Transparency

Permissions Axiru requests on your Stripe account

Stripe Connect uses OAuth scopes to gate what a connected app can do. Here is the exact scope Axiru requests and the precise API endpoints we exercise under that scope. If anything below changes, this page updates first.

OAuth permissions requested

Axiru is a Stripe App. Permissions are declared in our app manifest (stripe-app.json) and presented to you on the Stripe consent screen at install. v1.0.x requests four read-only permissions: charge_read, dispute_read, payout_read, and event_read.

Read-only is sufficient for shadow mode (the default) and queue-first-with-manual-action: Axiru observes refunds, disputes, and payouts as Stripe emits them, evaluates policy, and routes flagged items to a human approver who executes the action inside Stripe. No write capability is required for the v1.0.0 experience.

Automated Enforce mode (Axiru cancels a payout, accepts a dispute, or executes a refund without a human in the loop) is gated behind a v1.1.0+ permission upgrade that requires admin re-consent. Stripe prompts the admin to approve the upgraded scope in the Stripe dashboard before any write call is possible.

We do not request: Stripe Identity, Stripe Capital, Stripe Issuing, Treasury, payment links, products, or any scope beyond what's needed for the workflows described below.

What we read

Stripe API	Why	Mode
`refunds.retrieve / .list`	Evaluate refund decisions, build the audit ledger	Shadow + enforce
`disputes.retrieve / .list`	Surface dispute lifecycle events for policy evaluation	Shadow + enforce
`payouts.retrieve / .list`	Detect anomalous payout patterns; CFO reporting	Shadow + enforce
`transfers.retrieve / .list`	For Connect platforms: route policies for transfers	Shadow + enforce
`charges.retrieve`	Resolve the parent charge for any refund/dispute under review	Shadow + enforce
`balance_transactions.retrieve`	Reconcile fee + net amounts when computing exposure	Shadow + enforce
`accounts.retrieve` (own only)	Display your connected account name in the dashboard	Shadow + enforce

What we write

Axiru takes no write actions in shadow mode. In enforce mode, only the following APIs are ever called, and only when a policy decision requires it:

Stripe API	Triggered by
`refunds.cancel`	A "block" decision on a refund still in pending state
`disputes.update` (evidence submission)	An operator approves Axiru's prepared dispute evidence in the approvals queue
`webhook_endpoints.create / .update`	One-time during onboarding to register Axiru's ingest URL

Every write is logged to your audit ledger with the policy ID, decision rationale, actor (system or operator), and timestamp.

What we never touch

Card numbers, CVCs, or any PCI cardholder data
Bank routing numbers or payout destination details
Identity verification documents
Capital, Issuing, Treasury, or Tax endpoints
Product catalogs, prices, or coupon objects

Revoking access

You can disconnect Axiru at any time from your Stripe dashboard under Settings → Connected accounts. Revocation invalidates the access token, cancels the webhook endpoints, and stops all ingest within seconds.

You can also delete your Axiru organization, which purges all stored decisions, audit records, and policy snapshots per our data retention policy.

Last reviewed: May 2026. See /stripe for the broader integration disclosure and /security for our security model.