Privacy Policy
Last updated: March 2026
Who we are
Axiom is a product of Xenta Ltd. (Nigeria). We provide cryptographic execution governance infrastructure for AI agents and automated systems. References to "Axiom", "we", "us", or "our" in this policy refer to Xenta and the Axiom platform at axiom.xenta.pro.
This policy is governed by Nigeria's National Data Protection Regulation (NDPR, 2019). Where users access the platform from other jurisdictions — including California, USA — we also acknowledge the applicable requirements of those laws (e.g. CCPA).
Questions about this policy can be directed to axiom@xenta.pro.
What we collect
We collect only what is necessary to operate the platform.
Name and email address provided via Google or GitHub sign-in. We do not store passwords.
Operation payloads, receipts, and ledger records submitted through the platform. This data is required to provide the verification service.
Credit consumption, operation counts, and session activity. Used to operate your account and calculate billing.
IP address, browser type, and device information collected automatically when you access the platform.
We do not use cookies or tracking technologies for advertising or analytics purposes.
What we do not collect
We do not sell your data to any third party.
We do not use your operation data for advertising.
We do not train AI models on your operation payloads.
We do not share your data with third parties except where required to operate the service (cloud infrastructure, authentication providers).
How we use your data
Our lawful basis for processing under the NDPR is the performance of a contract (operating your account and delivering the verification service) and legitimate interests (maintaining ledger integrity, fraud prevention, and platform security).
To operate your account and provide the verification service.
To process credit purchases and track usage.
To maintain the immutable ledger required by the platform architecture.
To respond to support and contact requests.
To comply with applicable legal obligations.
Data retention
Account data is retained for as long as your account is active. If you close your account, your personal information is removed from active systems within 30 days.
The ledger is immutable by design — records cannot be deleted without breaking the chain integrity that makes the platform trustworthy. Operation payloads submitted to the ledger are permanent records.
After account closure, ledger records referencing your operations are retained in pseudonymous form — specifically, operation hashes, receipts, quorum identifiers, and timestamps. These records do not contain your name or email address, but they cannot be guaranteed to be fully anonymous given the cryptographic nature of the chain.
International data transfers
Our infrastructure is hosted on Google Cloud (US-based) and uses Cloudflare for network security. By using the platform, your data may be transferred to and processed in the United States and other countries outside Nigeria. We rely on the data transfer provisions under the NDPR and the terms of our agreements with these providers to govern such transfers.
Third-party services
The platform uses the following third-party services to operate:
Google Firebase — authentication and database.
Google Cloud Run — backend API hosting.
Cloudflare — network security.
OpenAI / Google AI Studio — AI assistant functionality. Conversation messages sent to the AI assistant are processed by these providers. We do not send your operation payloads to these providers; only the text of your assistant conversations.
drand League of Entropy — verifiable randomness for committee selection.
Each provider operates under their own privacy policy. We do not control their data practices.
Security
We take reasonable technical and organisational measures to protect your data, including:
Encryption of data in transit via TLS.
Access controls enforced via Firebase Authentication on all API endpoints.
Audit logging of operations and ledger writes.
CORS allowlist restricting API access to authorised origins.
If you believe your account has been compromised, contact us immediately at axiom@xenta.pro.
Children
The platform is not intended for use by children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child has provided us with their data, please contact us at axiom@xenta.pro.
Your rights
Under the NDPR and applicable law, you have the right to:
Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your personal data, subject to the retention constraints described above.
To exercise these rights, contact us at axiom@xenta.pro.
Changes to this policy
We may update this policy as the platform evolves. The date at the top of this page reflects the most recent revision. For material changes, we will also notify users via the platform or by email where feasible. Continued use of the platform after changes constitutes acceptance of the updated policy.