Paxeer. All documents
PRIVACY

Privacy Policy

Controller
PaxLabs Inc., a Delaware corporation ("PaxLabs," "we," "us," or "our")
Applies to
the Paxeer Network access tooling, the Deus marketplace and application, the Matrix agentic infrastructure, and all related websites, APIs, SDKs, and services (collectively, the "Services").
Version
1.0
Effective Date
June 10, 2026

1Overview

1.1 This Privacy Policy (the "Policy") explains how PaxLabs Inc. collects, uses, shares, retains, and protects personal data in connection with the Services. It should be read together with the Terms of Service and the On-Chain Data Privacy Notice, which addresses the specific and irreversible nature of data committed to the Paxeer Network.

1.2 This Policy is designed to comply with, and your rights under this Policy are informed by, the following frameworks to the extent they apply to you and to PaxLabs' processing activities:

  • (i)The EU and UK General Data Protection Regulation ("GDPR");
  • (ii)The California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA");
  • (iii)Other U.S. state privacy laws (including the Colorado Privacy Act, Connecticut Data Privacy Act, Virginia Consumer Data Protection Act, and similar legislation as enacted);
  • (iv)The EU Markets in Crypto-Assets Regulation ("MiCA"), to the extent it imposes data-handling requirements; and
  • (v)Any other applicable data protection or privacy law.

1.3 Where this Policy uses the term "personal data," it includes "personal information" as defined under the CCPA/CPRA and equivalent terms under other applicable laws.

2The Critical Onchain Distinction

Read this section first. The Services operate partly on a public, decentralized blockchain. This creates a fundamental distinction that affects your privacy rights:

2.1 Off-chain data — account information, support communications, Credit Ledger billing records, server logs, identity-verification records, and similar data held on PaxLabs-controlled systems — can be accessed, corrected, exported, and in many cases deleted, as described in this Policy.

2.2 Onchain data — transactions, wallet addresses, signed intents, smart-contract interactions, and any other state committed to the Paxeer Network — is public, permanent, and irreversible by design. Onchain data cannot be edited, redacted, or deleted by PaxLabs, the Paxeer Network Foundation, or any other party. Rights of erasure and rectification cannot, by the nature of the technology, be applied to onchain records.

2.3 Before committing any information to the Paxeer Network, you should assume that it will be permanently and publicly visible. Do not submit information to the Network that you are unwilling to make permanently public. The On-Chain Data Privacy Notice describes this distinction in further detail.

2.4 Where this Policy describes rights to access, correct, delete, or restrict data, those rights apply only to off-chain data unless expressly stated otherwise.

3Data We Collect

We collect personal data from the following sources and in the following categories:

3.1 Data You Provide to Us

  • (i)Account and contact data — email address, username, display name, and any other information you provide when creating or updating an account.
  • (ii)Identity-verification data — government-issued identification, proof of address, date of birth, nationality, tax identification numbers, and related documentation, collected where required under the AML/KYC Policy.
  • (iii)Content and configuration data — prompts, code, API configurations, Agent parameters, listings, descriptions, and other content you submit to Matrix or publish on Deus.
  • (iv)Communications data — support requests, correspondence, feedback, and any other communications you send to us.
  • (v)Payment and financial data — wallet addresses associated with payments, Credit Ledger transaction history, and billing-related information.

3.2 Data Collected Automatically

  • (i)Authentication data — wallet addresses, decentralized identifiers ("DIDs"), signed session tokens (including JWT and EIP-712 signatures), and authentication events.
  • (ii)Usage and metering data — records of interactions with the Services, including API calls, LLM inference requests routed through Matrix, Agent execution logs, Credit Ledger entries, Free Tier consumption, feature usage, and session data.
  • (iii)Device and network data — IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences, referring URLs, and access timestamps.
  • (iv)Log and diagnostic data — server logs, error traces, crash reports, performance metrics, and debugging data.
  • (v)Cookie and tracking data — data collected through cookies, pixels, and similar technologies as described in Section 12 (Cookies and Similar Technologies).

3.3 Data from the Public Ledger

Onchain Activity associated with wallet addresses you connect to the Services, including transaction history, token balances, smart-contract interactions, and signed intents. This data is inherently public and is not collected by PaxLabs in the traditional sense; rather, it is read from the publicly available ledger.

