Privacy Policy

Introduction

Axia Technologies, Inc. ("Axia," "we," "us," or "our") operates the website located at axiacrm.com and the Axia CRM platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and otherwise process personal information in connection with our Service, as well as the rights and choices available to individuals with respect to their personal information.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, you should not use the Service. This Privacy Policy applies to all users of the Service, including individual account holders, team members, administrators, and any other persons who access or use the Service.

We may provide additional or supplemental privacy notices for specific services or features. Those notices will govern our processing of personal information in connection with those specific services or features to the extent they conflict with this Privacy Policy.

Information We Collect

We collect personal information in the following categories when you use the Service:

2.1 Account Information

When you create an account, we collect your full name, email address, company or organization name, job title, phone number, and account credentials. If you sign up through a third-party authentication provider (such as Google or Microsoft), we receive your name, email address, and profile picture from that provider.

2.2 CRM Data You Provide

The Service is a customer relationship management platform. In the course of using the Service, you and your team members may input, upload, or otherwise provide data including but not limited to: contact records (names, email addresses, phone numbers, mailing addresses, company affiliations), lead and prospect information, deal and opportunity details (deal values, stages, close dates, associated contacts), activity logs (calls, emails, meetings, notes, tasks), documents, files, and attachments, and any other data you choose to store within the Service. You are the data controller of this information, and we process it on your behalf as a data processor.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages and features accessed, actions taken within the platform (e.g., creating a record, modifying a pipeline, running a report), frequency and duration of sessions, referral URLs, and search queries performed within the Service.

2.4 Device and Technical Information

We collect device-level information including your IP address, browser type and version, operating system and version, device identifiers, screen resolution, language preferences, and time zone setting. We also collect information about your internet connection, including your internet service provider and connection speed.

2.5 Cookies and Similar Technologies

We use cookies, pixels, local storage, and similar tracking technologies to collect information about your browsing activity on the Service. For detailed information about the cookies we use and how to manage them, please refer to Section 9 of this Privacy Policy.

2.6 Communication Data

When you contact us for support, provide feedback, or otherwise communicate with us, we collect the contents of your messages, any attachments, and metadata associated with the communication (such as timestamps and email headers). If you participate in surveys, promotions, or events, we collect the information you provide in connection with those activities.

2.7 Payment Information

If you subscribe to a paid plan, we collect billing information including your billing name, billing address, and payment method details. Payment card information is processed directly by our third-party payment processor and is not stored on our servers. We receive only a tokenized representation of your payment method and transaction confirmations.

How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Providing and Maintaining the Service

We use your information to operate, maintain, and provide the features and functionality of the Service, including processing your CRM data, managing your account, providing customer support, and facilitating integrations with third-party services you choose to connect.

3.2 Improving and Developing the Service

We use usage data and aggregated analytics to understand how users interact with the Service, identify areas for improvement, develop new features and functionality, conduct research and analysis, and optimize performance and reliability.

3.3 Communications

We use your contact information to send you transactional communications related to the Service (such as account verification, billing notifications, security alerts, and support responses), as well as promotional communications about new features, product updates, events, and other information we believe may be of interest to you. You may opt out of promotional communications at any time by following the unsubscribe instructions included in each email or by contacting us directly.

3.4 Analytics and Personalization

We use your information to perform analytics, generate aggregated insights about Service usage, personalize your experience, and provide recommendations and suggestions that may be relevant to your use of the platform.

3.5 Security and Fraud Prevention

We use your information to detect, investigate, and prevent security incidents, fraudulent activity, unauthorized access, and other malicious or illegal activities. This includes monitoring login attempts, analyzing traffic patterns, and enforcing rate limits.

3.6 Legal Compliance

We use your information to comply with applicable laws, regulations, legal processes, and government requests, and to establish, exercise, or defend legal claims.

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share personal information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who perform services on our behalf, subject to contractual obligations that require them to protect the confidentiality and security of personal information. These service providers include:

• Cloudflare, Inc. — Content delivery network, DDoS protection, DNS services, edge computing infrastructure, and web application firewall services.
• Vonage Holdings Corp. (Axia Phone) — Voice over IP (VoIP) telephony services, including call routing, call recording (where enabled and with appropriate consent), and SMS messaging through the Axia Phone integration.
• Mailgun Technologies, Inc. — Transactional and marketing email delivery services, including email tracking (open rates, click rates) for emails sent through the Service.
• Payment Processors — Payment processing and billing management services.

