Data security
This article summarizes what Axiom does to ensure the highest standards of information security and data protection.
Compliance
Axiom complies with key standards and regulations.
ISO 27001
Axiom’s ISO 27001 certification indicates that we have established a robust system to manage information security risks concerning the data we control or process.
SOC2 Type II
Axiom’s SOC 2 Type II certification proves that we have strict security measures in place to protect customer data. If you’re an Enterprise customer, you can request a report that outlines the technical and legal details under non-disclosure agreement (NDA).
General Data Protection Regulation (GDPR)
Axiom complies with GDPR and its core principles including data minimization and rights of the data subject.
California Consumer Privacy Act (CCPA)
Axiom complies with CCPA and its core principles including transparency on data collection, processing and storage. You can request a Data Processing Addendum that outlines the technical and legal details.
Comprehensive security measures
Axiom employs a multi-faceted approach to ensure data security, covering encryption, penetration testing, infrastructure security, and organizational measures.
Data encryption
Data at Axiom is encrypted both at rest and in transit. Our encryption practices align with industry standards and are regularly audited to ensure the highest level of security.
Data is stored in the Amazon Web Services (AWS) infrastructure at rest and encrypted through technologies offered by AWS using AES-256 bit encryption. The same high level of security is provided for data in transit using AES-256 bit encryption and TLS to secure network traffic.
Penetration testing
Axiom performs regular vulnerability scans and annual penetration tests to proactively identify and mitigate potential security threats.
System protection
Axiom systems are segmented into separate networks and protected through restrictive firewalls. Network access to production environments is tightly restricted. Monitors are in place to ensure that service delivery matches SLA requirements.
Resilience against system failure
Axiom maintains daily encrypted backups and full system replication of production platforms across multiple availability zones to ensure business continuity and resilience against system failures. Axiom periodically tests restoration capabilities to ensure your data is always protected and accessible.
Organizational security practices
Axiom’s commitment to security extends beyond technological measures to include comprehensive organizational practices. Axiom employees receive regular security training and follow stringent security requirements like encryption of storage and two-factor authentication.
If you’re on the Enterprise plan, Axiom enables you to take control over access to your data and features within Axiom through role-based permissions.
Sub-processors
Axiom works with a limited number of trusted sub-processors. For a full list, see Sub-processors. Axiom regularly reviews all third parties to ensure they meet our high standards for security.
Report vulnerabilities
Axiom takes all reports seriously and has a responsible disclosure process. Please submit vulnerabilities by email to security@axiom.co.
Was this page helpful?