Privacy Policy

Last updated: March 17, 2026

1. Data We Collect

We collect the following types of information when you use AxeLedger:

Waitlist & Access Requests

  • Name, email address, and optional message submitted via the waitlist form.
  • Waitlist data is retained until you are granted access or request removal. You may request deletion at any time by emailing privacy@voidworxlabs.com.

Account Information

  • Name, email address, and password (hashed).
  • Subscription plan and billing status.
  • Referral codes and referral relationships.

Financial Data

  • Transactions, journal entries, bills, invoices, and receipts you create.
  • Chart of accounts, contacts, and entity configurations.
  • Bank statements and documents you upload for parsing.
  • Bank feed data retrieved through Plaid (read-only access).

Usage Analytics

  • Feature usage patterns and AI credit consumption.
  • Session data, login timestamps, and IP addresses.
  • Error logs and performance metrics (no financial data included).

2. How We Use Your Data

We use your data for the following purposes:

  • To provide, maintain, and operate the Service, including processing transactions, generating reports, and managing your entities.
  • To process AI-powered features such as statement parsing, receipt scanning, and financial advisory insights.
  • To improve and develop new features based on aggregated, anonymized usage patterns.
  • To communicate with you about your account, billing, and service updates.
  • To enforce our Terms of Service and protect the security of the platform.

3. AI Data Processing

Your Data Stays With Us

All AI processing in AxeLedger is performed on our self-hosted infrastructure. Your financial data is never transmitted to third-party AI providers such as OpenAI, Google, Anthropic, or any other external AI service.

  • AI features include statement parsing, receipt scanning, financial advisor, and anomaly detection.
  • We do not offer "Bring Your Own Key" (BYOK) functionality. All AI access is managed and controlled by us to ensure data privacy.
  • AI-processed data remains within the same entity isolation boundaries as all other data.
  • AI credit usage is tracked per user per month, but the content of AI requests is not retained after processing is complete.

4. Data Storage & Security

We take the security of your data seriously. Our security practices include:

  • Encrypted sessions and secure cookies in production environments.
  • Multi-entity isolation ensuring complete separation of data between entities.
  • Role-based access control with multiple permission levels within each entity.
  • HTTPS enforcement with HSTS headers.
  • Security headers including X-Content-Type-Options, X-Frame-Options, and Content Security Policy.
  • CSRF protection on all state-changing requests.

For full details on our security practices, please see our Security Policy.

5. Third-Party Services

We integrate with the following third-party services:

Stripe (Payment Processing)

  • Stripe handles all payment processing for subscriptions.
  • We never store your credit card numbers, CVVs, or full bank account details.
  • We only store opaque Stripe identifiers (customer ID and subscription ID) to manage your billing relationship.
  • Stripe's privacy policy governs how they handle your payment data.

Plaid (Bank Feeds)

  • Plaid is used to provide read-only bank feed connections if you choose to enable this feature.
  • Plaid connections are optional and initiated by you.
  • We receive transaction data from Plaid in read-only mode; we cannot initiate payments or transfers through Plaid.
  • Plaid's privacy policy governs how they handle your banking data.

6. We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information or financial data to any third party, under any circumstances.

7. Data Sharing

We do not share your data with third parties except in the following limited circumstances:

  • Stripe: We share billing-related data with Stripe solely to process your subscription payments.
  • Plaid: We share connection credentials with Plaid solely to retrieve your bank feed data, at your explicit request.
  • Legal obligations: We may disclose data if required by law, subpoena, or court order, or to protect the rights, property, or safety of VoidWorx Labs, our users, or others.

We do not share your data with advertisers, data brokers, analytics companies, or any other third parties.

8. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • Deleted accounts: Upon account deletion, all associated data (financial records, entities, uploaded documents, AI processing history) will be permanently purged within 30 days.
  • Audit logs: Platform audit logs (admin actions, security events) are retained as required for security and compliance purposes.

9. Your Rights

You have the following rights regarding your data:

  • Access: You can access all your financial data through the Service at any time.
  • Export: You can export your data in standard formats (CSV, PDF) through the Service's reporting and export features.
  • Correction: You can update or correct your data at any time through the Service.
  • Deletion: You can request complete deletion of your account and all associated data by contacting us or using the account deletion feature.
  • Portability: You can export your data and take it to another service.

To exercise any of these rights, contact us at privacy@voidworxlabs.com.

10. Cookies

AxeLedger uses only essential session cookies required for the Service to function. Specifically:

  • Session cookie: Maintains your authenticated session. Encrypted in production.
  • CSRF token cookie: Protects against cross-site request forgery attacks.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not use pixel trackers or similar tracking technologies from third parties.

11. SOC 2 Compliance

VoidWorx Labs is committed to achieving and maintaining SOC 2 Type II compliance. This includes adherence to the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.

Our compliance program includes regular audits, documented policies and procedures, and continuous monitoring of our security controls.

12. Platform Admin Access

Platform super administrators may access user accounts for support and security purposes under the following strict conditions:

  • All admin access sessions ("View As") are logged in an immutable audit trail.
  • View As sessions automatically expire after 30 minutes.
  • Financial data values are redacted during View As sessions. Super admins cannot see your actual monetary amounts, balances, or transaction details.
  • Admin actions (plan overrides, refunds, account adjustments) are individually logged with the administrator's identity and timestamp.

13. Children's Privacy

AxeLedger is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@voidworxlabs.com and we will promptly delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send a notification to the email address associated with your account.

Your continued use of the Service after any changes constitutes acceptance of the revised policy.

15. GDPR & CCPA Rights

For EU / EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, the following applies:

  • Lawful basis: We process your data on the basis of contractual necessity (to provide the Service you signed up for), legitimate interests (security, fraud prevention, platform improvement), and your explicit consent where required.
  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate data.
  • Right to erasure: You may request deletion of your personal data. Where we are required to retain financial records for legal or compliance purposes, we will anonymize your personal identifiers rather than hard-delete the records.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to portability: You may export your data in machine-readable formats through the Service.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at privacy@voidworxlabs.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

For California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, and our purposes for collection.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: We do not sell your personal information. No opt-out is needed.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to correct: You may request correction of inaccurate personal information.

To submit a verifiable consumer request, contact us at privacy@voidworxlabs.com.

16. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

VoidWorx Labs

AxeLedger is a product of VoidWorx Labs

Email: privacy@voidworxlabs.com

Web: voidworxlabs.com

Related policies:

Terms of Service Security Policy