3.4 Data from Third-Party Sources

  • (i)Identity-verification providers — results and risk scores from third-party KYC/AML screening services.
  • (ii)Blockchain analytics providers — wallet-risk scoring, sanctions screening, and transaction-pattern analysis.
  • (iii)Public sources — publicly available information relevant to compliance, fraud prevention, or security.

3.5 Children's Data

We do not knowingly collect personal data from anyone under the age of eighteen (18), or under the age of legal majority in the applicable jurisdiction, whichever is greater. If we become aware that we have collected personal data from a minor, we will take prompt steps to delete such data from our systems. If you believe a minor has provided personal data to us, please contact us immediately using the details in Section 16.

4How We Use Data

We process personal data for the following purposes:

  • (i)Service delivery — to provide, operate, maintain, and improve the Services, including account management, marketplace functionality, Agent execution, API hosting, and Credit Ledger administration.
  • (ii)Authentication and security — to authenticate access, verify identity, detect and prevent fraud, enforce rate limits, and protect against security incidents, unauthorized access, and abuse.
  • (iii)Metering and billing — to meter usage through the Credit Ledger, administer the Free Tier, process payments, and manage billing.
  • (iv)AI and inference routing — to route inference requests to model providers, operate Agent execution pipelines, and deliver Matrix functionality.
  • (v)Compliance — to comply with legal, regulatory, AML/KYC, sanctions, tax reporting, and law-enforcement obligations.
  • (vi)Communications — to communicate with you about the Services, respond to support requests, and send service-related notices (not marketing, unless you opt in).
  • (vii)Enforcement — to enforce our Terms of Service, Acceptable Use Policy, and other incorporated policies, and to protect the rights, safety, and property of PaxLabs, Users, and third parties.
  • (viii)Analytics and improvement — to analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and user experience of the Services.
  • (ix)Legal proceedings — to establish, exercise, or defend legal claims.

5Legal Bases for Processing (GDPR)

5.1 Where the GDPR applies to our processing of your personal data, we rely on the following legal bases:

  • (i)Performance of a contract (Article 6(1)(b)) — processing necessary to provide the Services and perform our obligations under the Terms of Service.
  • (ii)Legitimate interests (Article 6(1)(f)) — processing necessary for security, fraud prevention, service improvement, analytics, and enforcement, where those interests are not overridden by your rights. Our legitimate-interest assessments are available upon request.
  • (iii)Legal obligation (Article 6(1)(c)) — processing required to comply with AML/KYC, sanctions, tax, law-enforcement, and other legal obligations.
  • (iv)Consent (Article 6(1)(a)) — where required, such as for certain cookies, optional marketing communications, and specific data uses for which we request your affirmative consent.

5.2 Where we rely on consent, you may withdraw it at any time by contacting us at the details in Section 16 or through the mechanism provided at the time of collection. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

6AI, Model Providers, and Inference Routing

6.1 Matrix routes inference requests to third-party model providers to power Agents, the natural-language-to-on-chain intent layer, and related AI functionality. When a request is routed, the prompt and associated context necessary to fulfill the request may be transmitted to the applicable provider.

6.2 We take reasonable steps to minimize the personal data included in inference requests, including by stripping or anonymizing identifiers where technically feasible without degrading functionality.

6.3 Third-party model providers receive data under contractual terms that: (a) restrict the provider's use of the data to providing the inference service; (b) prohibit the provider from using prompts or outputs to train its own models, except where the provider's terms of service expressly state otherwise and we have disclosed this to you; and (c) require the provider to implement appropriate security measures. Provider arrangements are subject to applicable data-processing agreements.

6.4 A current list of categories of model providers used by Matrix is available at [URL to be inserted] and is updated as providers change. We will provide reasonable notice before introducing a materially new category of provider.

7How We Share Data

We share personal data only in the following circumstances:

7.1 Service providers and processors — hosting providers, cloud infrastructure, model-inference providers, analytics services, payment and settlement processors (including ChainFlow Inc.), and identity-verification vendors, each under contractual terms limiting use to providing the applicable service.

7.2 Ecosystem entities — the entities listed in Section 3.1 of the Terms of Service (including ChainFlow Inc. for payments and settlement, OpenNet Security LLC for security and incident response, and Sidiora Markets LTD for trading-related products), strictly as necessary to provide the relevant Service and under appropriate data-sharing arrangements.

7.3 The public ledger — Onchain Activity is inherently public. When you commit a transaction to the Paxeer Network, the associated data (wallet address, transaction details, signed intents) becomes permanently and publicly visible. PaxLabs does not control access to this data once committed.

