Privacy Policy

Last Updated: June 4, 2026

⚠️ Age Requirement: This service is only for users aged 13 and older. If you are under 13, you may not use this service. Parents/guardians: please review this policy and our Terms of Service.

1. What Axion Is

Axion is a product access and download service operated by Flux Studios. It lets you sign in with your Discord and Roblox accounts, verifies that you own a Flux Studios product (currently Orbit), and provides you with your download.

Axion is intentionally minimal: we only handle what is needed to confirm you own the product and to deliver it to you. We do not run a marketplace, process payments, or store purchase records ourselves (see Section 4).

2. Who We Are & Contact

Data Controller: Flux Studios

Service Operator: Axion is operated by a single individual (Janis), who is the only person with access to the Axion server and database.

Contact for Privacy Inquiries:
Email: [email protected] (no-reply mailbox; for data requests please also reach us on Discord)
Discord Support: via the Flux Studios support channel
Secondary contact (service operator): [email protected] or Discord @_jxnis_ (email is checked infrequently; Discord is faster)

Note: There is no designated Data Protection Officer. For urgent data protection concerns, contact us via the support channel.

3. Data We Collect

When you use Axion, we handle the following information:

Discord User ID & username - Received via Discord OAuth (identify scope) to identify you and sign you in
Roblox User ID & username - Received via Roblox OAuth (openid profile scope) to verify product ownership
Orbit Copy-Tracking Token - A unique token we generate and embed in each copy you download. It is linked to your Discord and Roblox User IDs for anti-piracy purposes, and is the main piece of data we store long-term
IP Address & User-Agent - Present in standard HTTP request logs, used for security and debugging. These are not linked to your stored account data
Login Session Cookie - A single essential cookie that keeps you signed in while you use the site (expires after 24 hours)

4. Data We Don't Collect or Store

Your Discord or Roblox password, or any authentication credentials
Your Discord or Roblox OAuth access tokens beyond your active browser session (they are held in your session only and discarded when it ends)
Your real name, email address, or personal contact information
Any payment information
License or purchase records - We do not currently store licenses. Whether you own a product is checked in real time against a third-party ownership service (Parcel) each time you download; we do not keep a copy of that result
Your account activity outside of Axion

5. Why We Use This Data

Authentication - To sign you in with Discord and Roblox
Ownership Verification - To confirm you own the product before letting you download it
Download Delivery - To generate your copy and embed your copy-tracking token
Anti-Piracy - To trace and, if necessary, disable copies that are distributed without authorization
Security & Debugging - To protect against abuse and diagnose problems via request logs

6. Legal Basis for Processing (GDPR)

Under GDPR Article 6, we process your personal data on the following grounds:

Contractual Necessity (Art. 6(1)(b)) - Processing your Discord and Roblox User IDs is necessary to verify ownership and deliver the download you requested
Legitimate Interest (Art. 6(1)(f)) - Anti-piracy copy tracking, security monitoring, and short-term request logging are legitimate interests in protecting our products and infrastructure
Legal Obligation (Art. 6(1)(c)) - We may process data where required to comply with applicable law

7. How Data Is Stored

Account-linked data (copy-tracking tokens with their associated Discord and Roblox User IDs) is stored in a PostgreSQL database
Our servers and database are located in Germany
Sensitive configuration (API keys, secrets) is supplied through environment variables, not stored in the database
Access to the database is restricted to the service operators
Backups: The database is included in routine backups so the service can be restored after a failure. This means your stored data may also exist in a backup for a limited time. Backups are automatically deleted after 30 days, after which the data they contain is gone from the backup as well

8. Data Retention

Copy-Tracking Tokens - Retained while the associated copy is active so we can verify and, if needed, disable it. Tokens may be retained after being disabled for anti-piracy and dispute-resolution purposes
HTTP / Access Logs - Kept only for a short period for security and debugging, then rotated out
Login Sessions - Session data expires after 24 hours, or sooner if you log out
Backups - Automatically deleted 30 days after creation
Deletion Requests - When you ask us to delete your data, we remove your identifiable records from the live database within 30 days. Copies in existing backups are not individually edited, but those backups are deleted on their normal 30-day cycle

