Privacy Policy

At Axidion, we understand that privacy is paramount, especially in regulated industries like healthcare, financial services, and insurance. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our compliance intelligence services.

1. Information We Process

1.1 Real-time Call Data

Our CallGuard RT product processes live call transcriptions to provide real-time compliance guidance. This data flows through our system but is not stored. We analyze transcriptions in real-time to detect compliance-relevant events, then immediately discard the raw transcript data.

1.2 Compliance Event Data

We store structured compliance events, which include:

• Timestamps of compliance checks performed
• Type of compliance event detected (e.g., "HIPAA disclosure verified")
• Compliance scores and outcomes
• Agent identifiers (anonymized where possible)

This data is essential for generating compliance reports and audit trails required by regulatory frameworks.

1.3 Account Information

When you create an account or request a demo, we collect:

• Name and contact information
• Company name and industry
• Business email address
• Information about your compliance needs

2. How We Use Your Information

We use the information we collect to:

• Provide real-time compliance monitoring and guidance
• Generate compliance reports and audit documentation
• Improve our algorithms and compliance detection capabilities
• Communicate with you about our services
• Ensure the security and integrity of our platform

3. Data Security

We implement robust security measures to protect your data:

• Encryption in Transit: All data transmitted between your systems and ours uses TLS 1.3 encryption
• Encryption at Rest: Stored compliance events are encrypted using AES-256 encryption
• AWS Infrastructure: Our services run on AWS with SOC 2 Type II certified infrastructure
• Access Controls: Strict role-based access controls limit who can access compliance data
• Regular Audits: We conduct regular security assessments and penetration testing

4. Data Retention

We retain compliance event data for the duration specified in your service agreement, typically aligned with regulatory requirements for your industry:

• Healthcare (HIPAA): Up to 6 years
• Financial Services: As required by applicable regulations
• Custom retention periods available upon request

You may request deletion of your data at any time, subject to regulatory retention requirements.

5. Your Rights and Controls

You have the right to:

• Access: Request a copy of compliance data associated with your account
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to regulatory requirements)
• Revocation: Revoke our access to your Amazon Connect instance at any time
• Portability: Export your compliance reports in standard formats

6. Third-Party Services

Our services integrate with:

• Amazon Web Services: Cloud infrastructure provider
• Amazon Connect: Contact center platform integration
• Amazon Bedrock: AI/ML services for compliance analysis

We do not sell your data to third parties. Data shared with AWS services is governed by AWS's privacy policies and our Business Associate Agreement where applicable.

7. HIPAA Compliance

For healthcare customers, we offer Business Associate Agreements (BAAs) and maintain HIPAA-compliant practices including:

• Minimum necessary access to Protected Health Information (PHI)
• Administrative, physical, and technical safeguards
• Breach notification procedures
• Regular risk assessments

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.