How AxiomWeb collects, uses, stores, and protects information across all of our services, websites, and client engagements.
This Privacy Policy (“Policy”) describes the practices of AxiomWeb LLC (“AxiomWeb,” “we,” “our,” or “us”) regarding the collection, use, disclosure, and protection of personal information obtained through:
This Policy applies to all visitors, prospective clients, active clients, former clients, job applicants, and any other natural persons whose personal information comes into the possession of AxiomWeb. It does not apply to personal information processed by AxiomWeb on behalf of clients as a data processor — those processing activities are governed by the applicable Data Processing Agreement (DPA) between AxiomWeb and the client.
Plain language summary: We only collect what we need. We don’t sell your data. We don’t use surveillance ad networks. We protect client information with the same rigor we apply to our own systems.
| Category | Examples | When Collected |
|---|---|---|
| Contact Information | Name, email address, phone number, company name | Contact forms, email inquiries, phone calls |
| Business Information | Company size, industry, project description, budget range | Project intake forms, discovery calls |
| Account Credentials | Username, hashed password, multi-factor authentication data | Client portal registration |
| Payment Information | Billing name, address; card data processed by Stripe (never stored by AxiomWeb) | Invoice payment, subscription setup |
| Communications Content | Emails, messages, meeting notes, project briefs | Ongoing engagement |
| Employment Information | Résumé, work history, references, portfolio links | Job applications |
| Category | Examples | Purpose |
|---|---|---|
| Log Data | IP address, browser type, referring URL, pages visited, timestamps | Security monitoring, abuse prevention |
| Device Information | Operating system, screen resolution, device type | Compatibility and UX improvement |
| Usage Analytics | Page views, session duration, click paths, scroll depth | Site performance and content improvement |
| Security Events | Failed login attempts, bot signals, honeypot triggers | Fraud and abuse detection |
AxiomWeb does not use fingerprinting, cross-site tracking pixels, behavioral ad profiling, or any technology designed to build persistent behavioral profiles of individuals across unrelated websites.
We may receive limited information from third parties in the following circumstances:
AxiomWeb uses personal information for the following purposes, each tied to a specific legal basis outlined in Section 04:
We do not: sell personal information, rent mailing lists, use personal data for behavioral advertising, share client information with competitors, or process personal information for any purpose materially incompatible with the purposes stated at the time of collection.
For individuals in jurisdictions with formal legal basis requirements (including EU/EEA residents under the GDPR and UK residents under UK GDPR), our processing activities are grounded in the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Fulfilling a contracted software engagement | Performance of a contract (Art. 6(1)(b) GDPR) |
| Responding to inquiries and proposals | Pre-contractual measures / Legitimate interests |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Financial record-keeping and tax compliance | Legal obligation (Art. 6(1)(c) GDPR) |
| Marketing emails to opted-in contacts | Consent (Art. 6(1)(a) GDPR) / CAN-SPAM compliance |
| Job application processing | Pre-contractual / Legitimate interests |
| Anonymous site analytics | Legitimate interests — no individual profiling |
Where processing is based on legitimate interests, we have conducted a balancing test and determined that our interests do not override the fundamental rights and freedoms of data subjects. You may request a copy of our legitimate interests assessment by contacting us at the address in Section 15.
AxiomWeb does not sell, trade, or rent personal information to third parties. We disclose information only in the following limited circumstances:
We engage carefully vetted third-party service providers who process data on our behalf under written data processing agreements:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing name, address, card data (Stripe-hosted; AxiomWeb never receives raw card numbers) |
| SMTP / Email Relay | Transactional email delivery | Recipient email address, message content |
| Backblaze B2 | Encrypted backup storage | Encrypted database and file backups |
| Domain / DNS Registrar | Domain name services | Registrant contact data (ICANN-required) |
| Legal Counsel | Contract review, compliance | As minimally necessary for legal advice |
| Accountants / Auditors | Financial reporting, tax filing | Transaction records, client names for invoicing |
We may disclose personal information if we have a good-faith belief that disclosure is necessary to: (a) comply with applicable law or a valid legal order, subpoena, or court order; (b) protect the rights, property, or safety of AxiomWeb, our clients, or the public; or (c) detect, prevent, or address fraud, security, or technical issues. Where legally permitted, we will notify affected individuals of such requests.
In the event of a merger, acquisition, asset sale, or transfer of substantially all of AxiomWeb’s business, personal information may be transferred to the acquiring entity. We will provide notice before personal information is transferred and becomes subject to a materially different privacy policy, and affected individuals will have the opportunity to opt out where required by law.
We may share information for other purposes with your explicit prior consent, which will be obtained through a clear affirmative action. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.
