Legal
Privacy Policy
Last updated 2026-07-06
Axiom Stream Security ("Axiom Stream", "we", "us") provides cybersecurity, AI governance, and compliance advisory services. This policy explains what information we collect through this website and our client portal, why we collect it, how we protect it, and the choices you have. We hold ourselves to the same standards we advise our clients to adopt.
Information We Collect
Information you provide directly. When you submit the consultation form, request an appointment, or correspond with us, we collect your name, work email, company, and the details of your inquiry. When you are an authorized client-portal user, we collect the account and profile information required to operate your engagement.
Information collected automatically. When you visit this site we collect limited technical data such as IP address, browser type, and pages viewed, used to keep the service secure and reliable. Analytics are cookie-consent gated and are never enabled on authenticated portal routes.
Client engagement material. Documents you upload to the client portal are processed solely to deliver your engagement. They are scanned for malware, stored encrypted, and access-controlled to your organization only.
How We Use Information
We use the information we collect to respond to inquiries and schedule consultations; to deliver, secure, and support client engagements; to send transactional communications such as upload receipts, scan results, and appointment confirmations; and to meet our legal, regulatory, and contractual obligations.
We do not sell personal information. We do not use client engagement material to train models, and we do not send it to third-party analytics.
Legal Bases
Where applicable law requires a legal basis for processing, we rely on your consent (for optional analytics), the performance of a contract (to deliver engagements you have retained us for), and our legitimate interests in operating and securing our business, balanced against your rights.
Subprocessors & Hosting
This site and portal run on Google Cloud Platform (Firebase Hosting, Cloud Firestore, Cloud Storage, Cloud Functions, and Identity Platform). Google acts as our infrastructure subprocessor and processes data on our behalf under its data-processing terms. Transactional email is delivered through a dedicated email subprocessor. We select subprocessors that maintain recognized security certifications and contractually bind them to protect your data.
Data is processed and stored in the United States. Where we transfer data internationally, we rely on appropriate safeguards.
Data Retention
We retain consultation inquiries for as long as needed to evaluate and pursue the engagement, and thereafter as required for our legitimate business and legal purposes. Client engagement records are retained for the term of the engagement and any period required by contract or law. Chat assistant sessions are automatically purged after 30 days. Quarantined uploads are deleted automatically within hours of scanning.
Security
We apply the controls we advise: least-privilege access, tenant isolation, mandatory multi-factor authentication for portal accounts, encryption in transit and at rest, malware scanning of every upload, App Check attestation, immutable audit logging, and continuous monitoring. No system is perfectly secure, but security is the core of our practice and our own platform is built to exemplify it.
Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise any of these rights, contact us using the details below and we will respond in accordance with applicable law.
Contact Us
Questions about this policy or your personal information can be directed to Axiom Stream Security through the contact form on this site. We will respond promptly and confidentially.
