Axiom Identity Services

Privacy Notice

Axiom Identity Services · Last updated: 1 January 2026

1. About This Notice

This notice describes how Axiom Identity Services ("Axiom", "we", "us") processes personal data when you authenticate through the Axiom portal on behalf of your organisation. Axiom provides single sign-on (SSO) and identity verification services to enterprise clients under contract. This portal is not a consumer service — access is restricted to authorised personnel.

2. Data We Collect

When you access this portal, we automatically collect the following for security and audit purposes on behalf of your organisation:

  • IP address and approximate geolocation
  • Browser type, version, and operating system
  • Authentication timestamps and session identifiers
  • Credentials submitted during the login flow (transmitted securely to your organisation's identity provider)
  • Device fingerprint metadata for anomaly detection

3. How We Use This Data

Data collected through the portal is processed exclusively on behalf of and under instruction from your organisation (the Data Controller). We act as a Data Processor under EU GDPR Article 28. Specifically, we use this data to:

  • Authenticate your identity and establish a secure session
  • Detect and prevent unauthorised access attempts
  • Generate audit logs for your organisation's security team
  • Maintain service availability and performance

We do not sell, share, or use this data for advertising or any purpose outside the contracted service scope.

4. Legal Basis

Processing is carried out under legitimate interests (Article 6(1)(f)) — specifically, the security and integrity of enterprise authentication infrastructure — and under the contractual obligations between Axiom and your organisation (Article 6(1)(b)).

5. Data Retention

Authentication logs are retained for 90 days and then automatically purged, unless a longer retention period is specified in your organisation's service agreement. Credential data is never stored — it is forwarded to your identity provider in real time and discarded.

6. Security

All data in transit is encrypted via TLS 1.3. Access to authentication logs is restricted to your organisation's designated security administrators. Axiom undergoes annual third-party penetration testing and maintains ISO 27001 alignment across its infrastructure.

7. Your Rights

As Axiom acts as a Data Processor, requests to access, correct, or delete personal data should be directed to your organisation's IT or Data Protection team. They are the Data Controller and will coordinate with us as required.

8. Contact

For service-level enquiries, contact your organisation's IT administrator. Axiom does not respond to direct end-user privacy requests — all such requests must be routed through your employer.