Privacy Policy

2.1 Account Information

When you create an Axion ERP account, we collect:

• Full name
• Email address
• Company name and business information
• Phone number (optional)
• Password (encrypted and never stored in plain text)
• Business type and industry
• Company registration details
• Tax identification numbers (when applicable)

2.2 Business Data

When you use Axion ERP to manage your business operations, we process:

• Financial records, transactions, and accounting data
• Customer information and contact details (CRM data)
• Employee records, payroll information, and HR data
• Inventory data, product catalogs, and stock levels
• Sales orders, purchase orders, and invoices
• Supplier and vendor information
• Payment and billing information
• Tax records and compliance documentation
• Business documents, contracts, and attachments
• Custom fields and business-specific data

You maintain ownership and control of all business data you input into Axion ERP. We process this data solely to provide the Service to you.

2.3 Financial Transaction Data

When you use Axion ERP's financial management features, we process:

• Journal entries and general ledger data
• Bank account information and reconciliation data
• Payment processing information (handled securely through Stripe)
• Credit card information (processed and stored by Stripe, not by us)
• Financial reports and analytics
• Budget and forecasting data
• Multi-currency transaction records
• Tax calculations and VAT records

Payment card information is handled exclusively by our PCI-compliant payment processor, Stripe. We do not store complete credit card numbers on our servers.

2.4 Employee and HR Data

When you use Axion ERP's human resources features, we process:

• Employee personal information (names, contact details, etc.)
• Employment contracts and job descriptions
• Attendance and time tracking data
• Payroll information and salary details
• Benefits and leave management data
• Performance reviews and evaluations
• Training and certification records
• Emergency contact information

You are responsible for ensuring you have appropriate consent and legal basis for processing employee data through our platform.

2.5 Automatically Collected Information

When you access and use Axion ERP, we automatically collect:

• IP address and geolocation data
• Device information (type, operating system, browser)
• Usage data (features used, time spent, actions taken)
• Log data (access times, errors, performance metrics)
• Cookies and similar tracking technologies
• Session information and authentication data
• API usage and integration data

2.6 Communications

We collect information when you contact us through email, support tickets, or other communication channels. This includes your messages, attachments, and any information you choose to provide.

2.7 Third-Party Integrations

If you connect third-party services to Axion ERP (such as payment gateways, banking APIs, or other business tools), we may receive data from those services as necessary to provide the integration functionality. The data we receive depends on your settings with those third-party services.

3.1 Service Delivery

• Provide, operate, and maintain Axion ERP
• Process your business transactions and data
• Manage your account and user permissions
• Generate financial reports and analytics
• Process payroll and HR operations
• Manage inventory and commerce operations
• Facilitate multi-company management
• Enable ZATCA e-invoicing and VAT compliance
• Provide customer relationship management tools

3.2 Service Improvement

• Understand how users interact with Axion ERP
• Develop new features and functionality
• Improve user experience and interface design
• Optimize performance and reliability
• Test new features and updates
• Conduct research and analysis

3.3 Communication

• Send service-related notifications and updates
• Respond to your inquiries and support requests
• Provide technical support and assistance
• Send important security or compliance alerts
• Notify you about changes to our Service or policies
• Send marketing communications (with your consent)
• Conduct surveys and gather feedback

3.4 Security and Fraud Prevention

• Detect and prevent fraud, abuse, and security incidents
• Monitor for suspicious activity
• Verify user identity and authentication
• Protect against unauthorized access
• Maintain audit logs for compliance
• Investigate and respond to security incidents

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our rights, property, and safety
• Maintain tax and financial records
• Fulfill regulatory reporting requirements

3.6 Business Operations

• Process billing and subscription payments
• Manage customer accounts and subscriptions
• Generate invoices and financial records
• Handle refunds and billing disputes
• Analyze business metrics and performance
• Plan capacity and infrastructure needs

4.1 Security Measures

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Multi-factor authentication (MFA) support
• Regular security audits and penetration testing
• Firewall protection and intrusion detection
• Secure cloud infrastructure (AWS/GCP)
• Role-based access control (RBAC)
• Regular security patches and updates
• Secure backup and disaster recovery procedures

4.2 Access Controls

We limit access to your data:

• Only authorized personnel can access user data
• Access is granted on a need-to-know basis
• All access is logged and monitored
• Employees sign confidentiality agreements
• Background checks for employees with data access
• Regular access reviews and audits

4.3 Data Isolation

Your business data is logically isolated from other customers' data. Each organization's data is segregated and cannot be accessed by other organizations using Axion ERP.

4.4 Incident Response

In the event of a data breach or security incident, we will:

• Investigate and contain the incident promptly
• Notify affected users within 72 hours (as required by GDPR)
• Notify relevant authorities when required
• Take corrective actions to prevent recurrence
• Provide support and guidance to affected users

4.5 Security Limitations

While we implement robust security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and for any activity under your account. Please notify us immediately at security@axionerp.co if you suspect unauthorized access to your account.

