Legal
Privacy Policy
How AxLabs GmbH collects, uses, and protects personal data when you use the Ax402 platform and website.
Last updated: 29 June 2026
This Privacy Policy explains how AxLabs GmbH(“AxLabs”, “we”, “us”) processes personal data when you visit our websites, use the Ax402 platform (including the seller dashboard, gateway, facilitator integrations, SDKs, and related tooling), or otherwise interact with us. We are the data controller for processing described here unless stated otherwise.
Who we are
AxLabs GmbH
Hardturmstrasse 161, 8005 Zurich, Switzerland
Email: contact@axlabs.com
Data we collect
Depending on how you use Ax402, we may process:
- Account and profile data — name, email address, organization details, authentication credentials, and workspace settings you provide when creating or managing a seller account.
- Platform usage data — API configuration, gateway routes, pricing rules, domain settings, API keys (stored in hashed or restricted form), settlement records, and operational logs needed to run the service.
- Payment and settlement metadata — transaction references, amounts, timestamps, network identifiers, and wallet addresses involved in x402 settlements. We do not custody private keys for your wallets.
- Technical and security data — IP address, browser type, device information, request logs, error reports, and anti-abuse signals.
- Communications — messages you send to support or sales, waitlist sign-ups, and feedback you choose to share.
- Cookie and preference data — as described in our Cookie Policy.
How we use personal data
We use personal data to:
- Provide, operate, and improve the Ax402 platform and website.
- Authenticate users, secure accounts, and prevent fraud or abuse.
- Process settlements, billing, and usage metering where applicable.
- Respond to inquiries, provide support, and send service-related notices.
- Analyze product usage when you have consented to optional analytics cookies.
- Comply with legal obligations and enforce our Terms of Service.
Legal bases (EEA, UK, and Switzerland)
Where applicable data protection law requires a legal basis, we rely on:
- Contract — to deliver the services you request.
- Legitimate interests — to secure our platform, improve reliability, and communicate about the product, balanced against your rights.
- Consent — for optional cookies and certain marketing communications where required.
- Legal obligation — where we must retain or disclose information under applicable law.
Sharing and processors
We use trusted infrastructure and service providers (for example hosting, email delivery, monitoring, and analytics when enabled) that process data on our instructions. We may also share information with professional advisers or authorities when required by law. We do not sell personal data.
On-chain settlement data is recorded on public blockchains as part of the x402 protocol. That information is inherently public and outside our control once submitted to a network.
International transfers
We are based in Switzerland. If personal data is transferred to countries without an adequacy decision, we use appropriate safeguards such as standard contractual clauses where required.
Retention
We keep personal data only as long as needed for the purposes above, including legal, accounting, and security requirements. Account data is generally retained while your account is active and for a limited period afterward unless a longer retention period is required by law.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing. You may also lodge a complaint with a supervisory authority.
To exercise your rights, contact contact@axlabs.com. We may need to verify your identity before responding.
Security
We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure; you are responsible for safeguarding API keys and account credentials.
Children
Ax402 is intended for businesses and developers. We do not knowingly collect personal data from children under 16.
Changes
We may update this policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.