1. Information We Collect
When you create an account, we collect your email address and display name. We also collect:
- Hardware ID — A hashed identifier of your device, used to bind your license to one machine.
- IP Address — Logged during license activation and login attempts for security purposes.
- Login activity — Timestamps of login attempts to enforce rate limiting and detect abuse.
2. How We Use Your Data
- To authenticate your account and manage your session
- To validate and bind your license to your device
- To prevent abuse through rate limiting and ban enforcement
- To provide admin oversight via audit logs (admin-only access)
3. Cookies & Local Storage
Axyra uses essential cookies only:
- Supabase Auth tokens — Stored in localStorage to maintain your login session. These are required for the site to function.
- Cookie consent preference — Stored in localStorage to remember your acceptance.
We do not use tracking cookies, analytics, or third-party advertising cookies.
4. Data Security
- Passwords are hashed using bcrypt and are never stored in plain text
- All communication uses HTTPS/TLS encryption
- Database access is controlled via Row Level Security (RLS)
- Admin actions are logged in an audit trail
- Optional Two-Factor Authentication (2FA) via TOTP
- Login attempts are rate limited (5 attempts per 15 minutes)
5. Data Sharing
We do not sell, trade, or share your personal data with third parties. Your data is only accessible to Axyra administrators for support and security purposes.
6. Data Retention
- Account data is retained while your account is active
- Login attempt logs are automatically deleted after 24 hours
- Audit logs are retained for administrative and security review
7. Your Rights
You can:
- Update your display name and password in the Dashboard settings
- Enable or disable Two-Factor Authentication
- Request account deletion by contacting support
8. Contact
For privacy-related questions, contact us at support@axyra.space.