How AXIOM QX collects, uses, shares, and protects your information.
This Privacy Policy describes how AXIOM QX INC, a New Jersey corporation ("AXIOM," "we," "our," or "us"), collects, uses, shares, and protects information when you access or use the AXIOM QX platform at app.axiomqx.com, the AXIOM QX website at axiomqx.com, and all related services (collectively, the "Services"). This Policy applies to all users including builders ("Customers"), their clients ("Portal Users"), subcontractors, and website visitors.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This Policy is incorporated into the AXIOM QX Terms and Conditions Agreement.
Account Registration. Name, email address, phone number, company name, company address, and state of operation.
Authentication Credentials. Managed by Clerk, Inc. (SOC 2 Type II). AXIOM does not directly store passwords.
Payment Information. Processed by Stripe, Inc. (PCI DSS Level 1) through Clerk's billing integration. AXIOM does not collect, process, store, or transmit payment card data.
Communications. Content of emails, support requests, and other correspondence.
Portal PINs. 4-digit numeric codes set by builders for client portal access.
Activity Logs. Login timestamps, feature usage, portal access attempts (successful and failed), file upload attempts, system configuration changes.
IP Addresses. Collected for rate limiting, abuse prevention, and security. Stored with automatic expiration (15 minutes to 24 hours).
Upload Audit Logs. Source IP, original filename, MIME type, accepted/rejected status, rejection reason, timestamp. Capped at 500 entries per project.
Cookies. Limited to platform functionality only. See our Cookie Policy for details.
Smartsheet Data (Disclosure Pursuant to Smartsheet Developer Agreement Section 2.3.1). AXIOM QX accesses your Smartsheet account pursuant to the Smartsheet Developer Agreement. Upon your OAuth 2.0 authorization, AXIOM reads and writes to your sheets, rows, columns, and attachments through the Smartsheet REST API to provide project tracking, client portals, subcontractor portals, and template deployment. AXIOM does not persistently store your Smartsheet data. All data remains in your Smartsheet account and is accessed in real time only as needed to render the platform interface and execute commands you initiate. You may revoke AXIOM's access at any time by disconnecting the Smartsheet integration through the platform or directly through your Smartsheet account settings at app.smartsheet.com.
Clerk Authentication Data. Authenticated identity (email, session status).
AXIOM operates on a zero-data-custody architecture. We do NOT persistently store:
AXIOM is a command and display layer connecting to your Smartsheet account. Project data never leaves Smartsheet except for momentary in-memory processing to render the interface. When you disconnect, no project data remains. Files uploaded through portals pass through for validation only and are immediately forwarded to Smartsheet. AXIOM does not retain copies.
We do not sell, rent, or trade personal information. We share only with:
Service Providers: Smartsheet (project data per OAuth), Clerk (authentication, SOC 2), Stripe (billing, PCI DSS), Upstash (database, encrypted), Vercel (hosting, SOC 2), SendGrid (system email), Sentry (errors, PII disabled), BetterStack (uptime), GitHub (version control). Current list maintained and available upon request.
Legal Requirements: When required by law, subpoena, court order, or valid legal process.
Business Transfers: In connection with merger, acquisition, or asset sale, with prior notification.
With Consent: With your explicit consent or at your direction.
We implement technical and organizational measures including: TLS/HTTPS encryption, Clerk JWT authentication with ownership verification, rate limiting, 11-point file upload validation (MIME whitelist, magic byte verification, executable blocklist, filename sanitization, size limits), automated PIN self-destruct, comprehensive audit logging, timing-safe credential comparison, cryptographically random identifiers, and HttpOnly/Secure/SameSite=Strict cookies. Complete security controls documented and available upon request.
Account Data: Duration of active subscription + 30 days post-termination.
Activity Logs: Duration of subscription.
Upload Logs: 500 entries per project, auto-pruned.
Rate Limit Data: Auto-expires (15 min to 24 hours).
OAuth Tokens: While integration active, deleted on disconnect.
Project Data: Not retained; resides in Smartsheet.
Access: View account info via dashboard.
Correction: Update info via platform.
Disconnection: Revoke Smartsheet access anytime.
Deletion: Request deletion at legal@axiomqx.com, processed within 30 days.
Export: Request activity log export.
Opt-Out: Non-essential notifications (cannot opt out of security alerts).
Non-Discrimination: No penalty for exercising rights.
California residents: Right to Know (categories and specific personal information collected), Right to Delete (subject to exceptions), Right to Opt-Out of Sale (we do not sell personal information), Right to Non-Discrimination. To exercise: legal@axiomqx.com. Identity verification required.
AXIOM QX INC is based in the United States. Information may be transferred to and processed in the United States. We rely on standard contractual clauses and lawful transfer mechanisms where required.
Services designed for business use by construction professionals. Not directed to individuals under 18. We do not knowingly collect information from children.
We will notify you of material changes via email at least 30 days before they take effect. Continued use constitutes acceptance.
AXIOM QX INC
Privacy inquiries: legal@axiomqx.com
Security reports: security@axiomqx.com
General support: support@axiomqx.com
Web: https://axiomqx.com
AXIOM QX INC - Quality Execution in Construction Operations