Security & compliance
Axiom runs your business and holds your company data, so how we protect it matters. Here's the honest picture — what we do today, and what we're still building.
EU data residency
Your company data is stored at rest in the European Union (Hetzner, Germany). Where a sub-processor outside the EU is used, transfers are governed by Standard Contractual Clauses.
Encryption
Data is encrypted in transit (TLS) and connected-account credentials are encrypted at rest with AES-256-GCM. Card data never touches our servers — payments run through Stripe (PCI-DSS).
Tenant isolation
Every customer's data is isolated at the database layer with Postgres row-level security, so one tenant can never read or write another's records.
Your data rights
Export or erase your data at any time. A Data Processing Agreement (DPA) is available, our sub-processors are published, and GDPR access/rectification/erasure rights are supported.
Human-in-the-loop AI
Every agent action with external effect — sending an email, posting content, moving a deal — passes through your approval queue first. AI-generated content is labelled (EU AI Act Art. 50).
On the roadmap
We're building toward SOC 2 Type II with independent third-party auditing. It is not yet in place — we'd rather tell you plainly than imply a certification we don't hold.
Documents
Have a security or compliance question? Email info@digitalixhub.com.