Secure, by design
Axolo considers protection of subscriber data a top priority and use enterprise-grade security & privacy practices.
Data encryption in transport and at rest
Industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
Built on trusted cloud architecture
Hosted on cloud providers such as AWS that are SOC 2 and ISO 27001 certified.
Following security best practices
We employ the latest security best practices to safeguard subscriber data
Frequently asked questions
- Is your data encrypted?
- Yes, Axolo provides industry-standart encryption at rest (AES-256) and in transit (HTTPS/TLS).
- Is Axolo GDPR compliant?
- Yes, Axolo is GDPR compliant.
- What data do you store?
- We store the necessary data to contact the engineers you onboard on Axolo, and pull request metadata.
- How can I report security issues?
- We review security issues as soon as possible and you can report them by emailing firstname.lastname@example.org.
Information Security Policy
Axolo, developed and maintained by IT IS CHAOS, Inc.
Last updated: January 20, 2023
Axolo considers protection of subscriber data a top priority. As further described in this Information Security Policy, Axolo uses commercially reasonable organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of subscriber data stored on systems under our control.
Subscriber Data and Management,
Axolo limits its personnel’s access to subscriber data as follows:
- Requires unique user access authorization through secure logins,
- Limits the subscriber data available to Axolo personnel on a “need to know” basis;
- Restricts access to Axolo’ production environment by Axolo personnel on the basis of business need;
- Encrypts user security credentials for production access.
- Axolo logically separates each of its subscribers’ data and maintains measures designed to prevent susbcriber data from being exposed to or accessed by other customers.
Axolo provides industry-standard encryption for subscriber data as follows:
- Implements encryption in transport and at rest;
- Uses strong encryption methodologies to protect subscriber data, including AES 256-bit encryption for subscriber data stored in Axolo’ production environment; and
- Encrypts all subscriber data located in cloud storage while at rest.
Network Security, Physical Security and Environmental Controls
- Axolo uses firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing subscriber data.
- Axolo maintains measures designed to assess, test and apply security patches to all relevant systems and applications used to provide the Services.
- Axolo monitors privileged access to applications that process subscriber data, including cloud services.
- The Services operate on DigitalOcean and Amazon Web Services (“AWS”) and are protected by the security and environmental controls of DigitalOcean and AWS. Detailed information about DigitalOcean security is available at https://www.digitalocean.com/security, where SOC 2 Type II and SOC 3 Type II DigitalOcean certifications can also be found. Detailed information about AWS security is available at https://aws.amazon.com/security/ and http://aws.amazon.com/security/sharing-the-security-responsibility/. For AWS SOC Reports, please see https://aws.amazon.com/compliance/soc-faqs/.
- Subscriber data stored within DigitalOcean is encrypted at all times. DigitalOcean does not have access to unencrypted subscriber data.
If Axolo becomes aware of unauthorized access or disclosure of subscriber data under its control (a “Breach”), Axolo will:
- Take reasonable measures to mitigate the harmful effects of the Breach and prevent further unauthorized access or disclosure.
- Upon confirmation of the Breach, notify customer in writing of the Breach within 48 hours of discovery. Notwithstanding the foregoing, Axolo is not required to make such notice to the extent prohibited by applicable laws, and Axolo may delay such notice as requested by law enforcement and/or in light of Axolo legitimate needs to investigate or remediate the matter before providing notice.
Each notice of a Breach will include:
- The extent to which subscriber data has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the Breach;
- A description of what happened, including the date of the Breach and the date of discovery of the Breach, if known;
- The scope of the Breach, to the extent known; and
- A description of Axolo’ response to the Breach, including steps Axolo has taken to mitigate the harm caused by the Breach.
- Axolo performs employment verification, including proof of identity validation and criminal background checks for all new hires in accordance with applicable law.
- Axolo provides training for its personnel who are involved in the processing of the subscriber data to ensure they do not collect, process or use subscriber data without authorization and that they keep subscriber data confidential, including following the termination of any role involving the subscriber data.
- Axolo conducts routine and random monitoring of employee systems activity.
- Upon employee termination, whether voluntary or involuntary, Axolo immediately disables all access to Axolo systems.