9. Your Rights (GDPR & Data Protection Laws)

You have the following rights regarding your data:

Right to Access (Art. 15) - Request a copy of the data we hold about you
Right to Deletion (Art. 17) - Request removal of your personal data. We will comply within 30 days, except where a legitimate interest (e.g. an active anti-piracy investigation) requires limited retention
Right to Rectification (Art. 16) - Request correction of inaccurate data
Right to Data Portability (Art. 20) - Request your data in a portable, machine-readable format
Right to Restrict Processing (Art. 18) - Request that we limit how we use your data in certain circumstances
Right to Object (Art. 21) - Object to processing carried out on legitimate-interest grounds
Right to Lodge a Complaint (Art. 77) - Complain to your local data protection authority. See the EDPB member list

To exercise these rights, contact us using the details below. We aim to respond within 30 days (up to 90 days for complex requests).

10. International Data Transfers

Our servers are located in Germany (EU/EEA), so stored data remains protected under GDPR. Some data is necessarily shared with third-party services to provide Axion:

Authentication involves Discord and Roblox, which may process data outside the EU/EEA under their own safeguards
Ownership verification involves the Parcel service
By using Axion, you consent to these transfers, which are necessary to provide the service you requested

11. Automated Processing & Profiling

We do not use automated decision-making or profiling that significantly affects you. Ownership verification is automated but rule-based (does this Roblox account own the product?), not profiling. If automated enforcement is added in the future, we will update this policy.

12. Data Breach & Security Incident Notification

In the event of a data breach:

We will investigate and assess the risk to your personal data
If there is a high risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority within 72 hours, as required by GDPR Article 33
Notifications will describe the breach, its likely consequences, and the steps we are taking to mitigate harm

13. Roblox OAuth Disclosures

We use your Roblox User ID and username solely to verify product ownership
We do not store or access your Roblox password or authentication credentials
We do not access your Roblox account, inventory, or other private information
Your Roblox data is also subject to Roblox's own privacy policy, and we follow the Roblox Platform Terms of Use regarding user data

14. Third-Party Services

Discord - Used for sign-in. See Discord's privacy policy
Roblox - Used for sign-in and identification. See Roblox's privacy policy
Parcel - Used to verify product ownership in real time. Your Roblox User ID is sent to Parcel during a download check
These third parties have their own privacy policies, which we recommend reviewing

15. Cookies & Copy Tracking

Axion uses only one cookie, plus an anti-piracy token embedded in your download:

Login Session Cookie: A single essential cookie that keeps you signed in. It is not used for advertising or analytics and expires after 24 hours
Orbit Copy-Tracking Token: Each copy you download contains a unique token that identifies the Discord/Roblox user who downloaded it. It lets us verify ownership, prevent unauthorized distribution, and disable copies that are shared without permission. You may not remove, modify, or bypass it

We do not use analytics cookies, tracking pixels, or advertising cookies. IP addresses and User-Agents appear in standard request logs and are kept only briefly (see Section 8).

16. Policy Changes

We may update this policy from time to time. When we do, we will post the new version with an updated "Last Updated" date, and for material changes that affect your rights we will give notice where feasible.

17. Contact & Data Requests

To exercise any of your rights or submit a data request, please contact:

Email: [email protected] (no-reply; please also reach us on Discord for a faster response)
Discord Support: via the Flux Studios support channel
Service Operator (Janis): [email protected] or Discord @_jxnis_ (Discord preferred; email is checked infrequently)
Response Time: within 30 days (up to 90 days for complex requests)

If you are in the EU/EEA, you may also lodge a complaint with your local supervisory authority (e.g. the BfDI in Germany). Find yours via the EDPB member list.