Paxeer. All documents
TRAINING

User-Facing Compliance Training Centre

Published by
PaxLabs Inc., a Delaware corporation ("PaxLabs," "we," "us," or the "Operator")
Applies to
all Users of the Services, including Developers, Operators of Agents, Providers, Consumers, and general Users.
Version
1.0
Effective Date
June 10, 2026

1About This Training Centre

1.1 This User-Facing Compliance Training Centre (the "Training Centre") is a plain-language educational resource designed to help you understand your compliance responsibilities when using the Paxeer ecosystem. It is not a substitute for the operative policies — the Terms of Service, Privacy Policy, Acceptable Use Policy, and other incorporated policies contain the binding obligations — but it translates those obligations into practical guidance organized by User role and activity type.

1.2 This Training Centre is not legal advice. It provides general guidance based on PaxLabs' policies and the regulatory frameworks they address. Your specific obligations depend on your jurisdiction, role, activities, and circumstances. You should consult qualified legal counsel for advice specific to your situation.

1.3 How to use this resource. Start with Module 1 (applicable to all Users), then review the modules that correspond to your role or activity. Each module includes: what you need to know, what you need to do, common mistakes to avoid, and where to find the detailed operative policy.

2Module 1 — For All Users: Platform Fundamentals

2.1 What You're Agreeing To

When you access or use the Services — including by creating an account, connecting a wallet, deploying an Agent, calling an API, or transacting on Deus — you agree to the Terms of Service and all incorporated policies. These include:

  • (i)Terms of Service — the foundational agreement;
  • (ii)Privacy Policy — how your data is handled;
  • (iii)Acceptable Use Policy — what you can and cannot do;
  • (iv)On-Chain Data Privacy Notice — the permanent nature of blockchain data;
  • (v)And additional policies depending on your activity (Marketplace Terms, API Terms, Agent Policy, M2M Agreement, AML/KYC Policy).

What you need to do: Read and understand the policies that apply to your use. Ignorance of a policy does not excuse a violation.

2.2 Account Security Is Your Responsibility

You are responsible for safeguarding your private keys, seed phrases, passwords, API keys, and all signing material. PaxLabs will never ask for your private keys or seed phrase. Any communication purporting to do so is fraudulent.

What you need to do:

  • (i)Use strong, unique credentials and enable multi-factor authentication where available;
  • (ii)Store private keys and seed phrases in secure, offline environments (hardware wallets, secure vaults);
  • (iii)Never share credentials, embed API keys in client-side code, or store secrets in public repositories;
  • (iv)Rotate credentials immediately if you suspect any compromise; and
  • (v)Report suspected unauthorized access to PaxLabs immediately.

Common mistake: Storing a seed phrase in a cloud note, screenshot, or email. If compromised, PaxLabs cannot recover your assets or reverse unauthorized transactions.

2.3 Onchain Activity Is Permanent

Every transaction you commit to the Paxeer Network is public, permanent, and irreversible. It cannot be edited, deleted, or undone by PaxLabs or anyone else.

What you need to do:

  • (i)Verify all transaction details — recipient address, amount, parameters — before authorizing;
  • (ii)Do not include personal data, confidential business information, or sensitive content in onchain payloads;
  • (iii)Understand that your wallet address activity can be traced and potentially linked to your identity; and
  • (iv)Treat every onchain action as if it will be permanently visible to the public.

Common mistake: Sending funds to the wrong address and expecting PaxLabs to reverse the transaction. Once confirmed, the transaction is final.

Operative policy: On-Chain Data Privacy Notice.

2.4 Sanctions and Prohibited Jurisdictions

You may not use the Services if you are located in, resident in, or organized under the laws of a comprehensively sanctioned jurisdiction (including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions). You may not transact with sanctioned persons or entities.

What you need to do:

  • (i)Confirm you are not located in or connected to a prohibited jurisdiction;
  • (ii)Do not use VPNs, proxies, or other tools to circumvent geographic restrictions; and
  • (iii)Do not transact with persons or wallets you know or suspect to be sanctioned.

Common mistake: Assuming that using a VPN to access the Services from a sanctioned jurisdiction is permissible. It is a violation that may result in immediate termination and regulatory referral.

Operative policy: AML/KYC Policy; Terms of Service (Section 4.2).

2.5 Identity Verification

Certain features require identity verification (KYC). Where required, you must provide accurate information and complete the verification process.

