Section 1
Effective Date and Contact
Effective Date: July 2, 2026
Last Updated: July 12, 2026
Contact for any privacy-related question or request: maxx@axori.ai
Axori LLC, 302 Abbington St, Henderson, NV 89074. Nevada Business ID: NV20263594273. EIN: 42-3142577.
Response time to privacy requests: under 4 hours during business days, under 24 hours on weekends.
Section 2
Who We Are
Axori LLC ("Axori", "we", "us") is a Nevada-formed Limited Liability Company operating the Axori OS platform — a read-only financial intelligence and reporting SaaS tool for service-based small and mid-size businesses in the United States.
We are not a bank, not a lender, not a payment processor, and not a broker-dealer. We read financial data from the payment processors you explicitly connect, and present it back to you in useful form. Nothing more.
Section 3
What Data We Collect
We collect only what we need to deliver the service you signed up for. Specifically:
- BUSINESS PROFILE DATA — Your business name, legal entity type, EIN, tax address, owner name(s), operational details you enter into your Axori dashboard.
- TRANSACTION DATA — When you connect a payment processor or point-of-sale system, we retrieve read-only transaction data (amount, date, merchant, category, balance). We do not initiate, redirect, or modify any transaction.
- RECEIPTS AND EXPENSE DATA — Receipts, invoices, mileage entries, expense records, recurring subscription details you upload or enter. We extract line-item data using OCR to help you categorize for tax purposes.
- COMMUNICATIONS — Messages exchanged with Axori's AI agents (text, email, voice) to deliver customer support, booking coordination, and operational assistance for your business.
- ACCOUNT AND AUTHENTICATION — Your PIN, session tokens, and multi-factor authentication credentials (as they are rolled out). Passwords are not used, stored, or requested.
- USAGE DATA — Basic analytics on how you use the dashboard — pages viewed, features used, error events. Used only for service improvement.
Section 4
How We Collect It
Directly from you when you sign up, enter data into your dashboard, or communicate with our AI agents.
Through third-party integrations you explicitly authorize. Current active payment processor integrations are Stripe and Square. Additional processors may be added over time; the list of your active integrations is always visible in your dashboard settings, and each connection is authorized by you individually with the ability to disconnect at any time.
All third-party data connections operate under read-only scopes only. Axori cannot initiate payments, transfers, ACH movements, or any money movement through these integrations. This restriction is architectural and non-negotiable.
Section 5
What We Do With Your Data
We use your data to deliver the Axori OS service to you. Specifically:
- Populate your dashboard with your own transactions, balances, receipts, and business records
- Categorize transactions for bookkeeping and tax purposes
- Generate tax pack outputs (Schedule C pre-fill, quarterly estimates, 1099 records) using your data
- Deliver AI agent responses to your booking, support, and operational communications
- Send you service-related notifications (billing confirmations, security alerts, feature updates)
- Improve the service through aggregated, de-identified usage analysis in which no individual customer records are exposed
That is the complete list. If a use is not listed above, we do not do it.
Section 6
What We Do NOT Do With Your Data
We do not sell your data. Not to marketers, not to data brokers, not to affiliates, not to anyone. Not now and not ever.
We do not use your data to train artificial intelligence or machine learning models. Not our own models. Not third-party models. Not for any purpose.
We do not share your data with third parties, except strictly as required to deliver the service you signed up for — meaning our infrastructure provider (Google Cloud Platform) and the specific payment processor you have connected (Stripe or Square). We do not share with advertising networks, analytics resellers, or any other party.
We do not transmit your data outside the United States. All data storage and processing occurs on Google Cloud Platform infrastructure in the United States region.
We do not display advertising in Axori. There is no ad network, no tracking pixel, no data-monetization overlay. The subscription fee is our only revenue from you.
Section 7
Third-Party Processors and Sub-Processors
To deliver the Axori OS service, we rely on the following third-party infrastructure and integrations:
- INFRASTRUCTURE PROVIDER — Google Cloud Platform (Google LLC) — hosts all Axori compute, storage, and secret management. Google Cloud holds SOC 2 Type II, ISO 27001, PCI DSS Level 1, and HIPAA attestations. All customer data is stored encrypted at rest with Google-managed AES-256 keys in Google Cloud Firestore.
- PAYMENT PROCESSOR INTEGRATIONS — Current active payment processor integrations are Stripe and Square. Additional processors may be added over time. Each is read-only: Axori cannot initiate money movement through any of them. Each is authorized by you individually and revocable at any time from your dashboard settings.
- AI MODEL PROVIDER — Anthropic PBC — provides the language model behind our AI agents. Data sent to Anthropic for real-time inference is not retained by Anthropic for model training, per Anthropic's terms for API customers.
