers on its own infrastructure.

15) Responsible Gaming and Player Protection

Axis is committed to supporting Operators in fulfilling their responsible gaming obligations. The Platform provides tools that Operators may configure and deploy, including:

• Self-exclusion and cooling-off period management;
• Deposit and loss limit controls;
• Session time reminders and reality checks;
• Age and identity verification integrations; and
• Behavioral analytics for problem gambling detection (where configured by the Operator).

Data generated through responsible gaming features (e.g., self-exclusion records) is treated as sensitive data subject to enhanced access controls and, where applicable, mandatory retention periods prescribed by gambling regulators.

16) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform capabilities. When we make material changes, we will:

• Update the "Last Updated" date at the top of this document;
• Notify active Operators via email to their registered account address; and
• Where required by law, obtain renewed consent for material changes to data processing.

Your continued use of the Platform following the effective date of any updated policy constitutes acceptance of the revised terms. If you do not agree with the changes, you should cease using the Platform and contact us to discuss your options.

17) Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from or relating to it shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict-of-law provisions.

Any legal proceedings relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware, United States. Operators and individuals who interact with Axis consent to personal jurisdiction in such courts.

Notwithstanding the foregoing, nothing in this section limits the rights of data subjects in the EEA or United Kingdom to lodge a complaint with their local supervisory authority or to seek relief under applicable data protection law in their jurisdiction of residence.

18) Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or Axis's data practices, please contact:

We aim to respond to all legitimate privacy inquiries within 30 days. If your inquiry concerns an urgent data security matter, please include "URGENT" in the subject line of your email.