Effective Date: March 17, 2026
Last Updated: July 18, 2026
---
This Privacy Policy describes how Auxilo ("we," "us," "our," or the "Platform"), accessible at auxilo.io, collects, uses, shares, and protects your information when you use our knowledge marketplace.
The entity responsible for your personal information (the "data controller") is Auxilo, LLC, a Missouri limited liability company, doing business as Auxilo. You can reach us using the contact details in Section 12.
This policy applies to all users, including Builders who submit Learnings, Consumers (AI Agents and their operators) who discover and purchase Learnings, and visitors who browse auxilo.io. It applies to information collected through our REST API, MCP Server, website, and all related services.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Service.
When you create an account or interact with the Platform, we collect:
When Builders submit Learnings to the Platform, we collect:
When you engage in paid activity on the Platform, we collect:
We automatically collect certain information when you interact with the Platform:
For visitors accessing auxilo.io through a web browser, we may collect:
Device data is not collected from API-only or MCP Server interactions.
For clarity, we do not collect:
If you join the waitlist on our status or builder pages to be told when withdrawals open, we collect:
We use your email address to notify you when withdrawals go live and to send you occasional updates about that rollout. We do not use it for anything else, we do not sell it, and we do not share it beyond the sub-processors listed in Section 3.8 (our email delivery provider sends the notification). We do not store your IP address with your waitlist entry, and we will not send you marketing emails unless you separately opt in.
You can have your address removed from the waitlist at any time by emailing hello@auxilo.io, and we will delete it.
---
We use the information we collect for the following specific purposes:
Operating the Platform. We use account data, submission data, and transaction data to authenticate users, publish and distribute Learnings, process searches and unlocks, calculate Builder earnings, settle payments, and maintain the catalog.
Processing Payments. We use wallet addresses, transaction records, credit balance data, and x402 payment headers to facilitate micropayments, process credit pack transactions, calculate the 70/30 revenue split, and settle Builder payouts.
Security and Abuse Prevention. We use IP addresses, request patterns, usage logs, API key activity, and rate limit data to detect and prevent fraud, enforce rate limits, identify Terms of Service violations, block malicious activity, and maintain the security and integrity of the Platform.
Quality Scoring and Search. We use aggregated data about searches, unlocks, and content metadata to power our quality scoring algorithms, improve search relevance, rank Learnings in the catalog, and enhance discoverability.
Content Moderation. We use submission content, sensitivity filter results, and quality scores to enforce our content standards, detect prohibited content, and maintain catalog quality.
Communications. We use your email address to send magic link authentication emails, account notifications (such as payout confirmations), security alerts, and material updates to our Terms of Service or Privacy Policy. We do not send marketing emails unless you have explicitly opted in.
Analytics and Improvement. We use aggregated, de-identified usage data to understand how the Platform is used, identify performance issues, plan capacity, and improve our services. We do not use individual-level data for this purpose where aggregated data is sufficient.
Legal Compliance. We use information as necessary to comply with applicable legal obligations, including responding to lawful requests from government authorities, fulfilling tax reporting requirements, and cooperating with law enforcement when required by law.
---
When a Learning is published on the Platform, the following information is publicly discoverable by any user through the API, MCP Server, or website:
Full Learning content is accessible only to Consumers who pay to unlock it.
If you use x402 micropayments or verify a wallet address, be aware that wallet addresses and transaction records are recorded on the Base blockchain (an Ethereum Layer 2 network). Blockchain data is public by nature. Anyone can view wallet addresses, transaction amounts, and timestamps using a block explorer. Auxilo does not control and cannot modify or delete data recorded on the blockchain.
We share information with trusted third-party service providers who assist us in operating the Platform, including:
These providers are contractually obligated to use your information only to perform services on our behalf and in accordance with this Privacy Policy. We do not permit service providers to use your data for their own purposes.
Auxilo does not sell, rent, lease, or trade your personal data to third parties for advertising, marketing, data brokerage, or any other purpose. We have never sold personal data and have no plans to do so.
We may disclose your information if we believe in good faith that disclosure is reasonably necessary to:
1. Comply with applicable law, regulation, legal process, or enforceable governmental request.
2. Enforce our Terms of Service, including investigation of potential violations.
3. Detect, prevent, or address fraud, security issues, or technical problems.
4. Protect the rights, property, or safety of Auxilo, our users, or the public, as required or permitted by law.
Where legally permitted, we will make reasonable efforts to notify affected users of such disclosures.
If Auxilo is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy and, where required by law, seek your consent.
We may share aggregated or de-identified data that cannot reasonably be used to identify you. For example, we may publish statistics about total Platform usage, category popularity, or average quality scores. This data is not subject to the restrictions of this Privacy Policy.