7.4 Legal and regulatory disclosures — to law enforcement, regulators, courts, or other governmental authorities where required by applicable law, legal process, or lawful governmental request, or where necessary to protect the rights, safety, or property of PaxLabs, Users, or the public.

7.5 Business transfers — to a prospective or actual acquirer, successor, or assignee in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of PaxLabs' assets, subject to this Policy. We will provide notice before personal data is transferred and becomes subject to a different privacy policy.

7.6 With your consent or at your direction — where you have provided specific consent or have directed us to share data with a third party (for example, by connecting a third-party service to your account).

7.7 Aggregated and de-identified data — we may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, without restriction.

8"Sale" and "Sharing" Under CCPA/CPRA

8.1 PaxLabs does not sell personal information for monetary consideration.

8.2 Certain analytics, advertising, or cross-context behavioral tracking activities may constitute a "sale" or "sharing" of personal information as those terms are defined under the CCPA/CPRA. Where applicable, you have the right to opt out of such sale or sharing.

8.3 To exercise your opt-out right, use the "Do Not Sell or Share My Personal Information" mechanism available at [URL to be inserted], or contact us using the details in Section 16.

8.4 We do not knowingly sell or share the personal information of individuals under the age of sixteen (16).

9International Transfers

9.1 PaxLabs is based in the United States. Your personal data may be transferred to, stored in, and processed in the United States and other countries where our service providers and ecosystem entities operate.

9.2 Where personal data is transferred from the European Economic Area ("EEA"), the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

  • (i)European Commission-approved Standard Contractual Clauses ("SCCs") and the UK International Data Transfer Addendum, as applicable;
  • (ii)Where available, adequacy decisions or approved certification mechanisms; and
  • (iii)Supplementary technical and organizational measures where required by applicable guidance.

9.3 You may request a copy of the applicable transfer safeguards by contacting us at the details in Section 16.

10Data Retention

10.1 We retain off-chain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, subject to the following minimum retention periods:

  • (i)Account and contact data — retained for the duration of your account and for twelve (12) months following account closure, unless longer retention is required by law.
  • (ii)Identity-verification and AML/KYC data — retained for a minimum of five (5) years following the end of the business relationship, or longer as required by applicable AML, tax, or regulatory law.
  • (iii)Credit Ledger and billing records — retained for a minimum of five (5) years for tax, accounting, and audit purposes.
  • (iv)Usage logs and diagnostic data — retained for up to twenty-four (24) months, unless longer retention is necessary for an active investigation, legal proceeding, or compliance obligation.
  • (v)Communications and support data — retained for up to thirty-six (36) months following resolution of the relevant inquiry or matter.

10.2 After the applicable retention period, off-chain data is deleted or anonymized in accordance with our data-management procedures, except where continued retention is required by law or an ongoing legal obligation.

10.3 Onchain data is permanent. Data committed to the Paxeer Network cannot be deleted, modified, or anonymized by PaxLabs or any other party (Section 2).

11Your Privacy Rights

11.1 Subject to applicable law and the onchain limitation described in Section 2, you may exercise the following rights with respect to off-chain personal data:

  • (i)Access — request confirmation of whether we process your personal data and obtain a copy of it.
  • (ii)Correction — request correction of inaccurate or incomplete personal data.
  • (iii)Deletion — request deletion of your personal data, subject to legal retention obligations.
  • (iv)Restriction — request that we restrict processing of your personal data in certain circumstances.
  • (v)Portability — request a copy of your personal data in a structured, commonly used, machine-readable format, and request transmission to another controller where technically feasible.
  • (vi)Objection — object to processing based on legitimate interests, including profiling.
  • (vii)Withdrawal of consent — where processing is based on consent, withdraw consent at any time.
  • (viii)Automated decision-making — where applicable, the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

11.2 Additional Rights for California Residents

Under the CCPA/CPRA, California residents may:

  • (i)Request disclosure of the categories and specific pieces of personal information collected, the purposes of collection, the categories of sources, and the categories of third parties with whom data is shared.
  • (ii)Request deletion of personal information, subject to legal exceptions.
  • (iii)Request correction of inaccurate personal information.
  • (iv)Opt out of the "sale" or "sharing" of personal information (Section 8).
  • (v)Limit the use and disclosure of sensitive personal information to purposes permitted under the CCPA/CPRA.

