Privacy Policy

Last Updated: November 21, 2025

1. Introduction

At Axiom Trade, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Personal information you provide (name, email, ID documents, financial information, wallet addresses).

Transaction information (trading history, deposits, withdrawals, balances).

Technical information (IP address, device info, usage data, cookies).

Communication information from customer support and feedback.

3. How We Use Your Information

Service provision: account management, transaction processing, customer support.

Compliance and security: KYC verification, fraud prevention, regulatory compliance.

Platform improvement: usage analysis, feature development, troubleshooting.

Marketing communications (with your consent).

4. How We Share Your Information

With service providers (payment processors, identity verification, hosting).

When required by law (court orders, subpoenas, regulatory inquiries).

In business transfers (mergers, acquisitions).

With your explicit consent.

5. Data Security

End-to-end encryption, multi-factor authentication, regular audits, cold storage for crypto assets, and continuous monitoring. No method is 100% secure but we follow industry best practices.

6. Data Retention

We retain information as long as needed to provide Services, comply with laws, resolve disputes, and maintain records.

7. Your Privacy Rights

Access, correction, deletion, portability, restriction, objection, withdrawal of consent, and opt-out of marketing — depending on your jurisdiction. Contact privacy@axiom.trade to exercise these rights.

8. Cookies and Tracking Technologies

We use essential, performance, functional, and marketing cookies. Control via browser settings.

9. International Data Transfers

Your information may be transferred internationally with appropriate safeguards.

10. Children's Privacy

Our Services are not for individuals under 18. We do not knowingly collect children's data.

11. Changes to This Policy

We may update this Policy and will notify you via the platform.

12. Contact Us

Email: privacy@axiom.trade. Data Protection Officer: dpo@axiom.trade.

Privacy in practice

How we actually handle data

What we collect, plainly

Axiom collects the minimum data required to operate a non-custodial trading platform. That includes: the wallet addresses you connect, the trades you submit through the platform, the metadata required to render your portfolio, and standard server logs for security and abuse prevention. We do not collect government-issued identification, social security numbers, or any other regulated personal identifier as a condition of trading. The optional fiat on-ramp is operated by a regulated third party and applies its own data collection independently.

What we never collect

We do not collect or store private keys. Self-custodied wallets remain entirely in your control; session wallets are held by Turnkey under signing policies you authorize, and even Turnkey cannot move funds outside those policies. We do not collect biometric data, contact lists from your devices, or photos and files from your local storage. We do not sell aggregated trading data to third parties.

How we use what we collect

Wallet addresses and trade history are used to render your portfolio, calculate fees, and provide support. Server logs are used to detect abuse, debug incidents, and meet legal retention obligations. Email addresses, when provided, are used for transactional messages (security alerts, support replies) and for the monthly product digest if you have opted in. We do not use any of this data for advertising and we do not operate an advertising network.

Sharing with third parties

We share data with a small, named set of service providers: Turnkey for MPC key management, our cloud infrastructure provider for hosting, our customer-support tooling provider for ticket management, and our analytics provider for product analytics. Each is bound by a data-processing agreement that prohibits secondary use of your data. We do not share data with marketers, data brokers, or any other category of third party that resells or repackages it.

Cookies and tracking

We use first-party cookies to maintain your session and remember your preferences. We use a single analytics tool configured in privacy-friendly mode (no cross-site tracking, no user-level export to third parties) to understand which features are used and where users get stuck. You can disable analytics in the cookie preferences screen without losing any functionality.

International transfers

Our infrastructure is operated in multiple regions for performance and redundancy. Where data is transferred across borders, we rely on standard contractual clauses and equivalent safeguards. If you are based in a region that grants specific data-protection rights — including the EU, the UK, California, and a growing number of other jurisdictions — those rights apply to your Axiom data and you can exercise them through the contact form.

Your rights

You can request a copy of the data we hold about you, request correction of inaccurate data, request deletion subject to legal retention requirements, and request portability of your trading history in a standard machine-readable format. Requests are processed within 30 days through the contact form with "Privacy" selected.

Retention

Trade history is retained for the duration of your account and for a period afterward to meet legal obligations and to allow account recovery. Server logs are retained for a shorter period — typically 90 days — sufficient for security investigation. When you delete your account, identifiable data is removed within 30 days subject to the retention obligations above.

Changes to this policy

Material changes are announced at least 30 days in advance via email (if we have your email) and via a prominent banner on the platform. Non-material changes — clarifications, formatting — may be made without notice. The "last updated" date at the bottom of the policy reflects every change.

Operational details

How we handle requests and incidents

Subject access requests

Anyone whose data we hold can request a copy of it. Requests go through the contact form with "Privacy" selected; we verify ownership of the requesting wallet by asking you to sign a short message with the wallet's key (which proves control without exposing the key) and we deliver the requested data within 30 days as a machine-readable export. The export includes everything we associate with the wallet: trade history, fee history, session metadata, support tickets, and any preferences you have set.

Correction and deletion

You can request correction of inaccurate data; for trading data, "inaccurate" is a high bar because the source of truth is the chain, but errors in derived fields (computed cost basis, tag metadata) are corrected on request. You can request deletion of your account and associated data; we delete within 30 days subject to a small set of legal retention obligations that we identify in the deletion response. Some derived data — anonymized aggregates used for product analytics — may persist in non-identifiable form.

Data minimization in practice

We periodically review the data we collect and ask whether each field is still serving a real purpose. Fields that no longer earn their keep are removed from the schema and purged from historical records. The most recent review removed several columns from the session metadata table that had been added "in case we need them" and were never used; the review summary is published internally and informs the next iteration of this policy.

Security incidents and your data

In the event of a confirmed security incident affecting your data, we will notify you directly within 72 hours of confirmation, describe what happened in plain language, describe what we believe was accessed, describe what we have done in response, and describe what you should do. We will not delay notification to draft a perfect statement; the first message will be honest about what we know and what we don't.

Children

Axiom is not intended for and is not marketed to children. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us and we will delete it.

Third-party processors

The named processors we use change occasionally as we evaluate vendors. The current list is maintained on the security page and updated within 30 days of any change. Each processor is bound by a written agreement that requires equivalent privacy protections to the ones described here.

Right to lodge a complaint

If you are dissatisfied with our handling of a privacy matter, you have the right to lodge a complaint with the data-protection authority in your jurisdiction. We would prefer you raise the issue with us first so we can address it directly, but the option to escalate exists and we will not retaliate for its use.

Last updated

See the date at the bottom of the formal policy above. Material changes are announced through in-product banner and email at least 30 days before they take effect; non-material changes (clarifications, formatting) are made without prior notice. A full history of changes is available on request.