What you need to do:

  • (i)Provide truthful, accurate, and current identifying information;
  • (ii)Complete verification promptly when requested;
  • (iii)Update your information if it changes; and
  • (iv)Understand that failure to complete required verification may restrict your access to certain features.

Operative policy: AML/KYC Policy.

3Module 2 — For Developers: Building on the Platform

3.1 Your License and Its Limits

You have a limited, revocable, non-exclusive license to use the Platform APIs and SDKs to build applications and Agents. This license does not allow you to reverse engineer the APIs, use them for competitive analysis, or sublicense access to third parties.

What you need to do:

  • (i)Use the APIs and SDKs only as described in the documentation and API Terms;
  • (ii)Do not attempt to circumvent rate limits, metering, or authentication;
  • (iii)Respect the license scope — do not redistribute, sublicense, or use the APIs to build a competing service; and
  • (iv)Review the API Terms of Use before beginning development.

Operative policy: API Terms of Use / License Agreement.

3.2 You Own Your Code — But Grant PaxLabs a Hosting License

You retain ownership of your Developer APIs, applications, and content. By hosting through Matrix, you grant PaxLabs a license to host, route, execute, cache, and display your API and its outputs solely to provide the hosting service.

3.3 Your API, Your Responsibility

If you host a Developer API through Matrix, you are solely responsible for its lawfulness, security, data handling, and operation. PaxLabs hosts the infrastructure; you are accountable for what runs on it.

What you need to do:

  • (i)Ensure your API complies with the Acceptable Use Policy and applicable law;
  • (ii)Secure your API against common vulnerabilities (injection, authentication bypass, data leakage);
  • (iii)Handle personal data in compliance with applicable privacy laws — if you process EU personal data, you are likely a data controller with your own GDPR obligations;
  • (iv)Provide accurate Listing descriptions if you list your API on Deus;
  • (v)Maintain and support your API for consumers; and
  • (vi)Report security incidents affecting your API promptly to PaxLabs.

Common mistake: Assuming that hosting on PaxLabs' infrastructure transfers compliance responsibility to PaxLabs. It does not. You are the responsible party for your own API.

3.4 API Changes and Deprecation

PaxLabs may modify, deprecate, or discontinue Platform APIs. You will generally receive at least thirty (30) days' notice for material breaking changes and ninety (90) days of continued access to deprecated API versions. Design your applications to handle API unavailability gracefully.

Operative policy: API Terms of Use / License Agreement (Section 10).

3.5 Data Processing and Privacy

If your application processes personal data through the Platform APIs, you are the data controller (or business under CCPA/CPRA) and PaxLabs is the data processor.

What you need to do:

  • (i)Ensure you have a lawful basis to submit any data through the APIs;
  • (ii)Minimize personal data in API requests;
  • (iii)Provide appropriate privacy notices to your end users; and
  • (iv)Execute a data-processing agreement with PaxLabs where required.

Operative policy: API Terms (Section 7); Privacy Policy.

4Module 3 — For Agent Operators: Deploying AI Agents

4.1 You Are Responsible for Your Agents

This is the single most important rule for Agent Operators: you are fully responsible for everything your Agent does, as if you had done it yourself. This includes transactions, onchain activity, settlement obligations, data processing, and interactions with other Users and Agents.

You cannot disclaim responsibility by arguing the Agent acted autonomously, you weren't monitoring it, or a model produced an unexpected result.

Operative policy: AI Agent Responsible Use Policy (Section 1.3).

4.2 Define Your Agent's Authorization Scope

Before deploying an Agent, you must define what it is and is not allowed to do.

What you need to do:

  • (i)Specify the actions the Agent may take;
  • (ii)Set value limits — per-transaction and aggregate;
  • (iii)Define which counterparties the Agent may interact with;
  • (iv)Determine whether the Agent may incur binding obligations (e.g., co-sign DeusVouchers); and
  • (v)Apply the principle of least privilege — grant only the authority the Agent needs.

Common mistake: Granting an Agent broad, open-ended authority to save configuration time. Broadly scoped authorization means broadly scoped liability.

4.3 Implement Safety Controls

Agents that handle funds or take irreversible actions require mandatory safeguards.

