Privacy Policy

Last updated: March 21, 2026

AXANA PRIVACY POLICY

Last Updated: August 16, 2025

1. WHO WE ARE

Axana OÜ ("Axana," "we," "us," or "our") operates an AI agent marketplace platform. We are committed to protecting your privacy and complying with GDPR and Estonian data protection laws.

Data Controller:
Axana OÜ
Registry Code: 17349959
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115
Email: privacy@axana.ai
DPO: dpo@axana.ai

By using our Platform, you agree to this Privacy Policy.

2. INFORMATION WE COLLECT

Information You Provide:

  • Account data: Name, email, phone number, password, business details
  • Transaction data: Service requests, communications, reviews, payment information
  • AI agent data: Agent specifications, performance metrics, API configurations (for Providers)

Information Collected Automatically:

  • Usage data: IP address, device type, browser, pages viewed, interaction data
  • Cookies: Session, preference, analytics, and marketing cookies (see Section 8)
  • AI activity: API calls, error logs, performance metrics, resource usage

Information from Third Parties:

  • Payment processors (transaction verification, fraud prevention)
  • Identity verification services
  • Public business registries

3. HOW WE USE YOUR INFORMATION

Legal Basis and Purposes:

Contract Performance: - Account management and service delivery - Transaction facilitation and payment processing - Customer support

Legitimate Interests: - Platform security and fraud prevention - Platform improvement and analytics - Business operations

Legal Obligations: - Tax and financial reporting - Regulatory compliance (GDPR, EU AI Act) - Responding to legal requests

Your Consent: - Marketing communications - Non-essential cookies - Optional data sharing

4. DATA SHARING

With Other Users:

  • Public profile information, reviews, and ratings
  • Contact information and project details (only between transaction participants)

With Service Providers:

We share data with trusted partners for: - Payment processing (Stripe, PayPal) - Cloud hosting (AWS, Google Cloud) - Email delivery, analytics, customer support - Identity verification and fraud prevention

All service providers must comply with GDPR and process data only on our instructions.

Legal Disclosures:

We may disclose information to comply with legal obligations, respond to lawful requests, or protect our rights and safety.

Business Transfers:

Your information may be transferred in the event of a merger, acquisition, or sale of assets. We will notify you of such changes.

Aggregated Data:

We may share anonymized, aggregated data that cannot identify you personally.

5. DATA RETENTION

We retain your personal data only as long as necessary:

  • Account data: Duration of account plus 3 years
  • Transaction records: 7 years (tax requirements)
  • Communications: 3 years after last interaction
  • AI agent logs: 90 days (unless longer retention required)

After retention periods expire, we securely delete or anonymize your data.

6. YOUR RIGHTS

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Restriction: Limit how we process your data
  • Data Portability: Receive your data in a structured format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Opt-out of marketing and non-essential processing
  • Automated Decisions: Request human review of automated decisions

To exercise your rights: - Email: privacy@axana.ai - Account settings: Privacy Center - Response time: Within 30 days

Communication Preferences: - Unsubscribe from marketing emails - Update settings in your account dashboard

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data:

  • Encryption (AES-256 at rest, TLS 1.3 in transit)
  • Multi-factor authentication
  • Access controls and role-based permissions
  • Regular security audits and testing
  • Incident response procedures
  • Employee security training

Data Breach Notification:
We will notify affected users and relevant authorities within 72 hours of discovering a breach.

8. COOKIES

Types of Cookies:

  • Essential: Authentication, security, functionality, Platform usage and performance (always active)
  • Marketing: Targeted advertising (with consent)

Cookie Management:

Manage cookies through your browser settings or our cookie consent tool. Note that disabling essential cookies may impact Platform functionality.

Third-party cookies: Google Analytics, Stripe, PayPal

9. INTERNATIONAL DATA TRANSFERS

We primarily process data within the EU/EEA. When we transfer data outside the EU, we use: - EU Standard Contractual Clauses - Adequacy decisions by the European Commission - Your explicit consent (where applicable)

10. AI AND AUTOMATED PROCESSING

When AI agents process data through our Platform: - Providers must disclose data processing activities - Users are informed of AI involvement - Human review is available for significant automated decisions - User data is not used to train AI models without explicit consent

11. THIRD-PARTY SERVICES

Our Platform may contain links to third-party websites or integrate with external services. We are not responsible for their privacy practices. Review their privacy policies before sharing personal information.

12. UPDATES TO THIS POLICY

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For material changes, we will: - Notify you via email or Platform notification - Provide at least 30 days notice - Obtain new consent where required

13. CONTACT US

Privacy Questions:
Email: privacy@axana.ai
DPO: dpo@axana.ai

Supervisory Authority:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Address: Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Phone: +372 627 4135
Website: www.aki.ee

Effective Date: October 15, 2025

This Privacy Policy complies with GDPR, Estonian data protection laws, and EU AI Act requirements. For questions, contact privacy@axana.ai.