Effective date: 5 May 2026 Last updated: 5 May 2026 Version: 1.1
This Privacy Notice (the "Notice") explains how AXL EdTech Booster LLC ("AXL", "we", "us") collects, uses, shares and protects personal data. This Notice applies to:
This Notice is written to comply with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the UK GDPR, the Spanish Organic Law 3/2018 (LOPDGDD), the California Consumer Privacy Act (CCPA/CPRA) and other applicable data-protection laws.
If you are a student, learner, course participant or end-user of a school or training centre that uses AXL — your personal data is processed by that school, which is the data controller. AXL is only a processor acting on the school's instructions. For privacy information about your data, contact your school directly. The Data Processing Addendum that governs that relationship is available at https://admin.accelonline.io/docs/dpa/en.
If you visit our website, sign up for an AXL account or contact us — this Notice applies, and AXL is the controller of your personal data. Your rights under applicable data-protection law are described in Section 8 below.
| Controller | AXL EdTech Booster LLC |
| Registered office | 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, USA |
| General contact | support@axl.tech |
| Privacy contact | privacy@axl.tech |
| Security contact | security@axl.tech |
| EU Representative (Article 27 GDPR) | Prighter Group, Schellinggasse 3/10, 1010 Vienna, Austria — https://app.prighter.com/portal/18576877104 |
| Data Protection Officer | Not required under Article 37 GDPR; the privacy contact above acts as our central point of contact for data-protection matters |
You can reach AXL by email or by post at the address above. EU and UK residents may contact our EU Representative directly using the link above.
AXL plays two distinct roles depending on the personal data involved.
AXL is the controller of personal data when:
This Notice describes how AXL acts as controller. Sections 3 to 11 below apply.
AXL is a processor of personal data when our Customers (schools, training centres, course authors) use the Services to manage their own students, learners, leads, contacts and end-users. In that case, the Customer is the controller and decides which personal data is processed and why; AXL processes the data on the Customer's instructions.
If you are a student or end-user of a Customer, please contact that Customer directly with privacy questions. The terms governing AXL's processing on behalf of Customers are set out in the AXL Data Processing Addendum at https://admin.accelonline.io/docs/dpa/en.
This Section 3 covers personal data for which AXL is the controller (see Section 2.1).
| Data we collect | Source | Purpose |
|---|---|---|
| IP address, browser/device technical data, pages visited, referrer | Automatically | Operating the website, security, abuse prevention |
| Application performance and error data (via New Relic) | Automatically | Monitoring and improving Service performance |
| Information you submit through contact forms (name, email, message) | Directly from you | Responding to your enquiry |
| Data we collect | Source | Purpose |
|---|---|---|
| Account identifiers: email, password (stored as a salted hash), name, language, time zone | Directly from you | Creating and operating your account |
| Authentication and session data: access tokens, refresh tokens, last-seen timestamps, IP, device | Automatically | Authentication, security, abuse prevention |
| School configuration: domain, billing details, plan information | Directly from you | Operating your school account, billing |
| Support communications: messages and attachments sent to support@axl.tech or via support channels | Directly from you | Providing support |
| Marketing engagement data: email opens, clicks, unsubscribe status, marketing preferences | Automatically (when you receive AXL marketing communications) | Sending you product news and offers about AXL Services and improving our communications |
| Operational telemetry: application logs, error reports, performance traces relating to administrative actions | Automatically | Service operation, security, debugging |
| Data we collect | Source | Purpose |
|---|---|---|
| Name, email, phone, company, role, message content | Directly from you | Responding to your enquiry, sales follow-up |
We send marketing emails (such as product news, feature announcements and special offers from AXL) to existing AXL administrators on a low-frequency basis (typically no more than monthly).
You can opt out at any time by:
Opting out of marketing does not affect operational and transactional communications that are necessary to deliver the Services (for example, billing notifications, security alerts, account confirmations and notices about material changes to our terms or policies). You cannot opt out of those communications while you continue to use the Services.
We do not send marketing emails to students, learners or other end-users of our Customers' platforms. Customers send their own communications to their end-users using AXL features, and Customers are the controllers of those communications.
For each processing purpose, we rely on one of the following legal bases:
| Purpose | Legal basis |
|---|---|
| Operating your AXL account, providing the Services, billing, support | Performance of a contract (Article 6(1)(b)) |
| Operating our Sites, security, fraud prevention, network and information security | Legitimate interests (Article 6(1)(f)) — interest: securing and operating our infrastructure |
| Application performance and error monitoring (New Relic) | Legitimate interests (Article 6(1)(f)) — interest: maintaining a reliable Service |
| Sending marketing communications to existing AXL administrators (product news, offers, feature announcements) | Legitimate interests (Article 6(1)(f)) — interest: keeping our customers informed about our Services and similar offerings, supported by the "soft opt-in" available under the ePrivacy Directive for existing customer relationships, with an unsubscribe option in every message |
| Responding to enquiries from prospective customers | Pre-contractual measures at your request (Article 6(1)(b)) and/or legitimate interests (Article 6(1)(f)) |
| Compliance with legal obligations (tax, accounting, lawful requests) | Legal obligation (Article 6(1)(c)) |
| Defending legal claims | Legitimate interests (Article 6(1)(f)) |
Where we rely on legitimate interests, you have the right to object — see Section 8. Where we rely on legitimate interests for direct marketing, you have an absolute right to object at any time and we will stop the marketing processing immediately.
