Privacy Policy

Privacy

Effective date: March 11, 2026. This policy applies to GDS Wrench services operated by AxioMatiks.

This Privacy Policy explains how AxioMatiks processes personal data for GDS Wrench services and related support workflows.

In enterprise use, your organization is typically the data controller for traveler/passenger records, and AxioMatiks acts as a service provider or processor.
This policy applies to gdswrench-web marketing pages, account pages, support channels, and billing-related flows.
If a signed enterprise agreement exists, that agreement governs where it conflicts with this public policy.

We process only the data required to deliver, secure, and support the service.

Account data: name, email address, authentication/session metadata, and organization association.
Billing data: subscription status, transaction references, and billing metadata from Lemon Squeezy; payment card details are processed by Lemon Squeezy and not stored by AxioMatiks.
Operational data: API logs, security events, rate-limit events, and diagnostics required for reliability and abuse prevention.
Document workflow data: passport-derived fields and extraction outputs provided through product features and retained according to configured retention policy.

We use personal data for specific, limited service purposes.

To provide account access, subscription features, support, and product functionality.
To operate billing lifecycle workflows, including activation, renewal, cancellation, refund handling, and dispute resolution.
To secure the service, investigate incidents, detect abuse, and maintain audit trails.
To comply with legal obligations and enforce contractual rights.

Processing is based on contract, legitimate interests, and legal obligations, as applicable.

Contract performance: delivering the purchased or provisioned services.
Legitimate interests: service security, diagnostics, fraud prevention, and product reliability.
Legal obligations: accounting, compliance, and lawful disclosure requirements.
Consent: where required by applicable law (for example, optional communications).

We share data only with service providers needed to run the platform.

Billing provider: Lemon Squeezy (checkout, payment processing, billing event delivery).
Infrastructure and runtime providers used for hosting, API/runtime delivery, data persistence, and traffic protection.
Email delivery providers used for account and operational notifications.
Regulators, courts, or law enforcement when required by law or to protect legal rights.

Data is retained only as long as needed for service delivery, compliance, and security.

Retention windows may differ by data type (audit, logs, files, extracted fields) and enterprise configuration.
When retention periods expire, data is deleted or anonymized according to platform controls and operational constraints.
Legal hold, dispute, or security investigation requirements may require temporary retention extension.

We apply technical and organizational controls designed for confidentiality, integrity, and availability.

Access control, least-privilege administration, environment secret management, and session protection.
Webhook signature verification, idempotency safeguards, and audit/event logging for sensitive flows.
Monitoring, incident handling, and rollback procedures documented in operational runbooks.
No security control is absolute; customers should also maintain endpoint and account security controls.

Data may be processed in jurisdictions where AxioMatiks or its providers operate.

Where required, transfers are governed by contractual and technical safeguards.
Enterprise customers with specific residency or transfer requirements should document those in their commercial agreement.

Depending on applicable law, individuals may request access, correction, deletion, restriction, objection, or portability.

Requests should be submitted through your organization administrator or AxioMatiks support channel.
We may require verification before actioning requests and may decline requests where legal exceptions apply.

We may update this policy when product, legal, or provider requirements change.

Material updates will be reflected with a revised effective date on this page.
For privacy inquiries, contact AxioMatiks through the official contact channel at axiomatiks.com.