What you need to do:

  • (i)Set spend limits and rate limits proportionate to risk;
  • (ii)Implement circuit breakers that halt the Agent when anomalous behavior is detected;
  • (iii)Monitor your Agent in real time for high-value or high-frequency operations;
  • (iv)Test your Agent in sandbox or testnet conditions before production deployment; and
  • (v)Ensure you can always halt the Agent through available controls.

Common mistake: Deploying an Agent with production funds before testing in sandbox conditions. A misconfigured Agent can drain funds in seconds.

4.4 Risk Classification

PaxLabs classifies Agent activities into three risk tiers with escalating requirements:

  • (i)Standard risk — information retrieval, non-financial API calls, content generation. Baseline policy compliance required.
  • (ii)Elevated risk — financial transactions, DeusVoucher co-signing, settlement. Requires spend limits, circuit breakers, financial-decision logging, and pre-production testing.
  • (iii)High risk — autonomous decisions affecting individuals' rights, safety, financial standing, or access to services. Requires human-in-the-loop review, decision-logic records, contestability mechanisms, and a documented risk assessment.

What you need to do: Assess which tier applies to your Agent and implement the corresponding requirements.

Operative policy: AI Agent Responsible Use Policy (Section 4).

4.5 Transparency and Disclosure

Where required by law (including the EU AI Act) or by context, your Agent must disclose that it is an automated system. It must not impersonate a human in a deceptive manner.

4.6 Incident Reporting

You must promptly report to PaxLabs if your Agent: acts outside its authorized scope; is involved in a security incident; causes material financial loss or harm; exhibits runaway or unexplained behavior; or triggers a circuit breaker under circumstances suggesting a systemic issue.

Common mistake: Concealing an Agent incident out of concern about enforcement. PaxLabs does not retaliate against good-faith, timely reporting. Concealment of a known incident is itself a violation.

Operative policy: AI Agent Responsible Use Policy (Section 9).

5Module 4 — For Marketplace Participants: Using Deus

5.1 For Providers: Listing Services on Deus

What you need to do:

  • (i)Accurately describe your service — capabilities, limitations, pricing, data handling, and third-party dependencies;
  • (ii)Ensure your Listing complies with the Acceptable Use Policy and applicable law;
  • (iii)Hold all necessary rights, licenses, and authorizations to offer the listed service;
  • (iv)Maintain the service consistent with your Listing description;
  • (v)Respond to Consumer inquiries and complaints in a commercially reasonable manner;
  • (vi)Update your Listing promptly if anything material changes; and
  • (vii)Notify PaxLabs of any security incident, legal proceeding, or regulatory action affecting your listed service.

Common mistakes:

  • Overstating capabilities in a Listing description. Misrepresentation violates the Marketplace Terms and may result in removal.
  • Failing to disclose third-party model dependencies. If your service relies on a third-party model, disclose it.
  • Listing a service you cannot lawfully provide in the Consumer's jurisdiction.

5.2 For Consumers: Procuring Services on Deus

What you need to do:

  • (i)Evaluate the fitness, security, and lawfulness of a service for your purpose before procuring it — PaxLabs does not verify Listings;
  • (ii)Review the Provider's history, reputation signals, and any applicable terms;
  • (iii)Understand that reputation scores are informational, not warranties;
  • (iv)If your Agent procures services on your behalf, you are responsible for those procurement decisions; and
  • (v)Understand that disputes with Providers are between you and the Provider — PaxLabs is not obligated to mediate.

Common mistake: Relying solely on a high reputation score without reviewing the Listing description. Scores reflect historical data; they do not guarantee future performance.

5.3 Settlement and DeusVouchers

What you need to know:

  • (i)Settlement occurs through the protocol's deterministic rules, including bilateral DeusVoucher co-signing and lazy-net settlement;
  • (ii)Co-signing a DeusVoucher is irrevocable — verify the terms before co-signing;
  • (iii)Once settlement is committed onchain, it cannot be reversed by PaxLabs or anyone else;
  • (iv)Network fees (gas) are payable in PAX and are non-refundable; and
  • (v)PaxLabs takes no fee on certain transactions — this does not make PaxLabs a party to the transaction or a guarantor of performance.

Operative policy: Marketplace Terms and Conditions.

6Module 5 — For M2M Operators: Agent-to-Agent Interactions

6.1 When This Module Applies

This module applies when your Agent transacts, coordinates, or contracts with another Agent without contemporaneous human action — including agent-to-agent procurement, automated settlement, and autonomous service consumption.

