Privacy Policy

Effective 2026-05-06 · AXIOM Collective, Texas · Remote

Who we are

AXIOM Collective ("AXIOM", "we", "us") is a Texas-based business operating the website at withaxiom.co. We provide B2B growth services to SaaS companies, performed by a coordinated system of AI agents and one human operator. This policy explains what we collect from visitors and clients, what we do with it, and the rights you have over it.

What we collect

From website visitors. Standard server logs (IP address, user agent, timestamp, referring URL) for security and operations. No third-party advertising trackers, no remarketing pixels, no fingerprinting.

From people who email us. The contents of your email and any attachments, plus the email address used to send it. This is the only voluntary contact channel we offer; there is no contact form on this site.

From the on-site assistant. When you chat with the assistant in the corner of the site, your messages are sent to our API and forwarded to Anthropic's Claude Haiku model to generate a reply. Conversations are not persisted to a database; the API endpoint is stateless. Anthropic processes the message under their published commercial terms.

From clients during an engagement. Whatever you grant us access to under the SOW: typically Google Search Console, Google Analytics 4, your CRM (HubSpot or Salesforce), Stripe, your CMS, your warehouse where applicable. We access these systems via OAuth or API keys you provision. We do not pull customer-level PII unless explicitly required by the engagement and approved in writing.

How we use it

• To run the engagement and produce the deliverables described in your SOW.
• To attribute pipeline, rankings, and revenue to specific work product.
• To diagnose problems with the site or the assistant.
• To meet legal and tax obligations.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

Subprocessors

We rely on a small set of vendors to operate the firm. Each is bound by their own published terms and processes data only as needed for the service:

• Vercel — site hosting and serverless functions.
• Anthropic — LLM inference (Claude Sonnet, Claude Haiku, Claude Opus per agent).
• Google Workspace — email and document storage.
• Stripe — payment processing for invoiced engagements.
• HubSpot or Salesforce — CRM, where the client uses one we connect to.

A current subprocessor list is provided to clients on request and updated when material changes occur.

Retention

Server logs: 90 days. Email correspondence: kept for the lifetime of the relationship plus 7 years for tax purposes. Client deliverables and engagement data: retained per the SOW. On termination of an engagement, we export everything to the client and purge from active systems within 30 days unless legal retention requires otherwise.

Your rights

If you are in the EU/UK (GDPR), California (CCPA/CPRA), or another jurisdiction with statutory data rights, you can request access, correction, deletion, or portability of personal data we hold about you. Email support@withaxiom.co with the subject line "Privacy request." We respond within 30 days.

Security

API keys and credentials are stored in encrypted environment variables. Access to client systems is via least-privilege OAuth scopes. We carry a documented escalation and correction protocol. We document and disclose any security incident affecting client data per the timelines required by applicable law and our SOW.

Changes

If this policy changes materially, we update the effective date above and announce the change to affected clients before it takes effect. Past versions are kept in version control.

Contact

AXIOM Collective · Texas · Remote · support@withaxiom.co