Breach Notification Policy

Section 1 — Our commitment

Axys Analysis LLC takes the security of personal data seriously. In the event of a confirmed data breach affecting personal data processed through our platform, we commit to notifying affected parties promptly and transparently.

Section 2 — Notification timeline

Upon becoming aware of a confirmed data breach:

• Affected customers (data controllers): notified within 72 hours
• Supervisory authorities (where required by GDPR or applicable law): notified within 72 hours
• Affected individuals (where the breach poses high risk to their rights and freedoms): notified without undue delay, in coordination with the affected customer

Section 3 — Notification content

Breach notifications will include:

• A description of the nature of the breach
• The categories and approximate number of individuals affected
• The likely consequences of the breach
• The measures taken or proposed to address the breach and mitigate its effects
• Contact information for further enquiries

Section 4 — Security measures

We maintain the following security measures to prevent and detect breaches:

• Encryption in transit (TLS) and at rest
• Row-level security on all tables containing personal data
• Role-based access controls with principle of least privilege
• Rate limiting on all public-facing endpoints
• Compromised refresh token detection
• Regular security audits and dependency updates
• Error monitoring via Sentry with anonymised identifiers
• Sub-processor security requirements documented at /legal/sub-processors

Section 5 — Contact

To report a security vulnerability or suspected breach: contact@axysanalysis.com