1. Scope of This Privacy Policy
This Privacy Policy explains how we collect, use, store, and protect information when you:
- Visit axiler.com and related marketing pages
- Book a demo, contact sales, or apply as a partner
- Subscribe to or use Athena, Axiler Resolve, and related AppSec Suite services
- Interact with integrations connected to your Athena workspace
This policy applies alongside our Terms and Conditions and any data processing agreement executed for enterprise customers.
2. Who We Are
Axiler, Inc.("Axiler") provides the AppSec Suite: Athena agentic modules (WAF, SAST, DAST, API and MCP Security, and Cloud Security) plus Axiler Resolve for ingestion, correlation, and ranked remediation.
For website and account data, Axiler typically acts as a data controller. For security findings and customer content processed on your behalf inside Athena, Axiler typically acts as a data processor under your instructions and applicable agreements.
Privacy inquiries: reachus@axiler.com
3. Information We Collect
Information you provide
- Name, work email, company, job title, and phone number
- Demo booking details and messages you send through forms or email
- Account credentials and workspace configuration for Athena and Resolve
- Billing and procurement details processed through our payment providers
Information collected automatically
- IP address, browser type, device identifiers, and general location
- Pages visited, referral URLs, and interaction events on our website
- Security logs, audit events, and API usage telemetry for platform operations
Information from third-party tools you connect
- Findings metadata from scanners and security tools (for example Snyk, Semgrep, SonarQube, GitHub, cloud providers, and WAF logs)
- Integration configuration required to correlate and prioritize findings
4. Athena and Resolve Platform Data
Athena is designed for application security teams. Axiler Resolve orchestrates findings from your existing stack into one ranked queue with shared agent context and human-in-the-loop approval.
What we process in the platform
- Security findings metadata: severity, vulnerability type, file paths, line numbers, asset identifiers, and correlation context
- Runtime signals, API inventory metadata, and cloud posture findings
- Remediation status, approval actions, and audit history inside your workspace
What we do not intend to collect as part of standard platform operation
- Full source code repositories for storage or training on your proprietary code
- Raw HTTP request or response payloads from your production traffic
- End-user PII from your customer applications unless explicitly configured by you
- Secrets, credentials, or private keys from your repositories
Customer administrators control integrations, retention settings, and user access within their workspace.
6. Legal Basis for Processing
Under GDPR, we rely on the following legal bases:
- Contract: To provide Athena, Resolve, support, and billing
- Legitimate interest: To secure our services, prevent abuse, and improve the platform
- Consent: For optional analytics, marketing cookies, and certain communications where required
- Legal obligation: Where retention or disclosure is required by law
7. How We Use Information
We use personal and platform data to:
- Deliver and maintain the AppSec Suite and customer support
- Ingest, correlate, and prioritize security findings through Resolve
- Enable agentic modules to share context across WAF, SAST, DAST, API, and cloud
- Send service announcements, security advisories, and account notifications
- Respond to demo requests, sales inquiries, and partner applications
- Monitor platform reliability, detect abuse, and improve product quality
- Comply with legal, regulatory, and contractual obligations
We do not sell personal information.
8. Data Sharing and Subprocessors
We may share information with:
- Infrastructure and hosting providers that help us operate Athena and our website
- Payment processors for billing and subscription management
- Support, analytics, and communication tools used under contract
- Professional advisers or authorities when required by law
Subprocessors are bound by confidentiality and data protection obligations appropriate to the services they provide. Enterprise customers may request subprocessor details as part of their agreement.
We do not sell or rent personal data to third parties for their marketing.
9. International Data Transfers
Axiler may process data in the United Kingdom, European Economic Area, United States, and other countries where we or our subprocessors operate.
When personal data is transferred outside the UK or EEA, we implement appropriate safeguards such as Standard Contractual Clauses, UK International Data Transfer Agreements, or other mechanisms recognized under applicable law.
10. Data Retention
We retain information only as long as necessary for the purposes described above:
- Account and billing records: for the subscription term and a limited period after closure
- Security findings metadata: according to workspace retention settings and contract terms
- Marketing and demo inquiries: until the inquiry is resolved or you opt out
- Cookie consent records: as required to demonstrate compliance
- Logs and audit data: for security, troubleshooting, and compliance needs
You may request deletion subject to legal, security, and contractual retention requirements.
11. Security and Compliance
We maintain a security program designed to protect personal data and customer platform data, including:
- Encryption in transit (TLS) and encryption at rest for stored data
- Role-based access controls, least privilege, and audit logging
- Vulnerability management, monitoring, and incident response procedures
- Employee training and background checks where appropriate
- Regular review of subprocessors and security controls
Axiler aligns with recognized frameworks and certifications, including:
- SOC 2 Type II: Independent attestation of security, availability, and confidentiality controls
- ISO/IEC 27001: Information security management system practices
- GDPR: Privacy by design, data subject rights, and processor obligations for customer data
No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately.
12. Your Privacy Rights
Depending on your location, you may have the right to access, correct, delete, restrict, or object to certain processing, and to data portability.
EU and UK residents may also have the right to lodge a complaint with a supervisory authority.
To exercise your rights, email reachus@axiler.com. We respond within the timelines required by applicable law, typically within 30 days.
13. Children's Privacy
Our services are intended for business and professional use. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect product, legal, or operational changes. Material updates will be posted on this page with a revised "Last Updated" date. Continued use of our services after changes become effective constitutes acceptance where permitted by law.