4.2 Legal Requirements

We may disclose personal information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable laws, regulations, legal processes, or enforceable governmental requests; (b) enforce our Terms of Service or other agreements, including investigation of potential violations; (c) detect, prevent, or otherwise address security, fraud, or technical issues; or (d) protect the rights, property, or safety of Axia, our users, or the public as required or permitted by law.

4.3 Business Transfers

In the event that Axia is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of assets, or similar transaction, your personal information may be transferred as part of that transaction. We will provide notice via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.4 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so. This includes situations where you choose to enable third-party integrations or connect external services to your Axia account.

4.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. Such information is not subject to this Privacy Policy.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. Specifically:

• Account Data: Retained for the duration of your active account. Upon account closure or deletion request, account data will be permanently deleted from our active systems within thirty (30) calendar days.
• CRM Data: All CRM data you have entered (contacts, leads, deals, activities, notes, and associated files) will be permanently deleted within thirty (30) calendar days of account closure. You may request a data export prior to account closure.
• Usage Data: Retained in an aggregated and anonymized form for up to twenty-four (24) months for analytics and service improvement purposes.
• Backup Copies: Residual copies may remain in encrypted backup systems for up to ninety (90) days following deletion from active systems, after which they will be automatically purged.
• Legal Obligations: We may retain certain information for longer periods where required by law, regulation, or legitimate business purposes such as fraud prevention, dispute resolution, or enforcement of our agreements.

Data Security

We implement and maintain comprehensive administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your personal information. Our security program includes:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and employ HTTP Strict Transport Security (HSTS) headers.
• Encryption at Rest: All stored data, including CRM records, files, and backups, is encrypted at rest using AES-256 encryption.
• SOC 2 Type II Compliance: Our infrastructure and processes are designed to meet SOC 2 Type II standards for security, availability, and confidentiality. We undergo regular independent audits to verify compliance.
• Access Controls: We implement role-based access controls (RBAC), multi-factor authentication for internal systems, and least-privilege principles to limit access to personal information to authorized personnel who require it to perform their job functions.
• Monitoring and Incident Response: We maintain continuous monitoring of our systems for unauthorized access or anomalous activity and have established incident response procedures for investigating and responding to security events.
• Vendor Security: We evaluate the security practices of third-party service providers and require them to maintain appropriate safeguards for any personal information they process on our behalf.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

Your Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal information. We honor the following rights for all users, regardless of location:

7.1 Right of Access

You have the right to request a copy of the personal information we hold about you. You may access most of your account information directly through the Service settings. For a comprehensive data export, please contact us at privacy@axia.crm.

7.2 Right to Correction

You have the right to request that we correct inaccurate or incomplete personal information. You may update most of your account information directly through the Service. For information that cannot be updated through the Service, please contact us.

7.3 Right to Deletion

You have the right to request the deletion of your personal information. You may delete your account through the Service settings, which will trigger deletion of your personal information in accordance with our data retention policy described in Section 5. Certain information may be retained as permitted or required by applicable law.

7.4 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format. The Service provides data export functionality that allows you to export your CRM data in CSV and JSON formats.

7.5 Right to Opt-Out of Marketing

You may opt out of receiving promotional email communications from us at any time by clicking the "unsubscribe" link in any promotional email, updating your communication preferences in your account settings, or contacting us at privacy@axia.crm. Please note that even if you opt out of marketing communications, we will continue to send you transactional communications related to the Service (such as account notifications, security alerts, and billing information).

7.6 Right to Restrict Processing

In certain circumstances, you have the right to request that we restrict the processing of your personal information. This means we will continue to store your information but will not further process it except with your consent or for limited purposes as permitted by law.

To exercise any of these rights, please contact us at privacy@axia.crm. We will respond to your request within thirty (30) days. We may ask you to verify your identity before fulfilling your request.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), provides you with additional rights regarding your personal information. This section describes those rights and explains how to exercise them.

8.1 Right to Know

You have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve (12) months. Upon verification of your request, we will disclose: (a) the categories of personal information we collected about you; (b) the categories of sources from which we collected your personal information; (c) our business or commercial purpose for collecting your personal information; (d) the categories of third parties with whom we shared your personal information; and (e) the specific pieces of personal information we collected about you.