5.1 Service Providers

We work with trusted third-party service providers to help us deliver Axion ERP:

• Payment Processing: Stripe (for processing subscription payments and handling credit card information securely)
• Cloud Hosting: AWS or Google Cloud Platform (for secure data storage and application hosting)
• Email Services: For sending transactional emails and notifications
• Analytics: For understanding usage patterns and improving the Service (anonymized data only)
• Support Tools: For providing customer support and managing tickets

All service providers are contractually obligated to protect your data and use it only for providing services to us. They are required to comply with applicable data protection laws.

5.2 Business Transfers

If NovaMind Technologies is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, etc.)
• Government or regulatory requests
• Requests from law enforcement agencies
• National security requirements

We will notify you of such requests unless prohibited by law or when we believe notification would be counterproductive or increase risk of harm.

5.4 Protection of Rights

We may disclose information when we believe it is necessary to:

• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users
• Prevent fraud or security incidents
• Investigate violations of our policies

5.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when you authorize integrations with other business tools or services.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or your business. This data may be used for research, analytics, benchmarking, or marketing purposes.

6.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent where processing is based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Opt-Out: Opt-out of the sale of your personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

6.3 UAE Data Protection Rights

Under UAE data protection laws, you have rights to access, correct, and delete your personal data. You may also object to processing or request restriction of processing in certain circumstances.

6.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@axionerp.co. We will respond to your request within 30 days (or as required by applicable law).

You may also manage many aspects of your data directly through your Axion ERP account settings, including updating your profile information and downloading your data.

6.5 Account Settings

You can access and modify your account information at any time by logging into your Axion ERP account. You can also update your communication preferences and manage integrations.

6.6 Marketing Communications

You can opt-out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us at support@axionerp.co. Please note that you cannot opt-out of service-related communications (such as security alerts or billing notifications).

6.7 Data Portability

You can export your business data from Axion ERP at any time using our data export features. Exports are provided in common formats such as CSV, Excel, or JSON.

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar tracking technologies to provide, protect, and improve Axion ERP.

7.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with Axion ERP
• Performance Cookies: Measure and improve performance

7.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling cookies may affect your ability to use certain features of Axion ERP. Essential cookies cannot be disabled if you want to use the Service.

7.4 Third-Party Cookies

Some third-party service providers (such as analytics tools) may set their own cookies when you use Axion ERP. We do not control these cookies and recommend reviewing the privacy policies of these third parties.

7.5 Do Not Track

Some browsers support a "Do Not Track" (DNT) signal. Currently, there is no industry standard for DNT, and we do not respond to DNT signals. However, we provide you with choices about data collection and use as described in this Privacy Policy.

8.1 Retention Periods

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specific retention periods include:

• Account Data: Retained while your account is active and for a reasonable period after account closure (typically 30-90 days)
• Business Data: Retained while your subscription is active and for 90 days after cancellation (unless you request earlier deletion)
• Financial Records: Retained for 7 years to comply with tax and accounting regulations
• Security Logs: Retained for 1-2 years for security and fraud prevention
• Support Communications: Retained for 3-5 years for quality assurance and legal purposes

8.2 Legal Obligations

We may retain certain information longer when required by law, regulation, or legal hold. For example, tax records and financial documents must be retained for specified periods under UAE law.

8.3 Account Deletion

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, tax, or security purposes. You can request account deletion by contacting support@axionerp.co.

8.4 Backup Data

Deleted data may persist in backup systems for up to 90 days. Backup data is not accessible for normal operations and is retained solely for disaster recovery purposes.

8.5 Anonymized Data

We may retain anonymized or aggregated data indefinitely for analytics, research, and product improvement purposes. This data cannot be used to identify you or your business.

9.1 Global Operations

NovaMind Technologies is based in the UAE, but we use cloud service providers that may store and process data in various locations around the world. Your data may be transferred to and processed in countries other than your country of residence.

9.2 Data Transfer Safeguards

When we transfer data internationally, we implement appropriate safeguards:

• Use of Standard Contractual Clauses (SCCs) approved by the EU Commission
• Data Processing Agreements with all service providers
• Compliance with EU-US and Swiss-US Privacy Shield principles (where applicable)
• Implementation of technical and organizational security measures
• Regular assessments of data protection practices

9.3 EEA Data Transfers

If you are located in the European Economic Area (EEA), we ensure that transfers of personal data to countries outside the EEA are protected by appropriate safeguards as required by GDPR.

9.4 Data Localization Options

Enterprise customers may request data localization in specific regions. Please contact our sales team at support@axionerp.co to discuss data residency options.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at privacy@axionerp.co.

Response Time

We aim to respond to all privacy-related inquiries within 30 days. For urgent security matters, please use security@axionerp.co and we will respond within 24-48 hours.