If we ever start collecting personal data on the basis of consent (for example, for a new optional feature requiring it), we will obtain explicit, opt-in consent and update this Notice before doing so.
We share personal data only as needed for the purposes set out above, and only with the following categories of recipients.
We rely on a limited set of service providers ("sub-processors") to operate the Services. The current list is published at https://admin.accelonline.io/docs/subprocessors/en and is updated in accordance with our Data Processing Addendum.
Core sub-processors used for our own (controller) processing:
Each sub-processor is bound by written data-protection obligations consistent with this Notice and the Data Processing Addendum.
If you are added to a Customer's account (for example, as an instructor or admin invited by a school), the Customer can see your administrative information within their tenant. You should review the Customer's own privacy notice for information about how they handle data within their account.
We may disclose personal data when required to comply with applicable law, a binding legal request, or to protect our rights, safety or property, or those of our users or others. We will:
If AXL is involved in a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, your personal data may be transferred as part of that transaction. We will notify you (typically by updating this Notice and, where appropriate, by direct notification) before your personal data becomes subject to a different privacy notice.
AXL does not sell personal data and does not "share" personal data for cross-context behavioural advertising as defined under the CCPA/CPRA.
AXL is established in the United States. Operational systems and personnel are located in the United States, the United Kingdom and Canada.
Where your personal data is stored: We host all platform data, including backups, in Amazon Web Services data centres in Frankfurt, Germany (eu-central-1), within the European Economic Area.
When personal data leaves the EEA: Operational and support access by AXL personnel and contractors located in the United States, the United Kingdom or Canada constitutes a transfer outside the EEA. The United Kingdom and Canada hold European Commission adequacy decisions, so no further safeguards are required for those transfers. For transfers to the United States, we rely on:
A copy of the SCCs and the underlying Transfer Impact Assessment is available on request to privacy@axl.tech.
We retain personal data for as long as needed for the purposes described above, and in line with the periods below.
| Category | Retention |
|---|---|
| Active AXL account data | For the duration of your account, plus thirty (30) days after closure |
| Backups containing your data | Up to ninety (90) days after closure |
| Security logs and telemetry | Up to twelve (12) months, except where a longer period is required for security or legal compliance |
| Email correspondence with support, sales or privacy | Up to twenty-four (24) months from last interaction |
| Billing and tax records | As required by applicable law (typically seven (7) years) |
| Records of consent and rights requests | As long as needed to demonstrate compliance, typically up to six (6) years |
| Aggregated or anonymised data | May be retained without time limit |
After the retention period expires, we delete or anonymise the personal data. Deletion may be subject to ordinary backup-rotation processes.
If you are in the European Union, the European Economic Area, the United Kingdom, Switzerland or other jurisdictions whose law grants similar rights, you have the following rights with respect to your personal data:
| Right | What it means |
|---|---|
| Access (Art. 15 GDPR) | Obtain confirmation of whether we process your data, and a copy of it |
| Rectification (Art. 16) | Have inaccurate data corrected and incomplete data completed |
| Erasure (Art. 17) | Have your data deleted in certain circumstances |
| Restriction (Art. 18) | Restrict processing in certain circumstances |
| Portability (Art. 20) | Receive a copy of your data in a structured, commonly used, machine-readable format and have it transmitted to another controller |
| Object (Art. 21) | Object to processing based on our legitimate interests; we will stop unless we demonstrate compelling overriding grounds |
| Withdraw consent (Art. 7) | Withdraw consent at any time where processing is based on consent (currently not applicable as we do not rely on consent) |
| Not be subject to automated decision-making (Art. 22) | Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not perform such automated decision-making) |
Email privacy@axl.tech. We may need to verify your identity before responding. We will respond within one (1) month, extendable by up to two further months for complex requests, in accordance with Article 12 GDPR.
To opt out of direct marketing specifically, you can simply click "unsubscribe" in any of our marketing emails — no formal request is needed and your right is absolute.
If you are a student, learner or end-user of a school using AXL, please contact the school directly — they are the controller of your data.
You have the right to lodge a complaint with a Supervisory Authority. For Spain, the competent authority is:
Agencia Española de Protección de Datos (AEPD) c/ Jorge Juan, 6, 28001 Madrid, Spain https://www.aepd.es
Other EU residents may contact the supervisory authority of their habitual residence or place of work. UK residents may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
AXL uses a minimal set of technologies to operate the Services. We do not use advertising cookies, advertising trackers, or third-party web analytics tools (such as Google Analytics or Facebook Pixel) on our own Sites.
| Technology | Purpose | Type | Legal basis |
|---|---|---|---|
| Authentication cookies / session tokens | Keep you signed in to your AXL account | Strictly necessary | Performance of contract (and legitimate interests under ePrivacy "strictly necessary" exemption) |
| Security and anti-abuse identifiers | Prevent fraud, abuse and unauthorised access | Strictly necessary | Legitimate interests |
| New Relic monitoring | Application performance and error tracking | Operational | Legitimate interests — maintaining service reliability |
| Email open and click tracking in AXL marketing emails | Measure engagement with our marketing communications and improve their relevance | Marketing | Legitimate interests (with the right to object — see Section 8) |
Strictly necessary technologies do not require consent under the ePrivacy Directive. Because we do not use non-essential web tracking technologies on our Sites, no cookie consent banner is presented on AXL-operated pages. Email-engagement tracking applies only to recipients of our marketing emails and you can stop it by unsubscribing.