6.2 Key Rules

  • (i)Your Agent binds you. When your Agent co-signs a voucher or commits to a transaction with another Agent, you — not the Agent — are legally bound.
  • (ii)The agreement is between Operators. Agent-to-agent transactions create agreements between the Operators, not between the Agents.
  • (iii)PaxLabs is not a party. PaxLabs provides the infrastructure. It is not a guarantor, mediator, or counterparty in M2M transactions.
  • (iv)Counterparty risk is yours. If the other Operator's Agent fails to perform, your recourse is against that Operator, not PaxLabs.

6.3 M2M-Specific Safeguards

M2M interactions carry distinct risks — rapid execution, cascading failures, feedback loops, and settlement timing mismatches. You must implement:

  • (i)Per-transaction and aggregate value limits for M2M activity;
  • (ii)Counterparty concentration limits;
  • (iii)Rate limits on M2M transaction frequency;
  • (iv)Circuit breakers that halt M2M activity on anomalous behavior;
  • (v)Validation logic that checks each proposed action against the Agent's authorization scope; and
  • (vi)Real-time monitoring with alerts.

Common mistake: Configuring an Agent for M2M interactions with no counterparty limits, allowing the Agent to accumulate dangerous concentration exposure to a single counterparty before the Operator notices.

6.4 Disputes

M2M disputes are between Operators. PaxLabs may hold contested pre-finality amounts for up to sixty (60) days but cannot reverse onchain settlement. The deterministic execution record is available as evidence.

Operative policy: Machine-to-Machine (M2M) Agreement.

7Module 6 — Data Protection and Privacy

7.1 The Onchain/Off-Chain Distinction

This is the most important privacy concept in the ecosystem:

  • (i)Off-chain data (account info, support messages, billing records, logs) — PaxLabs controls this and you can exercise your privacy rights (access, correction, deletion).
  • (ii)Onchain data (transactions, wallet addresses, signed intents) — permanent, public, irreversible. Cannot be deleted, corrected, or restricted by anyone.

7.2 Your Privacy Rights

Under applicable law (GDPR, CCPA/CPRA, other), you may have the right to access, correct, delete, port, or restrict processing of your personal data. These rights apply fully to off-chain data. They are limited for onchain data due to the technological impossibility of modification.

What you need to do:

  • (i)Exercise privacy rights by contacting PaxLabs at the address in the Privacy Policy;
  • (ii)Understand that deletion requests will remove off-chain data but cannot affect onchain records; and
  • (iii)Minimize the personal data you commit onchain.

7.3 If You're a Developer Processing Personal Data

If your application processes personal data through the Platform APIs, you are the data controller and have your own privacy-law obligations, including providing privacy notices to your end users, ensuring lawful basis for processing, and executing a data-processing agreement with PaxLabs.

Operative policies: Privacy Policy; On-Chain Data Privacy Notice.

8Module 7 — Financial Crime Prevention

8.1 What PaxLabs Does

PaxLabs maintains an AML/CFT program that includes identity verification (KYC), sanctions screening, transaction monitoring, suspicious-activity reporting, and Travel Rule compliance. ChainFlow supports these controls within the settlement infrastructure.

8.2 What You Must Do

  • (i)Provide accurate identity information when requested;
  • (ii)Complete verification promptly — delays may restrict your access;
  • (iii)Keep your information current;
  • (iv)Do not use the Services for money laundering, terrorist financing, sanctions evasion, structuring, or any financial crime;
  • (v)Do not transact with sanctioned persons, entities, or wallets;
  • (vi)Do not use Agents or M2M interactions to automate structuring, layering, or evasion of compliance controls; and
  • (vii)Cooperate with PaxLabs' verification and periodic-review processes.

Common mistake: Using Agent automation to break transactions into smaller amounts to avoid monitoring thresholds (structuring). Automated structuring is a federal crime in the United States and violates the AUP.

Operative policy: AML/KYC Policy.

9Module 8 — EU AI Act: What Users Need to Know

9.1 Who Is Affected

If you deploy or operate an AI system (including an Agent) that is used by or affects persons in the EU, the EU AI Act may apply to you. Your obligations depend on your role:

  • (i)Provider — if you develop an AI system and make it available. You may need to conduct conformity assessments, maintain technical documentation, register the system, and ensure human oversight.
  • (ii)Deployer — if you use an AI system under your authority. You may need to use the system according to provider instructions, assign human oversight, monitor operations, and conduct impact assessments.

