Effective Date: 2026-01-01 | Document ID: AX24-LEGAL-002

AX24® is committed to processing all data with precision, discipline, and full regulatory compliance. This Privacy Policy describes the types of information we collect, how we process it, and the rights available to individuals and organizational contacts whose data we handle. This policy applies to all AX24 digital properties, client portals, and service infrastructure.

01 // DATA CONTROLLER

AX24® operates as both a data controller and data processor depending on the context. As a controller, we determine the purposes and means of processing data relating to our website visitors, prospective clients, and operational contacts. As a processor, we handle enterprise data on behalf of our Clients, strictly according to the instructions outlined in the applicable Data Processing Agreement ("DPA").

02 // INFORMATION WE COLLECT

We collect data through direct submission (contact forms, onboarding flows, contract execution), automated systems (server logs, analytics pipelines, session tracking), and third-party integrations used within our infrastructure. Categories of data collected include: business contact identifiers (name, title, company, email, phone), system and device signals (IP address, browser type, operating system, session timestamps), behavioral data on our platforms (page interactions, click paths, feature usage), and enterprise operational data processed under client-specific DPAs.

03 // LAWFUL BASIS FOR PROCESSING

AX24 processes personal data only under recognized lawful bases. For prospective and active Clients, processing is based on contractual necessity and legitimate business interest. For website visitors, processing is based on consent (where applicable) and legitimate interest in platform security and performance analytics. We do not process personal data for advertising purposes. We do not sell, rent, or broker data to third parties.

04 // HOW WE USE YOUR DATA

Data processed by AX24 is used exclusively for: delivering and optimizing contracted Services; responding to inquiries and managing commercial relationships; maintaining platform security and abuse prevention; fulfilling legal and regulatory obligations; and improving internal systems and infrastructure performance. No Client data is used to train AX24 AI models without explicit, written authorization from the Client.

05 // DATA SHARING

AX24 does not sell or share personal data with third parties for their independent commercial use. We may share data with: sub-processors operating under equivalent data protection obligations (cloud infrastructure providers, security monitoring services); legal authorities where disclosure is required by law; and professional advisors bound by confidentiality obligations. All sub-processors are vetted and listed in our Sub-Processor Registry, available upon request.

06 // DATA RETENTION

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Client operational data is retained for the duration of the active engagement, plus ninety (90) days following termination to allow for orderly data handover. Contact and inquiry data is retained for up to twenty-four (24) months. All retained data is secured under AX24's internal data classification and access control protocols.

07 // DATA SECURITY

AX24 maintains enterprise-grade security controls across all data processing environments, including end-to-end encryption in transit and at rest, role-based access controls, regular penetration testing, and continuous anomaly detection across infrastructure nodes. Security incidents, if any, will be communicated to affected Clients within seventy-two (72) hours of confirmed detection, in compliance with applicable breach notification regulations.

08 // YOUR RIGHTS

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data. You may also have the right to object to certain processing activities. Requests can be submitted to our data team at the contact address listed below. We will respond to verifiable requests within thirty (30) days. Rights requests from organizational contacts may be subject to identity and authorization verification.

09 // INTERNATIONAL TRANSFERS

AX24 infrastructure operates across multiple jurisdictions. Where personal data is transferred outside of the originating jurisdiction, we apply appropriate transfer mechanisms, including Standard Contractual Clauses or equivalent legal safeguards, to ensure data protection standards are maintained.

10 // POLICY UPDATES

This Privacy Policy is reviewed and updated on a regular basis. Material changes will be communicated via our platform or direct contact notification. The effective date at the top of this document reflects the most recent revision.

For privacy-related inquiries: legal@ax24.io