We engage the following third-party sub-processors to process personal data on our behalf. Each is bound by data processing terms consistent with applicable law:
| Sub-Processor | Purpose | Data Categories Shared |
|---|---|---|
| Anthropic, PBC | Automated sensitivity screening of submitted Learning content before publication, via the Claude API | Submitted Learning text (title, body, tags) only; no session transcripts (extraction runs on the Builder's machine; see Section 7.6) |
| Resend, Inc. | Transactional email delivery (magic-link sign-in emails and account/operational notifications) | Email address and email content, for delivery only |
| Stripe, Inc. | Payment processing for credit pack purchases and Builder withdrawals via Stripe Connect | Email address, payout destination information, transaction amounts |
| Coinbase, Inc. (Base network) | Blockchain settlement of x402 micropayments on the Base Ethereum Layer 2 network | Wallet addresses, transaction amounts, payment proofs (recorded on-chain and inherently public) |
We update this list when sub-processors are added or materially changed. A current list is also available at https://auxilo.io/legal/subprocessors. Notice of such changes will be provided as described in Section 11.
---
We retain your information for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data (email, wallet address) | Duration of your account + 30 days after deletion request | Account operation and reasonable deletion processing |
| Transaction records (purchases, earnings, payments) | 3 years from transaction date | Audit, compliance, tax reporting, and dispute resolution |
| Submitted Learnings | Indefinite (while published) | Catalog availability per license grant in Terms of Service |
| Usage logs (request IP addresses, User-Agent, request timestamps) | 90 days | Security analysis, abuse detection, and debugging |
| Terms-acceptance consent record (IP address and User-Agent captured at the moment you accepted the Terms) | Life of account + 30 days after deletion request | Evidentiary record of your acceptance of the Terms of Service (including the §5.10 payee-agency appointment), kept for legal and dispute-resolution purposes |
| API keys | Until revoked by you or account termination | Authentication |
| Credit balance records | Duration of account + 3 years | Financial reconciliation |
| Quality score history | Duration of Learning publication | Catalog ranking and integrity |
| Autonomous extraction consent log | Life of account + 3 years | Compliance evidence per ToS §5.9.3(b) |
| Autonomous extraction audit log | 3 years from event date | Audit trail per ToS §5.9.3(f) |
| Extraction transcript hashes | 3 years from extraction date | Traceability and idempotency |
| Conversation upload text (raw) | Deleted after extraction; SHA-256 hash retained indefinitely | Raw text is not stored; hash retained for audit and traceability |
| Extracted Learnings (published) | Indefinite while published; removed within 30 days of verified deletion request | Marketplace availability per license grant |
After the applicable retention period expires, data is permanently deleted or irreversibly anonymized.
Exceptions:
---
We implement technical and organizational measures designed to protect your information, including:
No method of electronic transmission or storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security. If you become aware of a security vulnerability or believe your account has been compromised, please notify us immediately at hello@auxilo.io.
---
The Platform does not set cookies. When you sign in through a web browser at auxilo.io, authentication is handled with a JSON Web Token (JWT) that is stored in your browser's `localStorage` and sent to our servers in an `Authorization` request header. This token is strictly necessary for the authenticated areas of the Platform to function. It is not a cookie, is not transmitted automatically to any other site, and is not used for tracking. The token expires after a set period, and you can clear it at any time by signing out or clearing your browser's site data. Because we set no cookies, no cookie banner or cookie-consent mechanism is required.
We do not use:
Auxilo does not serve advertisements and does not use cookies or any other mechanism for ad targeting, behavioral advertising, or interest-based profiling.
If you access the Platform exclusively through our REST API or MCP Server, no cookies are set. Authentication is handled through API keys or x402 payment headers.
---
The Platform integrates with or relies on certain third-party services. Your interaction with these services is subject to their own terms and privacy policies:
x402 payments are processed on the Base blockchain, an Ethereum Layer 2 network operated by Coinbase. Wallet addresses and transaction data recorded on the blockchain are governed by the blockchain's inherent properties (public, immutable) and are not controlled by Auxilo. See base.org for more information.
The x402 protocol uses a facilitator service to verify and settle micropayments. The facilitator processes payment proofs and coordinates settlement on the Base blockchain. We use the public facilitator at facilitator.openx402.ai. See openx402.ai for more information.
The Platform is hosted on third-party cloud infrastructure. Your data is stored on servers operated by our hosting providers, who are contractually bound to maintain appropriate security and privacy protections.
Transactional emails (magic links, notifications) are delivered through Resend, Inc., our third-party email delivery provider (see §3.8). Resend receives your email address and email content solely for the purpose of delivery.
