Security

We collect the minimum data required to deliver product functionality. We don't harvest analytics, sell data, or build ad profiles. If we don't need it, we don't store it.

All data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. We follow industry-standard key management practices and never store encryption keys alongside encrypted data.

API keys, tokens, and credentials are never exposed in client-side code or browser storage. Where API keys are necessary, they are server-side only with strict scoping and rotation policies.

Products that handle sensitive operations maintain structured audit logs. These logs record who performed an action, what changed, when it happened, and from what context. Logs are append-only and tamper-evident.

If you discover a security vulnerability in any AxixOS product, please report it to security@axixos.com. We commit to acknowledging receipt within 48 hours and providing an initial assessment within 5 business days.

We maintain an incident response plan for security events. In the event of a breach, affected users will be notified within 72 hours with clear information about what happened, what data was affected, and what steps we're taking.