Privacy Policy

This Privacy Policy explains how Axion Energy Markets Data ("Axion", "we", "us", or "our") collects, uses, shares, and protects personal data in connection with our software-as-a-service platform that provides energy market data and tools to professional users (the "Service"). We are committed to complying with applicable European data protection law, including the EU/EEA General Data Protection Regulation (GDPR) and the ePrivacy rules on cookies and similar technologies.

1) Who is the data controller?

The data controller responsible for processing your personal data is:

Axion Energy Markets Data
Email: support@axion-insights.com

If Axion is established outside the EU/EEA, we will appoint an EU representative per Article 27 GDPR and include their contact details here.

2) Scope

This Policy applies to personal data we process about account owners, users invited to a workspace, website visitors, newsletter subscribers, and customer contacts at business clients and prospects. It does not apply to data we process solely on behalf of our business customers as their processor (see Section 10 below).

3) What data we collect

• Account & profile data: name, employer/organization, title/role, business contact details, login identifiers, authentication data.
• Usage & telemetry data: app interactions, feature usage, events, crash logs, and diagnostics generated when you use the Service.
• Device & technical data: IP address, device/browser information, operating system/version, language, time zone, and similar identifiers.
• Support & communications: content of messages you send us (e.g., support tickets, feedback), and related metadata.
• Billing & transactions (if applicable): subscription details, invoicing information, VAT/tax identifiers, and payment confirmations (we do not store full payment card numbers; these are handled by our payment provider).
• Marketing data (with consent): newsletter preferences, campaign interactions, and cookie-based identifiers used for analytics and advertising.

4) Sources of personal data

We collect personal data directly from you (e.g., when creating an account, contacting support), automatically via our website and apps (e.g., through cookies/SDKs), and from business partners or publicly available sources for B2B contact enrichment where lawful.

5) Purposes and legal bases

• Provide and operate the Service (create accounts, authenticate, deliver functionality, maintain security) — Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (legitimate interests).
• Customer support and communications — Art. 6(1)(b) / 6(1)(f).
• Billing, accounting, tax compliance — Art. 6(1)(c) GDPR (legal obligation) and, where applicable, 6(1)(b).
• Security and fraud prevention (detect abuse, protect accounts and infrastructure) — Art. 6(1)(f).
• Product analytics and improvement — Art. 6(1)(f) (only using cookies or similar technologies with prior consent per ePrivacy rules).
• Marketing communications (newsletters, event invites) — Art. 6(1)(a) (consent) or 6(1)(f) for permissible B2B direct marketing; you can object at any time.
• Compliance and enforcement (respond to lawful requests, enforce terms, protect our rights) — Art. 6(1)(c) and 6(1)(f).

6) Cookies and similar technologies

We use cookies, SDKs, and pixel tags on our website and application. Non-essential cookies (e.g., analytics/advertising) are used only with your prior consent via our cookie banner. You can change or withdraw your consent at any time through the cookie settings link in the footer.

The following third-party tools may set cookies on your device:

• Google Analytics (measurement and aggregated usage statistics). Example cookies: _ga (2 years), _gid (24 hours). Provider: Google Ireland/Google LLC.
• Meta (Facebook) Pixel (ad measurement, attribution). Example cookie: _fbp (3 months). Provider: Meta Platforms Ireland/Meta Platforms, Inc.
• LinkedIn Insight Tag (campaign performance, conversion tracking). Example cookies: li_gc, bcookie (up to 6 months). Provider: LinkedIn Ireland/LinkedIn Corporation.

Cookie names and durations are examples and may change by the providers. See their policies for details. You can also control cookies through your browser settings. Essential cookies required to operate the Service cannot be refused.

7) Sharing of personal data

We share personal data with: (a) service providers that help us operate the Service (e.g., hosting, cloud storage, error logging, analytics, communications, payments); (b) business partners where you or your organization asks us to integrate with their tools; (c) professional advisors (legal, accounting) and authorities where required by law; and (d) in connection with a corporate transaction (merger, acquisition, etc.). We require processors to protect personal data under written contracts per Article 28 GDPR.

8) International data transfers

Some recipients are located outside the EU/EEA, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses (SCCs) and, where applicable, providers' certification under the EU–U.S. Data Privacy Framework (DPF), along with supplementary measures as needed.

9) Data retention

• Account data: kept for the life of the account and then deleted or anonymised within 90 days, unless longer retention is needed for legal claims.
• Billing/transaction records: retained for up to 10 years to comply with tax and accounting obligations.
• Support communications: retained for up to 3 years after closure of the ticket.
• Analytics data: retained in identifiable form for up to 26 months, after which it may be aggregated or anonymised.
• Marketing data: retained until you unsubscribe or your consent is withdrawn, and for a short period thereafter to record your preference.

10) Role as processor for customer data

In providing the Service, we may process datasets, files, or parameters that you or your organization upload or configure ("Customer Data"). For such processing, we act as a processor and process Customer Data solely on documented instructions from our business customer pursuant to a data processing agreement (DPA). This Privacy Policy does not apply to Customer Data; our customer remains the controller of such data.

11) Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit, access controls, least-privilege principles, network monitoring, and regular backups. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

12) Your rights (EU/EEA & UK)

You have the right to request access to your personal data, rectification, erasure, restriction, portability, and to object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local data protection authority (e.g., in Spain, the AEPD).

13) How to exercise your rights

To exercise your rights, contact us at support@axion-insights.com. We may need to verify your identity and ask for additional information to process your request. We will respond within the timelines required by law.

14) Children

Our Service is intended for professional users and is not directed to children. We do not knowingly collect personal data from children under the age of 16 (or lower age if permitted by local law). If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

15) Data accuracy & no liability notice (about the energy data)

The energy market datasets and outputs provided via the Service are supplied on an "as is" and "as available" basis. We make no warranties or representations, express or implied, regarding completeness, accuracy, timeliness, or fitness for a particular purpose. To the maximum extent permitted by law, we are not liable for any direct, indirect, incidental, consequential, special, exemplary, or punitive losses, costs, or damages arising from or related to the use of, reliance on, or inability to use any data or outputs from the Service, including any trading, investment, or commercial decisions. Nothing in this notice limits liability that cannot be excluded under applicable law.

Note: Liability disclaimers are typically set out in your Terms of Service. We include this notice here for clarity, but your Terms should also contain your full limitation of liability and warranty disclaimers.

16) Do Not Track & signals

Some browsers offer a “Do Not Track” (DNT) signal. Our Service does not currently respond to DNT signals. We respect your choices made via our cookie banner and in-app privacy controls.

17) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page and adjust the effective date below. For material changes, we will provide additional notice (e.g., in-app notification or email to account owners) where required by law.

18) Contact

If you have questions about this Policy or our privacy practices, contact us at support@axion-insights.com.

Effective date: 4 September 2025