Privacy Policy

1. Overview

AxeFee ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using AxeFee, you agree to the practices described here.

2. Information We Collect

From business clients (you, as an AxeFee account holder):

• Name, email address, and business name (collected during onboarding)
• Zelle handle (phone or email) and Zelle notification email address
• Business details: address, phone, website, timezone
• Images you upload, such as a business logo or your digital-card photo and cover image (stored in Google Firebase Storage)
• Payment and billing information for subscription plans

From your end-customers (people who submit your checkout forms):

• Name, email address, and phone number (as required by your checkout form)
• Custom fields you define on your forms (e.g., order details, event dates)
• Payment amount, transaction metadata, and selected payment method (Zelle or card)
• For card payments: payment confirmation status and Stripe PaymentIntent ID — we do not collect or store card numbers, CVV codes, or billing addresses; those are handled exclusively by Stripe

From visitors to a client's Digital Business Card:

• Contact details a visitor voluntarily submits through the card's "Share your info" feature (such as name, email, and phone number). This information is provided to the card's owner (the business) and stored on their behalf in their customer list; the visitor chooses whether to submit it.
• Aggregate, non-identifying card usage analytics, such as view and tap counts. These contain no names, emails, or device identifiers.

From bank payment notifications routed to AxeFee:

• Sender name, payment amount, and memo or reference code extracted from notifications routed to AxeFee for reconciliation
• Notifications are processed automatically and are not retained beyond what is required for matching and audit (see Section 5)

From registered Partners (sponsorship marketplace):

• Partner business name, contact name, email, phone, website, and city/community focus (collected at Partner signup)
• Offer content (such as business name, short promotional copy, and links) submitted by the Partner for display as a clickable offer on a Client's sponsored surfaces
• Counts of valid leads generated, used for billing and reporting

From end-customers who voluntarily opt in to a Partner offer:

• The information an end-customer enters into a Partner's short opt-in lead form (for example, name, email, and phone number), submitted only when the customer chooses to click the offer and complete the form with explicit consent
• We never share end-customer order, checkout, or account information with Partners. A customer's information is shared with a Partner only when that customer themselves submits the Partner's opt-in lead form; merely viewing or clicking an offer does not share any identifying details

Automatically collected:

• IP address, browser type, and device information via server logs
• Usage data such as pages visited and actions taken in the dashboard

Estimate approval audit:

When a customer approves or declines an estimate sent through AxeFee, we record the IP address, browser user-agent string, the recipient email the estimate link was sent to, and the timestamp of the approve/decline action. This audit trail verifies that the approval was authorized and is shared with the Client (the business that sent the estimate) — the contractor sees a /24-masked IP (e.g. 73.45.128.x) and a truncated browser string in their dashboard. AxeFee retains the full unmasked IP server-side for dispute mediation. The audit data is retained for the life of the transaction record. This pattern matches the e-signature standard under the U.S. ESIGN Act and UETA.

3. How We Use Your Information

• To provide the Service: creating checkout forms, matching Zelle payments to orders, sending confirmation emails and SMS notifications
• To communicate with you: transaction alerts, deadline reminders, account notifications, and support responses
• To run the Partner Sponsorship marketplace: displaying Partners' clickable offers on Clients' sponsored surfaces, delivering an end-customer's voluntarily submitted opt-in lead information to the chosen Partner, counting valid leads for billing and reporting, and invoicing Partners
• To improve the Service: analyzing usage patterns and diagnosing technical issues
• To comply with legal obligations and enforce our Terms of Service

We do not sell your personal information or your customers' data to third parties.

4. How We Share Information

We share data only with service providers necessary to operate AxeFee:

• Google Firebase / Firestore: database and authentication infrastructure
• Google Firebase Storage: hosting of images uploaded by clients (logos, digital-card photos and cover images)
• Google Cloud Run: backend server hosting
• Gmail (Google Workspace): transactional email delivery
• Twilio: SMS notification delivery (when enabled by the client)
• Stripe: card payment processing (when a client has enabled card payments). When a customer pays by card, their card data is submitted directly to Stripe and never passes through AxeFee servers. Stripe is PCI-DSS Level 1 certified. Each client uses their own Stripe account — AxeFee does not have access to card payment funds. See Stripe's Privacy Policy for details on how Stripe handles payment data.
• Google Analytics 4: aggregate, privacy-friendly product analytics. We send anonymous event data (e.g. "checkout completed", "form created") with non-identifying parameters such as transaction IDs, plan tier, and dollar amount. We never send names, emails, phone numbers, or addresses to Google Analytics. IP addresses are anonymized by Google before storage. See Google's Privacy Policy.

