Security Notice

Last updated on June 3, 2020

Securing your data is our top priority.

 

Our mission is to solve cyber risk.

We would not be able to do that if we did not take security seriously.

If you’re a security expert or researcher and you believe you’ve discovered a security issue, we appreciate your help in disclosing the issue to us responsibly. We ask that you give us an opportunity to correct any vulnerabilities before publicly releasing it. Please send an email to [email protected] with a detailed description and instructions on how to reproduce the issue. We are committed to addressing security issues in a timely manner.We promote ethical disclosure of security bugs. For this reason, we kindly ask security professionals act in good faith and follow these simple principles:* Share all available details, including proof-of-concept or any other artifact.

  • Give us a reasonable time to fix or mitigate the issue before any public disclosures.
  • Do not access or corrupt user’s data/corporate resources with the intent of demonstrating a security bug.
  • Do not engage in activities that may degrade the performance of our services.

 

Certifications

Axio received a SOC 2 Type 1 certification in October 2019 and is working towards obtaining SOC 2 Type II certification.

 

System Security

  • Axio uses Google Cloud Platform and Amazon Web Services to provide cloud hosting services.
  • Axio360 is composed of docker container micro-services orchestrated by Kubernetes and deployed on GCP in a virtual private cloud.
  • Login and authentication are performed by AWS Cognito.
  • Data is encrypted in motion and at rest.
  • Data segmentation and anonymity are designed into the data model.

 

Application Security

Axio employs application static analysis, automated dynamic analysis, and routine penetration testing.