AxMall Privacy Policy

1. Who we are

Axerold ("we", "us", "AxMall"). Contact us at [email protected] or via the "Contact seller" / "Message buyer" flows inside AxMall.

2. What we collect

Everyone

• Your AxConnect user identifier and associated display name, handle, and avatar.
• Your in-app interactions: products viewed, wishlisted, added to cart.
• Device + browser metadata (IP, user agent) for abuse prevention and rate limiting.

Buyers — additional

• Shipping addresses you save or enter at checkout.
• Order history: items bought, amounts, timestamps, status transitions.
• Wallet address you declare on an order (for escrow matching).
• Transaction hashes you submit to verify on-chain payment.
• Messages you send to sellers via AxConnect.
• Reviews you write on delivered orders.
• Issues / disputes you raise, including descriptions.

Sellers — additional

• AxID verification data (legal name, date of birth, nationality, jurisdiction, government ID) — supplied to AxID and referenced here by ID only.
• Store + product content: names, descriptions, images, prices, specifications.
• Payout records: AXT balances, payout release dates, conversion events.
• Bank-customer link (if you opt into fiat payouts via AxBank).

3. Why we collect it (legal bases)

• To perform our contract with you — running the marketplace, processing orders, paying sellers, resolving disputes (GDPR Article 6(1)(b)).
• Legitimate interests — fraud prevention, rate limiting, anti-abuse, improving AxMall (Article 6(1)(f)).
• Legal obligations — tax, anti-money-laundering, and law-enforcement requests (Article 6(1)(c)).
• Consent — optional marketing communications (Article 6(1)(a)). You can withdraw consent at any time.

4. Who we share it with

• The other party in a transaction. Sellers see the buyer's shipping address + name when fulfilling an order. Buyers see the seller's display name and rating.
• Other Axerold apps when you opt in — AxConnect (for messaging), AxID (for KYC), AxBank (for fiat payout), AxCloud (for file storage).
• Payment + infrastructure providers — BNB Smart Chain (public by nature), Supabase (hosting our databases), Cronitor (monitoring our cron jobs).
• Law-enforcement and regulators where required by law, and our professional advisers (lawyers, accountants) under confidentiality.

We do not sell your personal data. We do not share it with advertisers.

5. How long we keep it

• Order records: 6 years from the order date (UK tax retention requirement).
• Shipping addresses: until you delete them (retained with order records as a per-order snapshot).
• Messages: until you delete the conversation.
• Admin audit logs: indefinitely (operational accountability).
• Account: until you ask us to delete it, subject to the retention obligations above.

6. Your rights

Under GDPR and the UK Data Protection Act you can: request a copy of your data; correct inaccurate data; delete data (subject to legal retention); restrict or object to certain processing; port your data to another service. Email [email protected] to exercise any of these rights. We respond within 30 days.

If you're unhappy with how we've handled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk.

7. Cookies + similar

AxMall uses local storage to remember your cart between sessions. We do not set advertising or third-party tracking cookies. Session authentication uses a token stored in local storage via the AxConnect login flow.

8. Security

We use industry-standard transport encryption (TLS), password hashing (bcrypt / argon2), and role-based access controls. Admin actions are audit-logged. The AxMall escrow wallet's spend key is held in a multi-signature wallet, never in server environment variables.

9. Changes

We'll update this page when our practices change and bump the version at the top. Material changes get a notice inside AxMall.