Privacy Policy

Data we collect

• Account data: email, display name, tenant membership, role.
• Authentication data: hashed passwords or SSO identifiers; API tokens stored as hashes.
• Platform metadata: server/agent identifiers, tags, environments (no server credentials).
• Telemetry (optional/configurable): CPU, memory, latency, heartbeat status from agents.
• Audit events: who/what/when/where with correlation IDs; append-only log.

How we use data

• Provide and secure the control plane (authentication, authorization, audit).
• Operate telemetry and health reporting for agents and servers.
• Investigate security events using audit trails and correlation IDs.
• Improve reliability and support (aggregated, non-identifying diagnostics).

How we protect data

• No server credentials stored; trust is bound to agent identity and signatures.
• All transport uses TLS 1.3; agents use outbound mTLS or agent JWT.
• API tokens and passwords are hashed; secrets at rest use encryption where applicable.
• Audit log is append-only; commands carry nonce/TTL to prevent replay.
• Access is role-based (tenant-scoped); correlation IDs align UI/CLI/API and audit.

Retention

Account and audit data are retained as long as necessary to operate the service and meet compliance needs. You may request deletion of account data where legally applicable; audit records may be retained to satisfy security and regulatory obligations.

Third parties

We minimize third-party processing. When used (e.g., cloud hosting, logging), providers must support encryption in transit/at rest and least-privilege access. No server credentials are shared with third parties.

Your choices

• Use short-lived API tokens; rotate or revoke them at any time.
• Configure telemetry levels per tenant; disable optional metrics if desired.
• Request account data deletion where legally applicable.

Contact

Questions about this policy: privacy@axinode.io