If a Customer operates a website or landing page through the AXL platform, the Customer is responsible for configuring its own cookie tools (analytics, advertising) and for obtaining any required consent from its end-users.
AXL offers optional integrations with Google Meet (via Google Calendar) and Zoom that allow Customer administrators to create video meetings for their educational workflows.
When a school administrator connects Google Meet to AXL, we use Google OAuth to access the administrator's Google account identity (such as email address and profile information) and Google Calendar event access through the calendar.events scope.
AXL uses the Google Calendar API only to create, update and delete calendar events created by AXL for student booking workflows. These events may include the meeting title, meeting time, attendee email addresses, and a Google Meet link generated through Google Calendar conference data.
AXL does not:
OAuth tokens are encrypted at rest and used only by authorised system processes to provide the connected school's booking workflow. Administrators can disconnect the Google Meet integration at any time, after which AXL stops using the token. Stored OAuth credentials are deleted on request to privacy@axl.tech.
AXL's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When a school administrator connects Zoom to AXL, we use Zoom OAuth to access the administrator's Zoom account identity (such as email address and profile information) and Zoom meeting management permissions.
AXL uses the Zoom API only to:
OAuth tokens are encrypted at rest and used only by authorised system processes. Administrators can disconnect the Zoom integration at any time. Zoom processes meeting content (audio, video, chat, recordings) under Zoom's own privacy practices; we recommend reviewing Zoom's privacy notice at https://zoom.us/privacy.
By default, Zoom may store meeting data in the United States. EU/EEA Customers may select Zoom's data-residency options in their own Zoom account settings. AXL does not control where Zoom hosts the meeting content.
The AXL Services are not directed to children under sixteen (16) years of age and we do not knowingly collect personal data directly from children under that age in our role as controller.
If you are a Customer using AXL to deliver education to minors, you are the controller of your students' data and are responsible for verifying parental consent or other lawful basis as required by the law of your students' jurisdiction (for example, fourteen (14) years under Spanish LOPDGDD, sixteen (16) years under default GDPR rules, varying between EU Member States, or in the case of the United States, thirteen (13) years under COPPA).
If we become aware that we have collected personal data from a child under sixteen (16) without verified parental consent in our role as controller, we will delete it promptly. To report such a case, contact privacy@axl.tech.
We implement technical and organisational measures designed to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest using AWS KMS, multi-factor authentication for personnel accessing production systems, role-based access control, logging and monitoring, and vendor due-diligence on sub-processors.
A summary of our technical and organisational measures is set out in Annex II of the Data Processing Addendum at https://admin.accelonline.io/docs/dpa/en. A short Security and Privacy Overview is available on request to privacy@axl.tech.
No system is perfectly secure. If you believe your account has been compromised, contact security@axl.tech.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act).
Over the last twelve (12) months, we have collected the following categories of personal information described in Cal. Civ. Code § 1798.140:
We collect this information for the purposes described in Section 3 above, from the sources described in Section 3, and disclose it to the recipients described in Section 5.
AXL does not sell personal information for monetary or other valuable consideration, and does not "share" personal information for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding twelve (12) months.
Subject to limited exceptions, California residents have the right to:
To exercise your California rights, email privacy@axl.tech. We may need to verify your identity. You may designate an authorised agent to exercise rights on your behalf, subject to verification.
This Notice is written to GDPR standards, which provide a high baseline of protection. If you are located in another jurisdiction (for example, the United Kingdom, Switzerland, Brazil, or other US states with comprehensive privacy laws such as Virginia, Colorado, Connecticut), the rights described in Section 8 generally also apply to you, with adjustments where local law provides additional or different rights.
For UK residents, the Information Commissioner's Office (ICO) is the relevant Supervisory Authority — https://ico.org.uk.
We may update this Notice from time to time. When we make material changes, we will:
Your continued use of the Services after the effective date of an updated Notice means you have read and understood the changes.
| Topic | Contact |
|---|---|
| Privacy enquiries and rights requests | privacy@axl.tech |
| Security incidents | security@axl.tech |
| General questions | support@axl.tech |
| Postal address | AXL EdTech Booster LLC, 16192 Coastal Highway, Lewes, Delaware 19958, USA |
| EU Representative (Article 27 GDPR) | Prighter Group, Schellinggasse 3/10, 1010 Vienna, Austria — https://app.prighter.com/portal/18576877104 |
| Spanish Supervisory Authority | AEPD — https://www.aepd.es |
| UK Supervisory Authority | ICO — https://ico.org.uk |
Thank you for trusting AXL with your data.