Axis

Security

Last updated May 31, 2026

Encryption

All data transmitted between users and Axis is encrypted in transit using TLS 1.3. Data at rest in the production database and object storage is encrypted using AES-256.

Multi-tenancy

Workspace data is isolated using row-level security enforced at the database engine level. Every tenant-scoped table is gated by a database policy that verifies the session’s tenant identifier before any row is returned or modified, eliminating the risk of accidental cross-tenant data leakage at the query layer.

Authentication

Passwords are hashed using Argon2id with per-user salts. Sessions are managed via HTTP-only, secure, SameSite cookies. Optional multi-factor authentication (TOTP) is available for all accounts.

Access control

Axis uses role-based access control with four standard roles: owner, admin, member, and viewer. Permissions are enforced server-side on every API request. Administrative operations such as user invitations, role changes, and data export require the “users.manage” capability, which is granted only to owners and admins.

Backups

Production databases are backed up automatically every day with point-in-time recovery available within the retention window. Backups are stored encrypted at rest.

Infrastructure

Axis is hosted on secure cloud infrastructure with automated health monitoring, application-level health checks, and continuous deployment. Production secrets are stored in a dedicated secrets manager and never committed to source control.

Vulnerability disclosure

If you believe you have discovered a security vulnerability in Axis, please report it to info@axiscrm.org. We ask that you give us a reasonable opportunity to investigate and remediate before publicly disclosing. We do not currently operate a bug bounty program but appreciate responsible disclosure.

Compliance roadmap

SOC 2 Type I attestation is planned. Customers with specific compliance requirements may contact us to discuss the current control environment.

Contact

For security inquiries, contact info@axiscrm.org.