~/security

Your data security,
our top priority.

We understand the importance of keeping your data safe. That‘s why we adopt enterprise-grade technologies and a comprehensive set of policies and controls to deliver products with security baked in at their core.

Contact our team->
Certifications
Trusted by
Looking glass logo
Intercap logo
Kit logo
Netlify logo
Eventim logo
Asana logo
Zed Industries logo
Mcfarlane logo
M1 Finance logo
Luma AI logo
Krea logo
Cal.com logo
Axle logo
Convex logo
Latch app logo
Hashnode logo
The Met logo
Beehiiv logo
Sensorbee logo
Hypermode logo
Astro logo
Voiceflow logo
Quicknode logo
Campsite logo
Yoxel logo
Chatdesk logo
Looking glass logo
Intercap logo
Kit logo
Netlify logo
Eventim logo
Asana logo
Zed Industries logo
Mcfarlane logo
M1 Finance logo
Luma AI logo
Krea logo
Cal.com logo
Axle logo
Convex logo
Latch app logo
Hashnode logo
The Met logo
Beehiiv logo
Sensorbee logo
Hypermode logo
Astro logo
Voiceflow logo
Quicknode logo
Campsite logo
Yoxel logo
Chatdesk logo

Data security measures

Data encrypted in transit and at rest

All data is encrypted both in transit and at rest using AES-256 bit encryption, with TLS used to secure network traffic. Our encryption practices align with industry standards and are regularly audited to ensure the highest level of security.

Secure, reliable infrastructure

Axiom systems are segmented into separate networks and protected through restrictive firewalls. Network access to production environments is tightly restricted. Monitors are in place to ensure that service delivery matches SLA requirements.

Redundancy and disaster recovery

Encrypted backups and replication across availability zones ensure business continuity in the event of system failure. Axiom tests restoration capabilities cyclically to ensure your data will always be protected and accessible.

Organizational security

Axiom employees receive regular security training, covering topics like information security and data privacy. Our remote team adheres to stringent security requirements like encryption of storage and use of two-factor authentication.

Access and user management

Role-based access control

Take control over access to your data and features within Axiom through role-based permissions. Assign specific roles across your team, including read-only, admin and owner.

Compliance

SOC2 Type II

Axiom has secured SOC 2 Type II certification, verifying that strict security measures are in place to protect customer data. Reports are available to eligible customers on request under NDA.

General Data Protection Regulation (GDPR)

Axiom is committed to GDPR compliance and adheres to core principles including data minimisation and rights of the data subject. For more details regarding 3rd party data visit sub-processors.

California Consumer Privacy Act (CCPA)

Axiom complies with the requirements of the CCPA, with transparency on data collection, processing and storage. We have a Data Processing Addendum available upon request.

ISO/IEC 27001 Certification

Axiom has established a robust system to manage information security risks concerning the data we control or process, adhering to the highest standards and practices outlined in this international standard.

HIPAA Compliance

Axiom supports HIPAA (Health Insurance Portability and Accountability Act) compliance for enterprise customers. Reports are available upon request.

Bug Bounty Policy

Services in scope

Any Axiom web service that handles reasonably sensitive user data is intended to be in scope. This includes virtually all the content in all of axiom.co and its subdomains.

The program has an important exclusion to keep in mind:

  • Third-party websites. Some Axiom-branded services hosted in less common domains may be operated by our vendors or partners. We can’t authorize you to test these systems on behalf of their owners and will not reward such reports. If in doubt, talk to us first!

Severity of reports

There are no rewards for security issues that are trivial or broadly applicable to every service. The following types of reports are considered out of scope:

  • Missing password complexity requirements
  • Self-XSS
  • User / organization existence or enumeration vulnerabilities
  • Insecure cookie settings for non-sensitive cookies
  • Bugs requiring exceedingly unlikely user interaction
  • Reports from automated tools or scans (without accompanying demonstration of exploitability)

To submit a report, please email security@axiom.co

Qualifying vulnerabilities

Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:

  • authentication or authorization flaws
  • cross-site scripting
  • cross-site request forgery
  • server-side code execution bugs

Note that the scope of the program is limited to technical vulnerabilities in Axiom-owned web applications. This program excludes:

  • social engineering or phishing attacks against our employees
  • issues related to use of out-of-date browsers and plugins
  • spam of any kind

Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques or do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate very significant volumes of traffic.

Reward amounts

All rewards are at our discretion. We attempt to align any award appropriately with the severity of the security risk.

FAQ