We retain personal information only as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Active client project files | Duration of engagement + 7 years | Contract compliance, dispute resolution |
| Financial / billing records | 7 years from transaction date | IRS and state tax law requirements |
| Security / access logs | 90 days rolling | Incident response and abuse investigation |
| Inquiry / lead communications | 3 years from last contact | Business development records |
| Job applicant records | 2 years from application date | Equal employment opportunity compliance |
| Marketing opt-in records | Until opt-out + 2 years | CAN-SPAM / anti-spam compliance proof |
| Website analytics (anonymized) | 26 months rolling | Trend analysis; no individual identifiers retained |
| Backup snapshots (encrypted) | 30 days rolling; annual snapshot 1 year | Disaster recovery |
When data is no longer required under these schedules, it is securely deleted using industry-standard methods. Encrypted backups are purged on the same schedule. Physical documents, where applicable, are shredded.
AxiomWeb maintains a security-first architecture across all systems that handle personal information. Our controls include:
No system is impenetrable. While we implement industry-leading controls, no transmission over the internet or electronic storage method is 100% secure. If you believe a security incident has occurred involving your information, contact us immediately at admin@axiomweb.net.
In the event of a data breach that poses a risk to individuals’ rights and freedoms, AxiomWeb will: (a) investigate and contain the breach within 72 hours of discovery; (b) notify affected individuals without undue delay when the breach is likely to result in high risk to their rights; (c) notify applicable regulatory authorities where legally required; and (d) maintain a documented breach log regardless of severity.
AxiomWeb uses a minimal, privacy-respecting approach to cookies. We do not deploy third-party advertising cookies, social media tracking pixels, or cross-site behavioral tracking of any kind.
| Cookie Name / Type | Purpose | Duration | First or Third Party |
|---|---|---|---|
| ax-style, ax-tone | Stores your visual theme preference (localStorage) | Persistent (localStorage) | First party |
| Session cookies | Maintains login state in client portals | Session (expires on browser close) | First party |
| CSRF tokens | Cross-site request forgery protection on forms | Session | First party |
| Analytics (anonymized) | Aggregated page view and session data; no individual identifiers | Up to 26 months | First party |
You can control cookies through your browser settings. Disabling cookies may affect the functionality of client portal features. For localStorage preferences, you can clear them via your browser’s developer tools or site data settings.
We do not honor third-party “Do Not Track” signals because we do not engage in the cross-site tracking those signals are designed to prevent. Our analytics are first-party and anonymized by design.
Our website loads resources from the following third-party domains. These are limited to functional dependencies with no behavioral tracking components:
| Service | Resource Loaded | Privacy Policy |
|---|---|---|
| Google Fonts | Inter & JetBrains Mono font files | policies.google.com/privacy |
| Stripe | Secure payment form (client portals only) | stripe.com/privacy |
We do not load Facebook Pixel, Google Ads tags, LinkedIn Insight Tag, TikTok Pixel, or any other behavioral advertising technology on our public site or client portals.
Links from our site to external websites are provided for convenience. AxiomWeb has no control over and assumes no responsibility for the content or privacy practices of any third-party sites. We encourage you to review the privacy policy of any external site you visit.
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. We honor these rights for all individuals regardless of location, to the extent technically and legally feasible.
To exercise any of these rights, submit a written request to admin@axiomweb.net with “Privacy Request” in the subject line. We will respond within 30 calendar days. We may need to verify your identity before fulfilling certain requests. There is no fee for standard requests.
AxiomWeb’s website and services are directed exclusively toward business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age through our public-facing website or business services.
If you are a parent or guardian and believe your child has provided personal information to us, contact us immediately at admin@axiomweb.net and we will promptly delete that information.
Note: Client engagements where AxiomWeb builds software that may interact with minors are governed by separate Data Processing Agreements that include appropriate COPPA, FERPA, and CCPA minor-specific provisions as applicable.
AxiomWeb is based in the United States. All primary data processing and storage infrastructure operates on US-based servers. If you are accessing our services from outside the United States, your information will be transferred to and processed in the United States.
For individuals in the EU/EEA or UK, the United States does not have an adequacy decision equivalent to the EU-US Data Privacy Framework for all transfers. Where we transfer personal data from the EU/EEA or UK to the US, we rely on:
You may request a copy of the applicable transfer mechanism documentation by contacting us at the address in Section 15.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023, provides you with additional rights. This section supplements the rights described in Section 10.
In the preceding 12 months, AxiomWeb has collected the following CCPA categories of personal information:
California residents may submit requests by emailing admin@axiomweb.net with “CCPA Request” in the subject line. We will respond within 45 calendar days (extendable by an additional 45 days with notice).
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Revised” date at the top of this page indicates when the most recent changes were made.
For material changes — those that meaningfully expand how we use personal information or reduce your rights — we will provide at least 30 days’ advance notice via:
Non-material changes (corrections, clarifications, formatting) take effect upon posting. Your continued use of our website or services after the effective date of changes constitutes acceptance of the updated Policy.
Prior versions of this Privacy Policy are archived and available upon request.
For all privacy-related inquiries, requests to exercise your rights, data breach reports, or questions about this Policy, contact our Privacy point of contact directly:
We will acknowledge receipt of your request within 3 business days and provide a substantive response within 30 calendar days. If we require an extension, we will notify you with the reason and expected completion date before the 30-day period expires.
If you are unsatisfied with our response to a privacy complaint, you have the right to escalate to the relevant regulatory authority in your jurisdiction.