Frequently asked questions.

Less than 10 minutes. Connect Stripe via the App Marketplace, pick a policy template, and you're in shadow mode replaying 90 days of history.

No. Shadow mode and Live Launch use the policy templates as-is. The visual policy builder (Control+) lets you customize without code. API access is available on Scale+ for teams that prefer infrastructure-as-code.

No. Shadow mode is read-only. Enforcement intercepts only the API calls your team or agents make through Axiru's gateway — your existing Stripe code keeps working. You opt in path by path.

Stripe Radar protects you on the incoming charge — it fires before a card is charged. Axiru protects you on the outgoing dollar — refunds, credits, payouts, transfers, disputes, app-fee refunds. They are complementary, not competitive.

One Stripe event evaluated by Axiru's enforcement policy in real time. Shadow-mode replays don't count. A multi-step approval (ALLOW → APPROVE_REQUIRED → APPROVED) is still one decision.

Yes. Shadow mode is permanently free with unlimited replay and simulation. We charge only when you turn enforcement on.

You pay the overage rate per 1,000 additional decisions. We notify at 80%, 100%, and 120%. No hard cut-off unless you configure one.

50% off Control for 6 months for YC, Techstars, and a16z portfolio companies under $5M ARR.

Never. Axiru reads Stripe event references — we are out of PCI scope by design.

US-East (Neon Postgres). EU residency available on Enterprise plans.

SOC 2 Type I expected Q3 2026; Type II targeted Q1 2027. We can share our internal control documentation and security posture letter on request.

Yes — GDPR-aligned DPA available on request.

For any decision, you can show which Stripe event triggered it, which policy version was active, which rule matched, who or what (human or agent) was the actor, the outcome, and a SHA-256 hash chained to the previous entry — tamper-evident. Audit exports re-hash identically across runs, so a regulator can verify the export on the spot.

Median <50ms per event. P99 under 150ms. Evaluation happens in-region at the Vercel edge near your Stripe webhook origin.

VPC and on-prem deployment is available on Enterprise contracts. The policy engine is packaged as a portable runtime.

Yes — Connect is a first-class use case. You govern money movement across all connected merchants from one control plane.

Yes. Axiru exposes a native MCP server. Any MCP-compatible agent (Claude Desktop, Cursor, Continue, custom agents) can request refunds, install policies, list and approve decisions — through the same auth path as humans. Every agent action is logged with the agent identity.

The kill switch halts everything instantly. Org admins can disable enforcement org-wide or per-agent. Every override is itself audit-logged.

Because once an agent has the credentials to issue a refund, there is nothing between it and Stripe. Prompt injection, hallucinated reasoning, or a buggy chain can trigger real money movement. Axiru is the deterministic policy layer that decides whether the agent's request actually executes.

Yes. The gateway returns a structured rejection the agent can handle — typically "REQUIRES_APPROVAL" with a deep link to the approval queue. The agent surfaces this to the user; the human approves or denies; the decision executes (or doesn't).

We publish agent.json and the policy schema spec at axiru.com/agent-schema. The full policy engine is closed-source today.

A small, technical team based in Miami. Founder background in fintech, payments, and AI-agent infrastructure.

We will share fundraise specifics on a call. The product is built and live.

Plaid and ACH governance are on the post-launch roadmap. We're prioritizing based on customer pull — if it's a deal-blocker, tell us.

Design partners are available for reference calls after a mutual NDA. Ask your Axiru contact.