Privacy Policy

1. Information We Collect

Account information

When you sign in via Google, Discord, or Apple OAuth, we receive basic profile information from those providers. Typically your email address, display name, and profile picture URL. We use this only to create and identify your account. We do not receive your passwords from these providers.

Card content you provide

To operate the service, we store the content you enter into your Player Card, including:

• Username, clan tag, and bio
• Stat blocks (rank, K/D ratio, main character, etc.)
• Social media handles and links you choose to display
• Hardware and setup details you choose to share
• Avatar and background images you upload
• Theme and style preferences

This content is publicly visibleon your live card page (axionhq.cc/yourusername) once your card is active. Do not include personal information you don't want to be public.

Payment information

We use Stripe to process payments. We never see or store your full card number, CVV, or banking details. Stripe handles all payment processing and is PCI-DSS compliant. We store your email and a record of your purchase for order management. See stripe.com/privacy.

Usage and analytics data

We collect data about how visitors use AXION in order to improve the platform and understand what's working. This includes pages visited, time spent, clicks, device type, browser, and referring source. This data is collected through analytics tools described in Section 3.

Advertising and conversion data

We run paid advertising campaigns (including on Meta platforms such as Facebook and Instagram). To measure and optimize these campaigns, we use the Meta Pixel and Meta Conversions API (CAPI). These tools track events such as page views, card builder interactions, and purchase completions, and share that data with Meta so our ads can be shown to relevant audiences. This is standard practice for online advertising and is described in detail in our Cookie Policy.

When you complete a purchase, we may send conversion event data (such as a hashed version of your email address and the value of your purchase) to Meta via the server-side Conversions API. This helps Meta's algorithm understand who our customers are so we can reach similar people.

Technical data

Our hosting provider (Vercel) automatically logs standard technical data including IP address, browser type, pages visited, and device type. This is used for security monitoring and debugging.

Content moderation data

Images you upload are scanned by Sightengine before being published. Sightengine receives the image temporarily to check for prohibited content. Images that pass are stored; images that fail are deleted immediately.

2. How We Use Your Information

We use the information we collect to:

• Create and display your Player Card at your permanent URL
• Process and record your payment
• Send transactional emails (purchase receipts, card activation confirmations)
• Send cart recovery emails if you start building a card but don't complete checkout
• Measure and optimize our advertising campaigns via Meta Pixel and CAPI
• Understand platform usage through analytics
• Enforce our Terms of Service and investigate violations
• Respond to support requests
• Monitor for fraud, abuse, and security threats
• Improve the platform

3. Third-Party Services and Data Sharing

We share data with the following services to operate and grow AXION:

• Supabase: database and file storage (supabase.com)
• Vercel: website hosting and edge network (vercel.com)
• Stripe: payment processing (stripe.com)
• Sightengine: image content moderation (sightengine.com)
• Resend: transactional and marketing email delivery (resend.com)
• Upstash: rate limiting via Redis (upstash.com)
• Meta (Facebook): advertising measurement and optimization via Meta Pixel (browser-side) and Meta Conversions API (server-side). Data shared may include page view events, purchase events, and hashed identifiers such as your email address. Meta uses this data to measure ad performance and build lookalike audiences. See Meta's Privacy Policy.
• Analytics provider: we use a web analytics tool to understand how visitors use AXION. Depending on the tool configured, this may process page view data, session duration, and interaction events.

We do not sell your personal information to data brokers or unrelated third parties.

We may disclose your information if required by law, court order, or to cooperate with law enforcement, particularly in cases involving illegal content such as CSAM.

4. Public Information

Your Player Card page (axionhq.cc/yourusername) is publicly accessible to anyone on the internet once your card is active. All content on your card, username, bio, stats, social links, hardware details, avatar, and background image, is public. Search engines may index it.

Your email address, payment information, IP address, and OAuth account details are never displayed publicly.

5. Data Retention

• Active cards: Stored indefinitely while your account is active.
• Pending/abandoned cards: Deleted after 30 days if no payment is completed.
• Username reservations: Automatically deleted after 15 minutes.
• Deleted accounts: Card data deleted within 30 days. Payment records retained for up to 7 years for legal and tax compliance.
• Server logs: Retained for up to 90 days.

6. Cookies and Tracking

We use cookies and similar tracking technologies for authentication, analytics, and advertising. See our Cookie Policy for a full breakdown of every cookie and pixel we use.

7. Your Advertising Choices

You can opt out of Meta's use of your data for targeted advertising by visiting facebook.com/adpreferences. You can also opt out of interest-based advertising more broadly via the Digital Advertising Alliance opt-out tool.

Note that opting out does not stop you from seeing ads, it means the ads you see will be less relevant to you.

8. Security

We protect your data with HTTPS/TLS encryption in transit, Row Level Security in our database, rate limiting on all API endpoints, and image content screening. No method of transmission or storage is 100% secure. In the event of a data breach, we will notify affected users in accordance with applicable law.

9. Your Rights

• Access: Request a copy of personal data we hold about you.
• Correction: Update your card content from your dashboard at any time.
• Deletion: Email support@axionhq.cc to request account and data deletion.
• Portability: Request an export of your card data in JSON format.
• Opt-out of marketing emails: Use the unsubscribe link in any marketing email, or email support.
• Opt-out of advertising tracking: See Section 7 above.

10. International Users

AXION is operated from the United States. If you access the service from outside the US, your data may be transferred to and processed in the United States. By using AXION, you consent to this transfer.

For EEA users, our legal bases for processing are: contract performance (delivering the service you paid for), legitimate interests (security, fraud prevention, analytics, advertising), and legal obligation.

11. Children's Privacy

AXION is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent and believe your child has created an account without your permission, contact support@axionhq.cc.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date. Continued use of AXION after changes are posted constitutes acceptance of the updated policy.

13. Contact

• Privacy requests: privacy@axionhq.cc
• General support: support@axionhq.cc