Privacy Policy
This Privacy Policy explains how AXO (“AXO”, “we”, “our”, or “us”) collects, uses, and shares information in connection with the AXO website at axoapp.ai and the AXO agentic experience orchestration platform (together, the “Service”). It applies to people who create an AXO account, visit our website, or otherwise interact with us directly.
1. Our two roles: controller and processor
AXO handles data in two distinct capacities, and it matters which one applies to you:
- As a controller. When you sign up for AXO, visit axoapp.ai, or contact us, AXO decides how and why your information is handled. That activity is governed by this Policy.
- As a processor. When an AXO customer installs the AXO tag on their own website, AXO processes the resulting visitor data on that customer’s behalf. The customer — the operator of that website — is the controller of that data and is responsible for its own privacy notice and for any required consent. If you interacted with a website that uses AXO and have questions about your data, please contact that website’s operator.
2. Information we collect
Information you provide to us
- Account information — your name, email address, password (stored only as a salted hash, never in plain text), and optional company name, provided when you sign up.
- Billing information — when you subscribe to a paid plan, payment is handled by our processor, Stripe. We receive billing details such as your plan and transaction records, but we do not store full payment-card numbers.
- Communications — information you provide when you contact support, request a demo, or otherwise correspond with us.
Information we collect automatically
- Authentication cookie — a single strictly-necessary cookie (“vt_session”) that keeps you signed in to the AXO dashboard.
- Usage and device data — when you use the dashboard we record log data such as IP address, browser and device type, pages viewed, and timestamps, used to operate and secure the Service.
- Sign-in providers — if you choose to sign in with Google or Okta, we receive a basic profile (your name, email address, and a provider account identifier) to create or access your account.
Information we process on behalf of customers
Our customers use the AXO tag to collect behavioral data from visitors to their own websites — for example pageviews, clicks and other events, session activity, referrer and campaign (UTM) parameters, approximate location derived from IP address, and device or browser characteristics. AXO uses this data to provide personalization, segmentation, and analytics back to that customer.
The AXO tag is designed to operate without directly identifying individuals. However, a customer may choose to send identifiers (such as an email address or a customer ID) to AXO in order to link activity to a known person. Whether identifiers are collected, and on what legal basis, is determined and controlled by the customer, not by AXO.
3. How we use information
We use information that we control to:
- create, operate, secure, and support your AXO account and the Service;
- process payments and manage subscriptions and trials;
- send you transactional messages (email verification, password reset, billing and trial notices) and, where permitted, product updates you can opt out of;
- monitor, debug, and improve the Service, and prevent fraud and abuse;
- comply with legal obligations and enforce our Terms of Service.
We do not sell personal information, and we do not use the data our customers collect through the tag for our own advertising.
4. AI features
The AXO dashboard includes an optional AI assistant. When you use it, the relevant content of your request is sent to our AI provider (Anthropic) to generate a response. We do not permit our AI providers to use your data to train their models.
5. Cookies
The AXO dashboard uses one strictly-necessary cookie, “vt_session”, solely to keep you signed in. We do not use advertising or cross-site tracking cookies on axoapp.ai. Any cookies or similar identifiers that the AXO tag sets on a customer’s website are governed by that customer’s own cookie notice.
6. How we share information
We share information only as follows:
- Service providers (subprocessors) — we use a small set of vendors to run the Service, each bound by contractual confidentiality and data-protection obligations: Vercel (application hosting), Neon (database hosting), Stripe (payment processing), Resend (transactional email), Cloudflare (bot protection and content delivery), Anthropic (the optional in-product AI assistant), and Google and Okta (optional single sign-on, only if you choose them).
- Legal and safety — when required by law, or to protect the rights, safety, and security of AXO, our users, or the public.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, information may be transferred subject to this Policy.
7. Data retention
We retain account and customer data for as long as your account is active. After an account is closed — or after a trial expires without a subscription — we retain data for a limited wind-down period to allow reactivation, then delete or anonymize it, except where a longer period is required for legal, accounting, or security reasons.
8. Security
We protect information with measures appropriate to its sensitivity, including encryption in transit, hashed (never plaintext) passwords, scoped access controls, and isolation between customer accounts. No method of transmission or storage is perfectly secure, but we work continuously to protect your data.
9. International data transfers
AXO is operated from the United States, and our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers of personal data.
10. Your rights and choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. You can update most account information directly in the dashboard, or contact us at privacy@axoapp.ai to make a request. You may opt out of non-essential product emails at any time using the link in those emails.
If your data was collected by the AXO tag on a customer’s website, please direct your request to that website’s operator, who controls that data; we will assist them as their processor.
11. Children’s privacy
The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 16.
12. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date above, and for material changes we will provide a more prominent notice.
13. Contact us
Questions about this Policy or your data can be sent to privacy@axoapp.ai.