1. WHO WE ARE

AXIX GP International Inc. ("AXIX GP," "we," "us," or "our") operates the Uncle BUCK$ AI automated trading platform accessible at dianafm.axixgp.com and related mobile applications (collectively, the "Platform"). Our contact for privacy matters is privacy@axixgp.com.

2. INFORMATION WE COLLECT

Information you provide directly:

• Account credentials — Access codes and email addresses used for authentication
• Brokerage API keys — Alpaca Markets and Interactive Brokers API key pairs you provide to connect your brokerage account. These are encrypted with AES-256 at rest and never displayed after submission.
• Communications — Emails, support requests, or other messages you send us

Information collected automatically:

• Device fingerprint — A hashed identifier derived from browser/device characteristics (user agent, screen resolution, timezone, language) used solely for session authentication. This is a one-way hash and cannot be reversed to identify you.
• Usage logs — Serverless function invocation logs including timestamps, HTTP methods, response codes, and error messages. These are retained by Vercel Inc. per their data retention policies.
• Session tokens — Encrypted JWT tokens stored in your browser's localStorage, used to maintain authenticated sessions.
• Trading activity — Records of trades executed through your connected brokerage accounts for audit, performance analysis, and safeguard monitoring. This data is stored in Upstash Redis (KV) with a 90-day retention.
• Platform preferences — Engine toggle states, allocation settings, theme preferences stored in your browser's localStorage.

Information we do NOT collect:

• Government-issued identification numbers
• Social Security numbers or tax identification numbers
• Payment card numbers (payments processed by Stripe — we receive only a customer ID)
• Brokerage account numbers (we only receive and store API keys)

3. HOW WE USE YOUR INFORMATION

We use collected information exclusively to:

• Authenticate your identity and maintain secure sessions
• Connect to your brokerage accounts and execute trading orders on your behalf
• Monitor your portfolio and apply risk safeguards
• Send trade alert notifications via SMS (Twilio) and push notifications
• Provide customer support
• Detect and prevent fraud, abuse, or unauthorized access
• Comply with applicable laws and regulations
• Improve Platform functionality and performance

We do not use your data for advertising, profiling, or sale to third parties.

4. THIRD-PARTY SERVICE PROVIDERS

We use the following third-party services to operate the Platform. Each has its own privacy policy.

• Vercel Inc. — Cloud infrastructure and serverless hosting. Processes request logs. Privacy Policy
• Upstash Inc. — Redis KV database for session and portfolio state storage. Data encrypted in transit and at rest. Privacy Policy
• Alpaca Markets — Brokerage API for trade execution. Your Alpaca account is governed by Alpaca's terms. Privacy Policy
• Interactive Brokers LLC — Brokerage API for global market access. Privacy Policy
• Twilio Inc. — SMS notification delivery. Phone numbers are used only to send trade alerts. Privacy Policy
• Stripe Inc. — Subscription payment processing. We do not store payment card data. Privacy Policy
• Polygon.io — Market data provider. No personal data shared. Privacy Policy
• Anthropic, OpenAI, Google — AI model APIs used for market analysis. Trade data may be transmitted to these services for analysis. No personal identifiers are included in these requests. Each provider's data processing terms apply.

5. BROKERAGE API KEY SECURITY

Your Alpaca and IBKR API keys represent access to your financial accounts. We treat them with the highest level of protection:

• Keys are encrypted with AES-256 before storage
• Keys are stored server-side only — they are never exposed to browser-side JavaScript after submission
• Keys are never logged, displayed, or included in error messages
• Keys are transmitted only over TLS-encrypted HTTPS connections
• Keys are used exclusively to execute operations you authorize through the Platform

You can revoke API key access at any time by deleting the keys in your brokerage account dashboard. Revocation immediately prevents the Platform from placing orders on your behalf.

6. DATA RETENTION

• Session tokens — 7-day expiry, cleared on logout
• Trading history (KV) — 90 days rolling retention
• Server logs (Vercel) — Per Vercel's retention policy (typically 30 days)
• Account data — Retained while your account is active. Deleted within 30 days of verified account closure request.
• Preferences (localStorage) — Stored in your browser only. Cleared when you clear browser data.

7. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights:

• Access — Request a copy of personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your personal data ("right to be forgotten")
• Portability — Request your data in a machine-readable format
• Opt-out of communications — Unsubscribe from SMS alerts at any time by replying STOP
• Withdraw consent — Revoke API key access and delete your account at any time

To exercise any of these rights, contact privacy@axixgp.com. We will respond within 30 days.

8. CALIFORNIA RESIDENTS (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA). AXIX GP does not sell personal information. You have the right to know what personal information is collected, to request deletion, and to non-discrimination for exercising your rights. To submit a CCPA request, contact privacy@axixgp.com.

9. EUROPEAN USERS (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is performance of our contract with you (Article 6(1)(b) GDPR). You have the right to lodge a complaint with your local data protection authority. We process data in the United States. By using the Platform, you consent to this transfer.

10. CHILDREN'S PRIVACY

The Platform is not intended for persons under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately at privacy@axixgp.com.

11. PUSH NOTIFICATIONS

If you grant permission for push notifications, we use your device's push token to deliver trade alerts. This token is stored server-side and used only to send trade-related notifications. You can revoke push notification permission at any time in your device settings.

12. SECURITY

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive credentials, HMAC-signed execution tokens, rate limiting, and anti-abuse detection. However, no system is perfectly secure. We cannot guarantee absolute security of data transmitted over the internet.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or email with at least 14 days' notice. The effective date at the top indicates the most recent revision. Continued use of the Platform after changes constitutes acceptance.

14. CONTACT

AXIX GP International Inc.
Phoenix, Arizona, USA
privacy@axixgp.com
support@axixgp.com