We will not discriminate against you for exercising any of these rights, including by denying Services, charging different prices, or providing a different level of service.

11.3 Additional Rights Under Other U.S. State Laws

Residents of states with applicable privacy legislation (including Colorado, Connecticut, Virginia, and others as enacted) may have similar rights to access, correct, delete, and opt out of certain processing. We will honor these rights in accordance with applicable law.

11.4 How to Exercise Your Rights

To exercise any privacy right, contact us at the details in Section 16. We will verify your identity before processing your request, which may require you to provide additional information or to authenticate through the same mechanism used to access the Services (wallet signature, account login, etc.). We will respond within the timeframes required by applicable law (generally thirty (30) days under GDPR and forty-five (45) days under CCPA/CPRA, with extensions where permitted).

11.5 Right to Lodge a Complaint

If you believe your privacy rights have been violated, you may lodge a complaint with the applicable supervisory authority. For individuals in the EEA, a list of supervisory authorities is available at [https://edpb.europa.eu]. For individuals in the UK, the relevant authority is the Information Commissioner's Office (ICO).

12Cookies and Similar Technologies

12.1 We use cookies, pixels, local storage, and similar technologies to authenticate sessions, remember preferences, analyze usage, and support the functionality and security of the Services.

12.2 Categories of cookies used:

  • (i)Strictly necessary cookies — required for the operation of the Services, including authentication, security, and session management. These cannot be disabled.
  • (ii)Functional cookies — used to remember preferences and settings to enhance your experience.
  • (iii)Analytics cookies — used to understand how Users interact with the Services, including page views, feature usage, and performance metrics.
  • (iv)Advertising/tracking cookies — if used, these support cross-context behavioral analysis or targeted communications. Where these are present, they are subject to your consent where required by law.

12.3 You can manage your cookie preferences through the cookie-consent mechanism presented when you first access the Services and at any time through the cookie settings available at [URL to be inserted]. You may also manage cookies through your browser settings, though disabling certain cookies may impair functionality.

12.4 For detailed information about the specific cookies we use, their purposes, and their durations, see our Cookie Notice at [URL to be inserted].

13Security

13.1 PaxLabs, supported by OpenNet Security LLC, implements technical and organizational security measures appropriate to the nature and sensitivity of the personal data processed, including:

  • (i)Encryption of data in transit (TLS) and at rest;
  • (ii)Authentication controls, including multi-factor authentication where available;
  • (iii)Container hardening and isolation for hosted workloads;
  • (iv)Signed-provenance checks and audit logging;
  • (v)Access controls limiting personnel access to personal data on a need-to-know basis;
  • (vi)Regular security assessments, penetration testing, and vulnerability management; and
  • (vii)Incident-detection and response procedures.

13.2 No system is perfectly secure. Despite our measures, we cannot guarantee that unauthorized access, data breaches, or security incidents will not occur. You are responsible for safeguarding your own private keys, credentials, seed phrases, and signing material, and for the security of devices you use to access the Services.

13.3 If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.

14Do Not Track

Some browsers transmit "Do Not Track" ("DNT") signals. There is no uniform standard for responding to DNT signals. We do not currently respond to DNT signals, but we do honor opt-out preferences expressed through the mechanisms described in Sections 8 and 12.

15Changes to This Policy

15.1 We may update this Policy from time to time. When we make material changes, we will: (a) update the "Version" and "Effective Date" at the top of this Policy; (b) provide notice through the Services, by email, or by other reasonable means at least fifteen (15) days before the changes take effect; and (c) clearly identify the nature of the material changes.

15.2 Your continued use of the Services after the updated effective date constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you must discontinue use of the Services before the updated effective date.

15.3 Non-material changes (such as clarifications, formatting corrections, or the addition of new data categories that do not materially alter your rights) may take effect immediately upon posting.

16Contact and Data Protection

PaxLabs Inc.

[Mailing address to be inserted]

Data Protection Contact: [Email address to be inserted]

EU/UK Representative (GDPR Article 27): [Name, address, and contact to be inserted — required if PaxLabs has no establishment in the EU/UK but processes EU/UK personal data]

Data Protection Officer: [Name and contact to be inserted, if appointed — counsel to confirm whether appointment is required under Article 37 GDPR based on processing activities]

For privacy rights requests, use: [dedicated email or web form URL to be inserted]

For security incidents, contact: [security contact to be inserted]

Version 1.0 — Effective Date: June 10, 2026

↑ Top