8.2 Right to Delete

You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions provided by law. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records within the timeframes described in Section 5, unless an exception applies.

8.3 Right to Opt-Out of Sale or Sharing

Axia does not sell personal information as defined under the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising. As such, there is no need to opt out of the sale or sharing of personal information. Should our practices change in the future, we will update this Privacy Policy and provide a "Do Not Sell or Share My Personal Information" link on our website.

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by law, we will not deny you goods or services, charge you different prices or rates, provide you with a different level or quality of goods or services, or suggest that you may receive a different price or rate or a different level or quality of goods or services as a result of exercising your rights.

8.5 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email address, IP address, account name)
• Personal information categories listed in Cal. Civ. Code Section 1798.80(e) (name, address, telephone number, employment information)
• Commercial information (products or services purchased, purchasing or consuming histories, subscription information)
• Internet or other electronic network activity information (browsing history, search history, information on interactions with the Service)
• Geolocation data (derived from IP address)
• Professional or employment-related information (job title, company name)
• Inferences drawn from any of the above to create a profile about you

8.6 Sale of Personal Information

We have not sold personal information in the preceding twelve (12) months, and we do not have actual knowledge that we sell the personal information of consumers under 16 years of age.

To exercise your California privacy rights, you may submit a request by emailing us at privacy@axia.crm with the subject line "California Privacy Rights Request." You may also designate an authorized agent to submit requests on your behalf. We may require verification of your identity before fulfilling any request.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content. A cookie is a small data file stored on your device when you visit a website.

9.1 Essential Cookies

These cookies are strictly necessary for the operation of the Service. They enable core functionality such as authentication, session management, security features, and load balancing. Essential cookies cannot be disabled without impairing the functionality of the Service. These include session identification cookies, CSRF protection tokens, and authentication state cookies.

9.2 Analytics Cookies

We use analytics cookies to collect information about how you use the Service, such as which pages you visit most frequently, how long you spend on each page, and any error messages you encounter. This information is aggregated and used to improve the performance and usability of the Service. Analytics cookies include those set by our internal analytics system.

9.3 Preference Cookies

Preference cookies allow the Service to remember choices you have made, such as your language settings, theme preferences (light or dark mode), timezone settings, and display configurations. These cookies enable us to provide you with a personalized experience.

9.4 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only first-party cookies, or delete cookies when you close your browser. Please note that disabling essential cookies may prevent you from using certain features of the Service. For more information about managing cookies in your browser, please refer to your browser's help documentation.

You may also manage your cookie preferences through the cookie settings panel available in the footer of our website. Changes to your cookie preferences will take effect immediately for new cookies; existing cookies will remain until they expire or you delete them manually.

Children’s Privacy

The Service is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as practicable. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at privacy@axia.crm and we will take appropriate action to remove that information from our systems.

We comply with the Children's Online Privacy Protection Act ("COPPA") and will not knowingly collect, use, or disclose personal information from anyone under the age of 13. The Service is intended for use by businesses and professionals and is not designed for use by individuals under the age of 18.

International Data Transfers

Axia Technologies is headquartered in the United States. Your personal information may be processed and stored in the United States and other jurisdictions where our service providers operate. Our primary infrastructure is hosted on the Cloudflare global edge network, which means your data may be processed at the Cloudflare data center nearest to your geographic location for performance optimization purposes, with primary data storage located in the United States.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please be aware that the United States may not provide the same level of data protection as your home jurisdiction. Where we transfer personal information from the EEA, UK, or Switzerland to the United States, we rely on appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of protection for your personal information.

Our service providers, including Cloudflare, Vonage, and Mailgun, maintain their own data processing agreements and privacy safeguards. We ensure that any cross-border transfer of personal information is conducted in compliance with applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this Privacy Policy.

For material changes that significantly affect how we process your personal information, we will provide you with notice via the email address associated with your account at least thirty (30) days before the changes take effect. We may also provide notice through a prominent banner or notification within the Service.

Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and contact us to delete your account.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your rights described in this Privacy Policy, please contact us at:

We are committed to resolving complaints about our collection or use of your personal information. We will respond to all inquiries within thirty (30) days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.