Privacy Policy

1. Overview

AxeFee ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using AxeFee, you agree to the practices described here.

2. Information We Collect

From business clients (you, as an AxeFee account holder):

• Name, email address, and business name (collected during onboarding)
• Zelle handle (phone or email) and Zelle notification email address
• Business details: address, phone, website, timezone
• Payment and billing information for subscription plans

From your end-customers (people who submit your checkout forms):

• Name, email address, and phone number (as required by your checkout form)
• Custom fields you define on your forms (e.g., order details, event dates)
• Payment amount, transaction metadata, and selected payment method (Zelle or card)
• For card payments: payment confirmation status and Stripe PaymentIntent ID — we do not collect or store card numbers, CVV codes, or billing addresses; those are handled exclusively by Stripe

From forwarded Zelle notification emails:

• Sender name, payment amount, and memo code parsed from your bank's notification emails
• The raw email content is processed automatically and not stored beyond what is needed for matching

From registered Partners (sponsorship marketplace):

• Partner business name, contact name, email, phone, website, and city/community focus (collected at Partner signup)
• Bid history, tier signups, coupon codes, flyer URLs, and short promotional copy submitted by the Partner for display on a Client's sponsored surfaces
• Aggregate metrics (impressions, unique-email reach, click-through counts) used for billing and reporting

From end-customers who interact with sponsored surfaces:

• Anonymized click-through events when a customer clicks a Partner link on a checkout page, status page, or transactional email — the click is recorded with a token, the Partner ID, and a timestamp; we do not link the click to the customer's identity
• We do not share end-customer names, emails, phone numbers, or other identifying details with Partners

Automatically collected:

• IP address, browser type, and device information via server logs
• Usage data such as pages visited and actions taken in the dashboard

3. How We Use Your Information

• To provide the Service: creating checkout forms, matching Zelle payments to orders, sending confirmation emails and SMS notifications
• To communicate with you: transaction alerts, deadline reminders, account notifications, and support responses
• To run the Partner Sponsorship marketplace: matching Partners with Client campaigns, displaying Partner placements on sponsored surfaces, tracking aggregate impressions and clicks for billing and reporting, and invoicing Partners for delivered sponsorship
• To improve the Service: analyzing usage patterns and diagnosing technical issues
• To comply with legal obligations and enforce our Terms of Service

We do not sell your personal information or your customers' data to third parties.

4. How We Share Information

We share data only with service providers necessary to operate AxeFee:

• Google Firebase / Firestore: database and authentication infrastructure
• Google Cloud Run: backend server hosting
• Gmail (Google Workspace): transactional email delivery
• Twilio: SMS notification delivery (when enabled by the client)
• Stripe: card payment processing (when a client has enabled card payments). When a customer pays by card, their card data is submitted directly to Stripe and never passes through AxeFee servers. Stripe is PCI-DSS Level 1 certified. Each client uses their own Stripe account — AxeFee does not have access to card payment funds. See Stripe's Privacy Policy for details on how Stripe handles payment data.
• Google Analytics 4: aggregate, privacy-friendly product analytics. We send anonymous event data (e.g. "checkout completed", "form created") with non-identifying parameters such as transaction IDs, plan tier, and dollar amount. We never send names, emails, phone numbers, or addresses to Google Analytics. IP addresses are anonymized by Google before storage. See Google's Privacy Policy.

Each provider is bound by their own privacy policies and data processing agreements. We do not sell data to advertisers and we do not use ad-targeting cookies.

5. Data Retention

• Transaction records are retained for 7 years to support tax and accounting requirements
• Matched email notification data is retained for 90 days for audit purposes, then purged
• Account data is retained while your account is active and for 30 days after deletion, then purged
• You may request earlier deletion by contacting us (subject to legal retention obligations)

6. Your End-Customers' Data

When your customers submit a checkout form, you (the business client) are the data controller for their personal information. AxeFee processes that data on your behalf as a data processor. You are responsible for obtaining any consents required to collect and share your customers' information with AxeFee.

7. Partner Sponsorship Data

Partners who sign up for the AxeFee Partner Sponsorship marketplace are independent data controllers for their own business information (business name, contact details, promotional content). AxeFee acts as a data processor for sponsorship-related data and as a data controller for the metrics it generates (impressions, unique-email reach, click-through events).

Partner promotional content (logo URLs, coupon codes, short promo text, flyer links) submitted to AxeFee is displayed publicly on a Client's checkout page, status pages, and order emails for the duration of the campaign. Partners should not include personal data in promotional content.

Click-through tracking on sponsored surfaces routes end-customers through an AxeFee redirector at /r/<token>. Each click is recorded with a partnership ID, a timestamp, and a coarse user agent string. We do not associate clicks with the end-customer's identity, and we do not share end-customer names, emails, phone numbers, or addresses with Partners. Partners receive only aggregate metrics for their reporting and reconciliation.

AxeFee shares aggregate metrics (not individual clicks) with the relevant Client and Partner for the campaigns they participate in. AxeFee does not share Partner contact information with end-customers.

8. Cookies and Local Storage

AxeFee uses browser local storage (not cookies) to maintain your login session via Firebase Authentication. If you clear your browser's local storage, you will be signed out.

We also use Google Analytics 4 to understand how AxeFee is used in aggregate. Google Analytics sets first-party cookies (e.g. _ga, _ga_*) used to distinguish anonymous visitors and sessions. These are analytics cookies, not advertising cookies — we do not use Google Ads, AdSense, retargeting, or other ad-targeting features, and we do not share Analytics data with advertisers. You can opt out of Google Analytics across all sites by installing the Google Analytics Opt-out Browser Add-on.

9. Security

We implement industry-standard security measures including:

• All data transmitted over HTTPS/TLS
• Firebase Authentication with secure token handling
• Firestore security rules enforcing role-based access control
• No plaintext storage of passwords or sensitive credentials
• Card numbers, CVV codes, and billing addresses are never transmitted to or stored on AxeFee servers — all card data is handled directly by Stripe
• Stripe API keys provided by clients are stored encrypted in Google Secret Manager and are never exposed in client-side code, logs, or API responses

No system is perfectly secure. If you discover a security vulnerability, please report it to support@axefee.com.

10. Children's Privacy

AxeFee is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

11. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict certain processing
• Data portability (receive your data in a machine-readable format)

To exercise these rights, contact us at support@axefee.com. We will respond within 30 days.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a dashboard notice. The "Last updated" date at the top reflects the most recent revision. Continued use of AxeFee after changes constitutes acceptance.

13. Contact Us