9.2 Prohibited Practices

The following are prohibited on the Services regardless of your jurisdiction: manipulative or deceptive AI techniques causing significant harm; exploitation of vulnerable groups; social scoring; prohibited biometric practices (real-time biometric identification in public spaces, untargeted facial-image scraping, emotion recognition in workplaces/education); and predictive policing based solely on profiling.

9.3 What You Need to Do

  • (i)Determine whether your AI system falls within the scope of the Act;
  • (ii)Classify your system's risk level (prohibited, high-risk, limited-risk, minimal-risk);
  • (iii)If high-risk, implement the full suite of provider or deployer obligations before deployment;
  • (iv)If limited-risk, implement transparency obligations (disclose AI interaction, label AI-generated content);
  • (v)Maintain documentation and records sufficient for regulatory inspection; and
  • (vi)PaxLabs provides infrastructure and compliance-supporting tooling but does not assume your AI Act obligations.

Common mistake: Assuming that because PaxLabs complies with the AI Act for its own systems, your Agent is automatically compliant. It is not. You have independent obligations.

Operative policy: EU AI Act Compliance page; AI Agent Responsible Use Policy.

10Quick-Reference Compliance Checklist

10.1 All Users

  • Read and accept the Terms of Service and incorporated policies
  • Secure credentials, private keys, and seed phrases
  • Confirm you are not in a prohibited jurisdiction
  • Complete identity verification where required
  • Understand that onchain activity is permanent and irreversible
  • Do not use the Services for prohibited purposes

10.2 Developers

  • Review the API Terms of Use before beginning development
  • Secure API keys — never embed in client-side code
  • Comply with the Acceptable Use Policy and rate limits
  • Handle personal data in compliance with applicable privacy law
  • Execute a data-processing agreement where required
  • Design for API unavailability (retry logic, circuit breakers, fallbacks)

10.3 Agent Operators

  • Define Agent authorization scope before deployment
  • Implement spend limits, rate limits, and circuit breakers
  • Test in sandbox before production deployment
  • Ensure the Agent can be halted at all times
  • Classify Agent risk tier and implement corresponding requirements
  • Implement transparency disclosures where required
  • Maintain records of Agent configuration and actions
  • Report incidents promptly to PaxLabs

10.4 Marketplace Providers

  • Accurately describe Listings — capabilities, limitations, pricing, data handling
  • Hold all necessary rights and authorizations
  • Maintain services consistent with Listing descriptions
  • Respond to Consumer inquiries and complaints
  • Update Listings promptly upon material changes
  • Notify PaxLabs of security incidents affecting listed services

10.5 Marketplace Consumers

  • Evaluate fitness and lawfulness of services before procuring
  • Review Listing descriptions, Provider history, and reputation signals
  • Understand that reputation scores are informational, not warranties
  • Verify DeusVoucher terms before co-signing
  • Understand that onchain settlement is irreversible

10.6 M2M Operators

  • Define M2M-specific authorization scope
  • Implement per-transaction, aggregate, and counterparty limits
  • Implement circuit breakers for M2M activity
  • Monitor M2M activity in real time
  • Understand that M2M disputes are between Operators
  • Do not use M2M interactions to evade compliance controls

11Where to Get Help

TopicContactOperative Policy
General questions[support contact to be inserted]Terms of Service
Account and security issues[security contact to be inserted]Terms of Service (§4); AUP
Privacy and data rights[privacy contact to be inserted]Privacy Policy
AML/KYC and verification[compliance contact to be inserted]AML/KYC Policy
Report a violation or abuse[abuse contact to be inserted]AUP (§10)
Security vulnerability[security disclosure contact to be inserted]AUP (§8)
Marketplace issues[marketplace contact to be inserted]Marketplace Terms
AI Act and Agent compliance[AI compliance contact to be inserted]EU AI Act Compliance; Agent Policy
Agent incident reporting[incident contact to be inserted]Agent Policy (§9)

12Changes

This Training Centre will be updated as the Services, policies, and regulatory landscape evolve. When material changes are made, the "Version" and "Effective Date" will be updated, and notice will be provided through the Services.

Version 1.0 — Effective Date: June 10, 2026

↑ Top