Each provider is bound by their own privacy policies and data processing agreements. We do not sell data to advertisers and we do not use ad-targeting cookies.

Separately, through the optional Partner Sponsorship marketplace, an end-customer's information is shared with a sponsoring Partner only when that customer voluntarily submits the Partner's opt-in lead form. No order, checkout, or account data is ever shared with a Partner automatically. See Section 7 for details.

5. Data Retention

• Transaction records are retained for 7 years to support tax and accounting requirements
• Payment notification data is retained for 90 days for audit purposes, then purged
• Account data is retained while your account is active and for 30 days after deletion, then purged
• You may request earlier deletion by contacting us (subject to legal retention obligations)

6. Your End-Customers' Data

When your customers submit a checkout form, you (the business client) are the data controller for their personal information. AxeFee processes that data on your behalf as a data processor. You are responsible for obtaining any consents required to collect and share your customers' information with AxeFee.

7. Partner Sponsorship Data

The Partner Sponsorship marketplace is a lead-generation feature. A Partner pays for a clickable offer that appears on a Client's checkout page and receipt / status pages. The offer is informational, and viewing or clicking it does not share any of an end-customer's identifying details with the Partner.

Opt-in only, no automatic sharing. AxeFee never shares an end-customer's order, checkout, or account information with Partners. A customer's information is shared with a Partner only when that customer voluntarily clicks the offer and submits the Partner's short opt-in lead form, which is hosted by AxeFee and requires the customer's explicit consent. When the customer submits that form, the details they entered (for example, name, email, and phone number) are sent to that Partner and to AxeFee. The customer receives a confirmation email recording exactly what information they shared and with which Partner.

Partners who sign up for the marketplace are independent data controllers for their own business information (business name, contact details, offer content). AxeFee builds the opt-in lead form and acts as a data processor for the lead information a customer submits, passing it to the Partner the customer chose. Partner offer content (such as business name, short promo text, and links) submitted to AxeFee is displayed publicly on a Client's checkout and receipt / status pages. Partners should not include personal data in their offer content.

Partners use the leads they receive to contact the end-customers who opted in, in compliance with applicable law and their own privacy practices. AxeFee shares only valid-lead counts (not unrelated end-customer data) with the relevant Client and Partner for billing and reporting. AxeFee does not share Partner contact information with end-customers.

8. Cookies and Local Storage

AxeFee uses browser local storage (not cookies) to maintain your login session via Firebase Authentication. If you clear your browser's local storage, you will be signed out.

We also use Google Analytics 4 to understand how AxeFee is used in aggregate. Google Analytics sets first-party cookies (e.g. _ga, _ga_*) used to distinguish anonymous visitors and sessions. These are analytics cookies, not advertising cookies — we do not use Google Ads, AdSense, retargeting, or other ad-targeting features, and we do not share Analytics data with advertisers. You can opt out of Google Analytics across all sites by installing the Google Analytics Opt-out Browser Add-on.

9. Security

We implement industry-standard security measures including:

• All data transmitted over HTTPS/TLS
• Firebase Authentication with secure token handling
• Firestore security rules enforcing role-based access control
• No plaintext storage of passwords or sensitive credentials
• Card numbers, CVV codes, and billing addresses are never transmitted to or stored on AxeFee servers — all card data is handled directly by Stripe
• Stripe API keys provided by clients are stored encrypted in Google Secret Manager and are never exposed in client-side code, logs, or API responses

No system is perfectly secure. If you discover a security vulnerability, please report it to support@axefee.com.

10. Children's Privacy

AxeFee is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

11. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict certain processing
• Data portability (receive your data in a machine-readable format)

To exercise these rights, contact us at support@axefee.com. We will respond within 30 days.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a dashboard notice. The "Last updated" date at the top reflects the most recent revision. Continued use of AxeFee after changes constitutes acceptance.

13. Contact Us