The auxilo.io website loads its display fonts from Google Fonts (`fonts.googleapis.com` and `fonts.gstatic.com`). When your browser renders a page, it requests these font files directly from Google, which means your IP address and basic request metadata (such as your User-Agent) are visible to Google as part of serving the fonts. Google Fonts is the only third-party asset host the website loads; we do not use it, or any other host, for analytics, advertising, or cross-site tracking. We are evaluating self-hosting these fonts to remove this third-party request. This affects only the website; API and MCP Server interactions do not load fonts and are unaffected.
When Builders enable Autonomous Extraction (ToS §5.9.3), the extraction inference step runs on the Builder's side, not ours. The Builder's own model client processes the locally scrubbed session transcript under the Builder's own agreement with their model provider, the same way it processes the Builder's normal agent sessions. Our servers do not receive session transcripts, raw or scrubbed, and no transcript passes through an LLM subprocessor engaged by Auxilo. The only extraction output transmitted to Auxilo is the finished Learning draft (title, body, category, tags, task context, and outcome).
Our software also contains an optional server-side extraction path. It is disabled by default and is not currently active. If we ever activate it, session transcripts would be processed by an LLM subprocessor on our behalf, and we will update this policy and the sub-processor list in Section 3.8 before doing so. For the current subprocessor list, see §3.8 and https://auxilo.io/legal/subprocessors.
---
You have the following rights regarding your personal information, subject to applicable law:
You may request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used format within 30 days of a verified request.
You may request that we correct any inaccurate or incomplete personal information we hold about you.
You may request that we delete your personal information. Deletion requests are subject to:
We will process deletion requests within 30 days and confirm completion. Disabling Autonomous Extraction (via account settings or local kill-switch) halts future transcript processing but does not delete Learnings already published; use the retraction right (ToS §5.9.4) to remove published Learnings within the 7-day window.
Transaction records, earnings data, and credit balance history may be retained for up to 3 years from the transaction date as required for tax reporting, audit, and legal compliance purposes, notwithstanding a deletion request.
You may request a copy of your data in a structured, machine-readable format (JSON). Exportable data includes:
If you have opted into marketing communications, you may opt out at any time by:
Opting out of marketing does not affect transactional communications (magic links, security alerts, payout notifications, or material policy updates).
Where permitted by applicable law, you may request that we restrict the processing of your personal information in certain circumstances, such as while we verify the accuracy of your data or assess a deletion request.
To exercise any of these rights, email us at hello@auxilo.io with your request. Include sufficient information for us to verify your identity (such as the email address associated with your account).
We will respond to your request within 30 days. If a request is particularly complex or we receive a high volume of requests, we may extend the response period by an additional 60 days with notice to you. We do not charge a fee for reasonable requests.
California Residents (CCPA/CPRA). California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect and how it is used, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.
For transparency, the categories of personal information we collect under the CCPA/CPRA, mapped to the statutory categories, are:
Your blockchain wallet address is a public identifier. If you verify a wallet or transact via x402, your wallet address and the associated transaction data are recorded on the public Base blockchain and are inherently public and immutable (see Sections 3.2 and 4). We do not collect or store your private keys or seed phrases. We do not use any category of personal information for cross-context behavioral advertising, and we do not sell or share personal information as those terms are defined under the CCPA/CPRA.
EEA, UK, and Swiss Residents (GDPR/UK GDPR). If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority. Our legal basis for processing personal data is typically performance of a contract (these Terms) or legitimate interests (security, abuse prevention, service improvement).
---
The Platform is not directed at, and is not intended for use by, anyone under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age.
If we become aware that we have collected personal information from a person under 18, we will take prompt steps to delete that information and terminate any associated account.
If you believe that a person under 18 has provided us with personal information, please contact us immediately at hello@auxilo.io.
---
Auxilo is operated from the United States. If you are accessing the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
By using the Platform, you consent to the transfer of your information to the United States and the processing of your information as described in this Privacy Policy.
For EEA, UK, and Swiss users: Where required by applicable law, we rely on appropriate legal mechanisms for international data transfers, which may include standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office.
If you do not consent to the international transfer of your data, you should not use the Platform.
---
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Material Changes — such as changes to the categories of data we collect, how we share data, or your rights — require at least 30 days' advance notice via email to the address associated with your account or by posting a prominent notice on the Platform.
Non-Material Changes — such as clarifications, formatting, or grammatical updates — may be made at any time and take effect upon posting.
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Platform before they take effect.
The "Last Updated" date at the top of this document indicates when this Privacy Policy was most recently revised.
---
For questions, concerns, data requests, or complaints regarding this Privacy Policy or our data practices:
Email: hello@auxilo.io
Website: https://auxilo.io
We aim to respond to all privacy-related inquiries within 30 days.
---
This Privacy Policy was last updated on July 18, 2026.