Privacy Policy

1. Introduction

Axiomatic Financial, Inc. (“Axiomatic,” “we,” “our,” or “us”) operates the Axiomatic platform at axiomatic.software and app.axiomatic.software (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service. It should be read together with our Terms of Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you purchase prepaid credits or other paid offerings, we collect billing information through our payment processor, Stripe.

Financial Data

You may upload or enter financial data including transactions, journal entries, account balances, and related information. This data is encrypted at rest using AES-256-GCM with entity-specific data encryption keys.

Cortex and AI inputs

When you use Cortex or other AI-assisted features, we process the prompts you submit, conversation content, optional file attachments you provide for analysis, and limited contextual data from the Service needed to respond (for example, identifiers and metadata required to run tools within your permissions). Saved chat threads may be stored in your tenant environment like other application data.

Usage Data

We automatically collect information about how you interact with the Service, including transaction counts, proof generation events, API call volume, AI assistant usage for metering and billing, and aggregated feature usage. We use this data to operate the Service, enforce limits, invoice or debit credits, and understand reliability and adoption—we do not use this activity to train machine learning models on the content of your financial records or Cortex conversations (see Section 4).

Technical Data

We collect standard technical information such as IP address, browser type, device information, and access timestamps for security and operational purposes.

We also use cookies and similar technologies for site operation and, where permitted, analytics. See our Cookie Policy for details and consent options.

3. How We Use Your Information

• To provide, maintain, and secure the Service
• To process transactions, meter usage, and manage billing and credits
• To operate Cortex and other AI features you invoke, including sending necessary inputs to model providers solely to generate responses for your session
• To generate zero-knowledge proofs over your financial data when you use those features
• To send service-related communications
• To detect and prevent fraud, abuse, or security incidents
• To comply with legal obligations

4. Cortex, AI, and model providers

No training on your data for our models. We do not use your personal information, financial data, or Cortex conversations to train generalized machine learning models for our own products.

Third-party inference. We use commercial AI model providers (for example, large language model APIs) to power natural-language features. Those providers receive prompts and related context needed to produce a response. Their processing is governed by our agreements with them and their published policies. We configure available business-appropriate settings where the provider offers them.

For a current list of key subprocessors relevant to hosting and AI inference, contact privacy@axiomatic.software. The same commitments in this Section are reflected in substance in our Terms of Service regarding Cortex.

5. Zero-Knowledge Proofs and Privacy

A core feature of Axiomatic is the generation of zero-knowledge proofs (ZK proofs) over your financial data. ZK proofs allow you to demonstrate the correctness of financial statements without revealing the underlying transaction data. When you share a proof with a third party, they can verify the mathematical correctness of your statements without accessing your raw financial data.

ZK proofs are generated on our infrastructure. Your financial data is encrypted at rest and only decrypted in memory during proof computation. We do not share your raw financial data with any third party unless you explicitly authorize it through the bilateral counterparty protocol.

6. Data Encryption

All financial data is encrypted using AES-256-GCM with unique data encryption keys (DEKs) per entity. DEKs are themselves encrypted with key-encryption keys (KEKs) derived from a master key. Data is encrypted at rest and in transit (TLS 1.3).

7. Data Sharing

We do not sell your personal information. We may share information with:

• Service Providers: Stripe (payments), Neon (database hosting), Vercel (application hosting), Resend (email), and AI inference providers (for example, large language model APIs used by Cortex). These providers are bound by their own privacy policies and, where applicable, data processing agreements with us.
• Bilateral Counterparties: When you initiate or accept a bilateral proposal, limited transition data is shared with the specified counterparty entity as part of the protocol.
• Legal Compliance: When required by law, subpoena, or regulatory requirement.

8. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your financial data within 30 days. Cortex conversation history stored in the Service follows the same retention approach as your other tenant data unless a shorter deletion period is offered in-product. Some data may be retained longer as required by law or for legitimate business purposes (e.g., billing records, audit logs).

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your personal information
• Export your data in a portable format
• Object to or restrict processing of your information
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@axiomatic.software.

We will verify your request and respond within legally required timelines. You may also designate an authorized agent where permitted by law.

10. Regional privacy notices

Depending on your jurisdiction, Axiomatic may act as a controller or processor of personal data. For U.S. state privacy laws (including CCPA/CPRA), you may request access, deletion, correction, and data portability and may opt out of certain data sharing where applicable.

For data originating outside the United States, we use contractual and technical safeguards for cross-border transfers. Contact privacy@axiomatic.software for transfer-mechanism details relevant to your account.

11. Security

We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, key rotation without downtime, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security.

For additional controls and regulatory-risk disclosures, see Security and Compliance Disclosures.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least thirty (30) days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy, contact us at privacy@axiomatic.software.

For compliance-related escalation, contact compliance@axiomatic.software.