Privacy Policy

Privacy

Effective date: March 11, 2026. This policy applies to GDSWRENCH services operated by AxioMatiks.

This Privacy Policy explains how AxioMatiks processes personal data for GDSWRENCH services and related support workflows.

In enterprise use, your organization is typically the data controller for documents, records, and personal data submitted to the service, and AxioMatiks acts as a service provider or processor.
GDSWRENCH is B2B software for authorized business workflows. It is not a travel agency, booking platform, visa service, immigration service, passport service, citizenship service, identity-verification service, or consumer travel product.
This policy applies to gdswrench-web marketing pages, account pages, support channels, and billing-related flows.
If a signed enterprise agreement exists, that agreement governs where it conflicts with this public policy.

We process only the data required to deliver, secure, and support the service.

Account data: name, email address, authentication/session metadata, and organization association.
Billing data: subscription status, transaction references, invoices, tax records, usage entitlements, and billing metadata from our authorized merchant-of-record or payment processing provider. Payment card details are processed by the payment provider and are not stored by AxioMatiks.
Operational data: API logs, security events, rate-limit events, and diagnostics required for reliability and abuse prevention.
Document workflow data: uploaded document files, structured fields, MRZ-assisted extraction results where supported, review decisions, and workflow outputs provided through product features and retained according to configured retention policy.
Customers are responsible for ensuring that they have the lawful basis, authorization, notices, and internal policies required to upload and process any document files or personal data submitted to the service.

We use personal data for specific, limited service purposes.

To provide account access, subscription features, support, and product functionality.
To generate structured, reviewable workflow outputs for authorized business users.
To operate billing lifecycle workflows, including activation, renewal, cancellation, refund handling, and dispute resolution.
To secure the service, investigate incidents, detect abuse, and maintain audit trails.
To comply with legal obligations and enforce contractual rights.

Processing is based on contract, legitimate interests, and legal obligations, as applicable.

Contract performance: delivering the purchased or provisioned services.
Legitimate interests: service security, diagnostics, fraud prevention, and product reliability.
Legal obligations: accounting, compliance, and lawful disclosure requirements.
Consent: where required by applicable law (for example, optional communications).

We share data only with service providers needed to run the platform.

Billing provider: our authorized merchant-of-record or payment processing provider for checkout, payment processing, invoices, tax handling, subscription management, and billing event delivery.
Infrastructure and runtime providers used for hosting, API/runtime delivery, data persistence, and traffic protection.
Email delivery providers used for account and operational notifications.
Regulators, courts, or law enforcement when required by law or to protect legal rights.

Data is retained only as long as needed for service delivery, compliance, and security.

Retention windows may differ by data type (audit, logs, files, extracted fields) and enterprise configuration.
When retention periods expire, data is deleted or anonymized according to platform controls and operational constraints.
Legal hold, dispute, or security investigation requirements may require temporary retention extension.

We apply technical and organizational controls designed for confidentiality, integrity, and availability.

Access control, least-privilege administration, environment secret management, and session protection.
Webhook signature verification, idempotency safeguards, and audit/event logging for sensitive flows.
Human review workflows, access controls, and audit logging for sensitive document-processing operations where enabled by plan or configuration.
Monitoring, incident handling, and rollback procedures documented in operational runbooks.
No security control is absolute; customers should also maintain endpoint and account security controls.

Data may be processed in jurisdictions where AxioMatiks or its providers operate.

Where required, transfers are governed by contractual and technical safeguards.
Enterprise customers with specific residency or transfer requirements should document those in their commercial agreement.

Depending on applicable law, individuals may request access, correction, deletion, restriction, objection, or portability.

Requests should be submitted through your organization administrator or AxioMatiks support channel.
We may require verification before actioning requests and may decline requests where legal exceptions apply.

We may update this policy when product, legal, or provider requirements change.