Privacy Policy

AxiomGuardOS ("AxiomGuardOS," "we," "us") provides an evidence-native AI governance operating system designed to help organizations turn policy into enforceable controls and produce audit-grade proof. This Privacy Policy explains how we collect, use, disclose, and protect information when you access our websites, applications, APIs, and related services (collectively, the "Services").

1. Information We Collect

We collect information in three main ways: (a) information you provide, (b) information generated through your use of the Services, and (c) information from third parties.

A) Information you provide

• Account information: name, email, organization name, role/title, authentication identifiers (e.g., SSO subject IDs).
• Billing/contact information: billing contact, invoicing details. (Payment card data is typically handled by our payment processor when applicable.)
• Support communications: messages, attachments, and metadata you send to support.

B) Information generated through use of the Services (governance + evidence data)

Depending on your configuration and what you upload, we may process:

• Policy artifacts: policies, standards, controls, procedures, exceptions, approvals.
• Evidence artifacts: exports, attestations, evidence packs, signatures, timestamps, audit trails.
• Code scan inputs and results: code snippets you submit, filenames, scan findings, matched controls/policies, risk ratings.
• Operational telemetry: user actions within the product (e.g., approvals, drill runs, kill-switch actions), system events, logs, and diagnostic data.
• Incident replay data: time-indexed events and state transitions used to reconstruct what occurred.

C) Device and usage information

• IP address, browser type, device identifiers, operating system, pages viewed, and referring URLs.
• Cookies and similar technologies (see Cookies & Analytics).

D) Information from third parties

• Identity providers (SSO): basic profile and authentication tokens/claims.
• Integrations you enable (e.g., repositories, ticketing, cloud platforms): data you choose to connect, governed by your integration settings.
• Service providers: hosting, analytics, support tooling.

2. How We Use Information

We use information to:

• Provide and operate the Services (authentication, authorization, product features).
• Produce governance outputs (e.g., evidence packs, audit exports, policy enforcement logs).
• Secure the Services (fraud prevention, abuse detection, incident response).
• Improve and debug (performance, feature usage insights, reliability).
• Communicate with you (service updates, security notices, support responses).
• Comply with law and enforce our agreements.

3. Legal Bases (where applicable)

Where required, we rely on one or more of: contract necessity, legitimate interests (security, improvement), consent (optional cookies/marketing where enabled), and legal obligations.

4. Sharing and Disclosure

We may share information with:

• Service providers (hosting, monitoring, analytics, support) acting under contract.
• Your organization and administrators (workspace-level visibility and audit requirements).
• Integration partners you enable (only as configured by you).
• Legal and safety disclosures when required by law or to protect rights and security.

We do not sell personal information.

5. Data Retention

We retain information for as long as necessary to:

• Provide the Services and maintain auditability (e.g., evidence chains, governance logs),
• Meet legal/accounting requirements,
• Resolve disputes and enforce agreements.

Retention periods may vary by workspace configuration. You may request deletion subject to legal and operational requirements.

6. Security

We use administrative, technical, and physical safeguards designed to protect information, including access controls, encryption in transit, and least-privilege practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. International Transfers

If we transfer information across borders, we use appropriate safeguards consistent with applicable law (e.g., contractual protections).

8. Your Rights and Choices

Depending on your location, you may have rights to:

• Access, correct, or delete personal information,
• Object to or restrict certain processing,
• Export your information (where applicable),
• Withdraw consent (where processing is based on consent).

Requests can be made at: privacy@axiomguardos.com

9. Cookies & Analytics

We use cookies and similar technologies to:

• Maintain sessions and security,
• Remember preferences,
• Understand usage to improve the Services.

You can control cookies through your browser settings. Some features may not function without essential cookies.

10. Children's Privacy

The Services are not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date.

12. Contact Us

Questions or concerns: privacy@axiomguardos.com