Last updated: [DATE]
This policy explains what personal data Axis processes, why, and your rights under the EU General Data Protection Regulation (GDPR / DSGVO). Axis is independent, third-party software and is not affiliated with Fractal Audio Systems.
Pascal Peinelt [c/o address from impressum-ohne-adresse.de] [Postal code, City], Germany Email: contact@axisapp.live
See also the Imprint.
The Axis desktop app and its bundled engine (ForgeFX) run locally. Editing presets, reading your device, and local backups happen entirely on your machine and over your device's USB/MIDI connection. Using Axis this way requires no account and transmits no personal data to us.
If you create an Axis Cloud account, we process:
| Data | Purpose | Legal basis |
|---|---|---|
| Email, password (stored only as a salted hash) | Create and authenticate your account | Art. 6(1)(b) |
| Account identifier | Link synced data to your account | Art. 6(1)(b) |
| Synced content: preset files, preset/scene names, block layouts, app config | Back up & sync presets across your devices, at your request | Art. 6(1)(b) |
Processor: account and storage are provided by Supabase (Supabase, Inc.), stored in the project's configured region [confirm: EU]. A Data Processing Agreement is in place; EU Standard Contractual Clauses cover any non-EU transfer. Your preset content is your data; we access it only to provide sync and never analyse or share it. Payments (for any future paid tier) are handled by the payment provider [Patreon / Stripe]; we do not receive or store card details. This section is updated before any paid tier launches.
Diagnostics are off by default and only run if you explicitly enable them in Privacy & Diagnostics. When enabled, we collect, to find and fix bugs:
We never collect via diagnostics: your name, email, account ID, passwords/tokens, preset names or preset content, scene/setlist names, file contents, or full file-system paths.
Legal basis: Art. 6(1)(a) — your consent, withdrawable any time in Privacy & Diagnostics. Processor: Grafana Cloud (Grafana Labs) via Grafana Faro, in the EU region; your IP is processed transiently at ingestion and not used to build a profile. DPA in place; SCCs apply to any non-EU transfer.
If you choose to "Send debug report", we upload a one-time bundle: your session's local debug log, recent app events, device/OS/app versions, and the triggering error. It is scrubbed of personal data, compressed, and stored keyed to your anonymous instance ID. Legal basis: Art. 6(1)(a) — explicit, per-incident consent (it only uploads when you press the button, even if live diagnostics are off). Storage: Supabase Storage, access-restricted bucket.
Axis stores small technical values in your browser's local storage (diagnostics consent choice, anonymous instance ID, UI preferences). These are functional and stay on your device — not tracking or advertising cookies, so no cookie banner is required. Clearing them resets your choices.
You have the right to access (Art. 15), rectification (16), erasure (17), restriction (18), portability (20), and to object (21); and to withdraw consent at any time (7(3)). To delete your account and synced data: [in-app path or email [contact email]]. Exercise any right via [contact email]. You may also complain to a supervisory authority — for Germany, your competent Landesdatenschutzbehörde [your federal state's authority].
We do not sell or rent personal data, and do not use it for advertising or profiling. Data is shared only with the processors above (Supabase, Grafana Labs, and — for a future paid tier — the payment provider), strictly to operate the service, under Data Processing Agreements.
Axis is not directed at children under 16. If you are under 16, please do not create an account without a parent/guardian's consent.
We may update this policy (e.g. when we add a processor or paid tier). The current version is always at https://axisapp.live/privacy with the date above; material changes affecting consent are surfaced in the app.
Draft — not legal advice. Confirm each processor's region and DPA, and have this reviewed by a qualified data-protection lawyer before public launch.