Security at Axys Analysis

Reporting a vulnerability

If you believe you've found a security vulnerability in Axys Analysis, please report it to hello@axysanalysis.com with the subject line “Security Disclosure”. We ask that you give us reasonable time to investigate and address the issue before public disclosure. We will acknowledge your report within 48 hours and keep you informed of our progress.

Our security practices

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel. We conduct regular dependency vulnerability scanning and maintain an audit log of all significant system events. Candidate data is automatically deleted after 12 months in line with our retention policy.

Scope

In scope: axysanalysis.com, app.axysanalysis.com, and the Axys Analysis API. Out of scope: third-party services we rely on (Supabase, Vercel, Anthropic, Stripe). Please report vulnerabilities in those services directly to their respective security teams.

Contact