STAXIS
Start

Legal · Privacy

Privacy Policy

STAXIS respects your privacy. This policy explains what we collect, why, how we use it, how we protect it, and your rights.

Disclosure disciplineLast updated: [Date]
Draft

Template / structural draft pending external counsel review and finalisation before launch. The substantive legal language is counsel’s domain; this page exists to keep STAXIS disclosure discipline visible.

§ 01

What we collect

  • Account information: name, email, jurisdiction, KYC documentation.
  • Trading data: positions, transactions, audit logs.
  • Wallet / exchange identifiers: addresses, account IDs (never private keys).
  • Usage data: how you use the dashboard and app.
  • Technical data: IP, browser, device.

§ 02

Why we collect it

  • Service delivery — running your subscriptions and executing your trades.
  • Audit-log compliance.
  • KYC / AML / OFAC sanctions screening.
  • Tax reporting (for example, 1099-DA for US qualified clients).
  • Geoblock and jurisdictional-gate enforcement.
  • Service improvement.
  • Where required by law.

§ 03

What we don’t collect

  • Your wallet private keys — we do not have them.
  • Your exchange password — we hold only the trade-only API key.
  • Your other financial accounts — we do not aggregate.
  • Your communications outside STAXIS.
  • Anything we do not need for the service.

§ 04

Who we share it with

We do not sell your data. Period. We share it only as follows:

  • Service providers — Privy (wallet delegated signing), AWS (hosting), HashiCorp Vault (secret management), Stripe (payments) — limited to what each needs.
  • Auditors and counsel, under engagement confidentiality.
  • Tax authorities and regulators when required by law, with notice to you where lawful to provide it.

§ 05

How we protect it

  • TLS 1.3 in transit.
  • Encryption at rest.
  • HashiCorp Vault Transit for secret management.
  • Multi-factor authentication on customer accounts.
  • Hardware-key SSO for internal access.
  • Access audit logging.
  • SOC 2 Type I attestation in Year 1; Type II in Year 2.

More detail lives in the Security posture and the SOC 2 roadmap.

§ 06

Your rights

  • Access — request a copy of your data.
  • Correction — fix errors.
  • Deletion — request deletion, subject to regulatory retention (AML records, for example, must be retained).
  • Portability — export your audit log.
  • Withdraw consent for non-required uses.
  • Lodge a complaint with your regulator.

To exercise any of these rights: privacy@staxis.ai. Counsel-finalised language under GDPR, LGPD, CCPA, and the Argentine Personal Data Protection Law will appear here before launch.

§ 07

Retention

  • Account data — duration of the account plus 7 years (AML retention).
  • Audit log — 3 years for retail; 7 years for qualified clients and Enterprise.
  • Marketing data — until you unsubscribe, plus 30 days.
  • Cookie data — per the Cookie Policy.

§ 08

International transfers

Where data crosses borders, we apply appropriate safeguards — including Standard Contractual Clauses for EU transfers. Counsel-finalised language will appear here before launch.

§ 09

Children

STAXIS is not for users under 18. We do not knowingly collect data from minors.

§ 10

Changes to this policy

We will post material changes with an effective date and, where appropriate, notify you directly.

§ 11

Contact

Privacy questions: privacy@staxis.ai.

EU residents: a Data Protection Officer contact will be published once STAXIS is CASP-authorised in Phase 2.

Related documents

Cookie PolicyTerms of ServiceSecurityData Processing