Axon Solutions, Inc. – Privacy Policy

Effective Date: 11/4/2025  ·  Last Updated: 11/4/2025

1. Overview

Axon Solutions, Inc. ("Axon," "we," "us," or "our") is committed to protecting the privacy and security of the information entrusted to us. This Privacy Policy explains how we collect, use, share, and protect information through our products, services, and websites, including axonsolutions.co and related subdomains (collectively, the "Services").

Axon provides data infrastructure and automation software that connects to customer relationship management (CRM) platforms such as HubSpot and Salesforce to scan, clean, enrich, and analyze CRM data. We help businesses improve data quality, accuracy, and completeness without selling or reselling personal information.

2. Scope

This policy applies to:

  • Visitors of our websites
  • Users of Axon's SaaS application ("Axon")
  • Clients using Axon Solutions' consulting services
  • Partners and vendors with whom we share data for business purposes

This policy does not cover data processed independently by our clients within their own CRMs or systems.

3. Information We Collect

a. Information You Provide

We collect information directly from you when you:

  • Create an account or log in to our application
  • Connect third-party systems (e.g., HubSpot, Salesforce, Zendesk)
  • Request demos, consulting, or support
  • Participate in surveys, beta programs, or research initiatives

Examples of information we may collect include:

  • Name, business email address, job title, and company name
  • CRM or platform credentials (via OAuth, never stored in plain text)
  • Billing and payment information
  • Support communications and feedback

b. Information We Process on Behalf of Customers

Axon acts as a data processor (under GDPR) and service provider (under CCPA) when handling our clients' CRM data. This data typically includes:

  • Contact and company information (names, emails, phone numbers, roles)
  • CRM metadata (deal stages, account ownership, timestamps)
  • Marketing and sales activity logs
  • Integration data from enrichment sources (e.g., Apollo, StoreLeads)

We process this data only at the instruction of our clients to provide our Services—such as data quality scoring, enrichment, and deduplication. Axon does not sell, rent, or share this data with third parties for marketing or commercial gain.

c. Automatically Collected Information

When you use our Services, we may collect:

  • Device and browser type, IP address, and usage logs
  • Application performance metrics (via Logtail, Supabase logs, or Metabase telemetry)
  • Aggregate analytics about feature usage to improve product reliability

All analytics are anonymized or pseudonymized where feasible.

4. How We Use Information

We use information for the following purposes:

  • To provide, maintain, and improve the Axon platform and consulting services
  • To authenticate users and enable secure system access
  • To perform CRM data scans, enrichments, and cleanups as requested
  • To communicate with users about updates, security issues, or support
  • To analyze aggregate platform usage for reliability and scaling
  • To comply with legal obligations and enforce our terms of service

We do not use customer CRM data for product training, resale, or behavioral advertising.

5. Legal Bases for Processing (GDPR)

For individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data under the following legal bases:

  • Contractual necessity: To provide our Services as contracted by you or your employer
  • Legitimate interest: To improve functionality and maintain platform security
  • Consent: When you explicitly opt in to communications or integrations
  • Legal obligation: When required to comply with applicable laws

6. How We Share Information

We may share information only in these cases:

  • With Service Providers: Third-party vendors supporting hosting, infrastructure, and analytics (e.g., Google Cloud Platform, Vercel, Supabase, Airbyte). All vendors are bound by confidentiality and SOC 2–equivalent security obligations.
  • With Subprocessors: We maintain a public list of subprocessors at https://axonsolutions.co/subprocessors.
  • For Legal Compliance: When required by law, subpoena, or government request.
  • In Business Transfers: If Axon undergoes a merger, acquisition, or sale of assets, data may transfer as part of that transaction under equivalent protections.

Axon does not sell or trade personal data.

7. Data Retention

We retain customer data only as long as necessary to fulfill the purposes described above or as required by law or contractual obligations. When a customer account is closed, we:

  • Delete or anonymize all CRM data within 30 days
  • Retain minimal account metadata (e.g., invoices, contracts) for legal recordkeeping
  • Maintain system logs securely for audit and forensic purposes (up to 90 days)

8. Data Security

Axon implements industry-standard safeguards to protect all information, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-Based Access Control (RBAC) and least-privilege permissions
  • Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
  • Network and data isolation for multi-tenant environments
  • Security audits and vulnerability scanning as part of SOC 2 compliance
  • Incident response procedures with 24-hour internal notification SLAs

Security and compliance controls are reviewed quarterly by our engineering leadership and verified annually via independent SOC 2 audits.

9. Data Subject Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict data processing
  • Request data portability
  • Withdraw consent where applicable
  • File a complaint with your local supervisory authority

Requests can be made by emailing admin@axonsolutions.co. We will respond within 30 days in accordance with applicable laws.

10. International Data Transfers

Axon operates primarily in the United States but may process data globally through authorized service providers. All transfers outside of the U.S. or EEA are governed by appropriate legal safeguards such as Standard Contractual Clauses (SCCs) or vendor SOC 2 certification.

11. Children's Privacy

Axon does not knowingly collect or process personal data from individuals under the age of 18. Our Services are intended for business use only.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the "Last Updated" date above and provide notice via our website or email when material changes occur.

13. Contact Us

For questions, concerns, or data requests, please contact:

Axon Solutions, Inc.

Attn: Privacy Officer

El Segundo, California, USA

admin@axonsolutions.co

14. Compliance Frameworks

Axon's privacy and data protection program aligns with:

  • SOC 2 Type II (Security, Confidentiality, Privacy)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • NIST 800-53 and ISO 27001 security best practices