- COMMUNICATIONS — OpenPhone (SMS) and Google Workspace (email) — deliver service messages and notifications. Both hold SOC 2 Type II and industry-standard compliance attestations.
Each third-party sub-processor listed above is bound by data-handling terms that align with this Privacy Policy. We regularly review sub-processor practices as part of our vendor risk management program.
Section 8
Data Retention and Deletion
YOUR DATA BELONGS TO YOU.
While you are an active Axori subscriber, we retain your data for as long as needed to deliver the service.
If you cancel your subscription, the cancellation takes effect at the end of your current billing cycle — billing and refund terms are governed by the Terms of Service. When it takes effect, the following applies:
- Cancellation — Billing stops. No further charges are made. Your data is retained; canceling does not delete it.
- Account deletion (a separate, explicit action) — Available from Account Settings. Deleting your account stops billing, revokes all active sessions, and starts a 30-day window during which your complete data set remains available for export. Stored payment-processor credentials are deleted from our secured credential store.
- After the 30-day window — All customer data is deleted from Axori's live systems. This includes transactions, receipts, business records, tax pack outputs, employee records, and every other customer-specific record. Residual encrypted backup copies expire within 14 days after.
You are responsible for retaining your own copies of tax-relevant records for the durations required by IRS or state tax authorities. Axori's role is to provide you the complete export mechanism so that you can fulfill your own retention obligations using your own storage.
Section 9
Your Rights
As a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- RIGHT TO KNOW — You can request a copy of the personal information we hold about you. Delivered via the standard export mechanism (JSON format), within 24 hours during business days.
- RIGHT TO DELETE — You can request deletion of your data at any time.
- RIGHT TO OPT OUT OF SALE — Not applicable to Axori. We do not sell customer data under any circumstance.
- RIGHT TO NON-DISCRIMINATION — Exercising any right above will not result in reduced service quality, increased pricing, or any other adverse treatment.
As a Nevada resident, you have equivalent rights under Nevada Revised Statutes Chapter 603A. Contact maxx@axori.ai to exercise any right.
Section 10
Security
We take reasonable and appropriate measures to protect your data. Specifically:
- All customer-facing traffic uses HTTPS with TLS 1.2 or higher, enforced by Google Cloud Run
- All customer data stored in Google Cloud Firestore is encrypted at rest using Google-managed AES-256 keys
- OAuth access tokens for connected processors are stored in Google Secret Manager, never in application code, never in log files, never in plain text
- Every API request is authenticated and validated against a central session store; sessions expire automatically after 24 hours
- Tenant data isolation is enforced at the application layer — customer data is scoped to your account and cannot be accessed cross-tenant
- Continuous automated security monitoring runs on production infrastructure (Watchdog v2.0 every five minutes, Axori Shield daily)
- All administrative access to production systems requires phishing-resistant multi-factor authentication
Customer-facing multi-factor authentication (MFA) on the Axori dashboard is a priority roadmap item and will be deployed as part of ongoing platform improvements.
No system is perfectly secure. In the event of a data breach affecting your information, we will notify you within 72 hours of confirmed detection and cooperate with any applicable regulatory notification requirements.
Section 11
SMS / Text Messaging
Axori and the AI agents we operate may communicate by SMS/text message — for example, service notifications, booking and appointment messages, and replies to text conversations you initiate. The following terms apply to all SMS/text messaging with Axori:
- NO THIRD-PARTY SHARING OF MOBILE INFORMATION — Mobile phone numbers and SMS opt-in consent are not shared with, sold to, or rented to third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent are never shared with any third party.
- MESSAGE FREQUENCY — Message frequency varies based on your interactions with the service and your notification settings.
- RATES — Message and data rates may apply. Charges are billed by your mobile carrier under your mobile service plan.
- OPT-OUT AND HELP — Reply STOP to any message at any time to opt out of SMS communications. Reply HELP for assistance, or contact maxx@axori.ai. After you send STOP, you will receive a single confirmation message and no further texts unless you re-subscribe.
Section 12
Children
Axori OS is designed for use by business owners in the United States. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a minor, contact maxx@axori.ai and we will delete it promptly.
Section 13
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, new legal requirements, or new features. When we make material changes, we will notify you via email at the address on file and update the Last Updated date at the top of this policy. Continued use of the service after notification constitutes acceptance of the updated policy.
Historical versions of this policy are maintained by Axori for internal audit purposes.
Section 14
Contact
For any privacy-related question, request, or concern, please contact:
Maxx Vega, Founder and Chief Information Security Officer, Axori LLC — maxx@axori.ai
Response time: under 4 hours during business days, under 24 hours on weekends.