Privacy Policy

Last Updated: January 31, 2026

1. Information We Collect

Axiomly collects the following information to provide and improve our AI governance platform:

1.1 Account Information

  • Name and email address
  • Organization name
  • User role and permissions

1.2 Authentication Metadata

  • SSO identifiers (when using Single Sign-On)
  • Tenant IDs and organizational identifiers
  • Authentication timestamps and session data

1.3 Usage Metadata

  • Approval and rejection actions
  • Approval request submissions
  • Audit log entries
  • Platform configuration changes

1.4 API Interaction Metadata

  • API endpoint access patterns
  • Request timestamps and response codes
  • API key usage (non-payload metadata only)

2. Information We Do NOT Collect

Axiomly is designed with privacy at its core. We explicitly do NOT collect:

  • Source code contents - Your code never leaves your environment
  • AI prompts or responses - We never see your AI conversations
  • Customer intellectual property - Your data remains yours
  • Payment card data - Handled exclusively by Stripe, our payment processor

3. How We Use Your Information

We use collected information for the following purposes:

  • Authentication and Authorization - Verify your identity and access rights
  • Governance Enforcement - Apply your organization's approval policies
  • Audit Logging - Maintain compliance and security records
  • Security Monitoring - Detect and prevent unauthorized access
  • Platform Improvement - Analyze aggregated, non-identifiable usage patterns

4. Data Sharing

Axiomly does not sell your data. We do not use your data for advertising purposes.

4.1 Limited Sharing

We share data only with the following trusted partners:

  • Identity Providers (e.g., Microsoft Entra ID) - For SSO authentication
  • Payment Processors (Stripe) - For subscription billing
  • Hosting Providers (AWS) - For secure infrastructure

All partners are bound by strict data protection agreements.

5. Data Retention

  • Tenant-Scoped Data - Retained for the duration of your subscription
  • Audit Logs - Retained per compliance requirements (typically 1-7 years)
  • Configurable Retention - Some data retention periods can be configured by tenant administrators
  • Deletion Upon Request - Data deleted within 30 days of account termination, except where legally required

6. Security Measures

We implement industry-standard security controls:

  • Encryption in Transit - TLS 1.2+ for all data transmission
  • Encryption at Rest - All stored data is encrypted
  • Role-Based Access Control - Least-privilege access model
  • Tenant Isolation - Complete data separation between organizations
  • Comprehensive Audit Logging - All actions are logged and traceable

For more details, see our Security page.

7. Your Rights

You have the following rights regarding your personal data:

  • Access - Request a copy of your personal data
  • Correction - Update inaccurate or incomplete data
  • Deletion - Request deletion where legally permissible
  • Data Export - Receive your data in a portable format
  • Opt-Out - Decline non-essential data processing

To exercise these rights, please contact us.

8. Cookies and Tracking

Axiomly uses minimal cookies for:

  • Session management and authentication
  • User preferences (e.g., dark mode)

We do not use third-party tracking or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of Axiomly after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or concerns, please visit our Contact page.