Subprocessors

Object storage for customer evidence files (PDFs, screenshots, audit packages) and scan output.

Data shared: Customer-uploaded evidence; integration scan results; audit package archives.

Application hosting and managed Postgres for the Axiome backend.

Data shared: All structured platform data: organizations, users, controls, evidence metadata, findings, AuditLog.

Hosting for the Axiome web application and marketing site.

Data shared: Inbound HTTP requests; user session metadata; no customer evidence content.

AI assistance: policy generation from your config, control guidance, evidence advisor, browser-agent reasoning.

Data shared: Inputs vary by feature: policy templates + your stack metadata; control text; user-typed evidence descriptions. Anthropic does not train on Axiome traffic.

AI evidence verification — reviews user-uploaded evidence files (PDFs, screenshots) against the auditor checklist.

Data shared: Customer-uploaded evidence files routed for verification. OpenAI does not train on API traffic.

Transactional email delivery — sign-up confirmation, audit-package share notifications, auditor invitations, security alerts.

Data shared: User email addresses; email body content.

Application error monitoring for the backend and web app.

Data shared: Stack traces and request metadata. Configured to scrub customer evidence content; PII may incidentally appear in error contexts.

Scheduling for sales / onboarding calls.

Data shared: Names + emails of prospects who book a call. No platform data is shared with Calendly.