Security & data protection

Your decisions are sensitive. We take security seriously.

How we protect your data

HTTPS encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols. No data travels unencrypted.

Secure database hosting

Your data is stored in secure, professionally managed PostgreSQL databases with regular automated backups. Database access is restricted and audited.

Role-based access control

Workspace owners control who has access to projects and data. Owner, Admin, and Member roles ensure appropriate permissions for each team member.

Secure authentication

Passwords are hashed using industry-standard bcrypt algorithms. We never store plain-text passwords. Session management uses secure, httpOnly cookies.

Payment security

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider. We never store your credit card information on our servers.

Data ownership

You own your data. You can export it at any time. If you close your account, your data is permanently deleted within 30 days.

Infrastructure

Hosting

AxiumVista is hosted on Railway, a modern cloud platform with robust security practices. Servers are located in secure data centers with 24/7 monitoring.

Database

PostgreSQL databases are managed by Railway with automatic backups, encryption at rest, and restricted network access. Backups are retained for 30 days.

AI processing

AI assistance is powered by OpenAI's API. Data sent to OpenAI is used only to generate suggestions and is not retained or used for model training. See OpenAI's data usage policy for details.

Monitoring & logging

We log application errors and security events for debugging and security purposes. Logs are retained for 90 days and do not include sensitive user data.

Privacy & data usage

What data we collect

  • Account information: name, email, hashed password
  • Workspace and project data: SCQA, ICE scores, action plans
  • Usage data: feature usage, login times (for product improvement)
  • Payment information: handled by Stripe, not stored on our servers

How we use your data

  • To provide and improve the AxiumVista service
  • To send transactional emails (password resets, invitations)
  • To provide customer support when requested
  • To detect and prevent fraud or abuse

What we DON'T do

  • We do not sell your data to third parties
  • We do not use your project data for marketing
  • We do not train AI models on your content
  • We do not share data with anyone except as required by law

Compliance & legal

GDPR

AxiumVista is operated by App Harbour ApS, a Danish company. We comply with the EU General Data Protection Regulation (GDPR). You have the right to access, correct, delete, or export your data at any time.

Data processing agreement

For Team plan customers who require a Data Processing Agreement (DPA), please contact us at support@axiumvista.com.

Certifications

We do not currently hold SOC 2, ISO 27001, or similar certifications. Our infrastructure partners (Railway, Stripe) maintain industry-standard certifications.

Questions about security?

If you have specific security or compliance questions, please contact us at security@axiumvista.com.

For full details, see our Privacy Policy and Terms of Service.

Ready to get started?

Start with a free account. No credit card required.

Start free