Privacy Policy

Last updated: April 2026

1. Overview

Axiara (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect data when you use the Axiara browser extension and dashboard (“Services”).

Axiara operates under strict data minimization principles: we collect only what is necessary to detect unauthorized AI tool usage and support regulatory compliance.

2. What Data We Collect

The Axiara extension collects:

  • Domain names: The websites and SaaS tools you visit (e.g., github.com, figma.com)
  • Organization ID: Your firm's unique identifier (for multi-tenant isolation)
  • Employee ID: Your user identifier for audit trails
  • Timestamps: When events occur
  • Browser metadata: User agent, tabs count

We NEVER collect: Prompts, AI responses, page content, credentials, API keys, or any sensitive user-generated content.

3. Data Retention

We retain event data for 90 days by default, allowing your compliance team to generate historical reports. After 90 days, data is automatically deleted. Compliance reports (POJK 30/2025, OJK, GDPR assessments) are retained as long as required by law.

4. Data Location & Storage

All Axiara data for Indonesian organizations is stored in Google Cloud Platform (GCP), asia-southeast2 region (Jakarta), complying with data sovereignty requirements under UU PDP (Indonesian Data Protection Law).

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Only Axiara staff with audit credentials can access production data, and all access is logged.

5. Data Use

We use collected data to:

  • Detect unauthorized AI tool usage (Shadow AI detection)
  • Generate compliance reports (POJK 30/2025, OJK, UU PDP, GDPR, etc.)
  • Support your organization's governance and risk management
  • Improve detection accuracy and extension performance

We do NOT: Sell, share, or monetize your data. We do not use your data for advertising, profiling, or any purpose outside of the Services you purchased.

6. Your Rights (UU PDP)

Under Indonesian Data Protection Law (UU PDP Article 20-29), you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (after retention periods)
  • Withdraw consent
  • Lodge a complaint with the Indonesian Data Protection Authority

Contact us at privacy@axiara.ai to exercise any of these rights. We respond within 30 days.

7. International Data Transfers

Axiara operates in Indonesia and the Asia-Pacific region. Cross-border data transfers (if any) are governed by standard contractual clauses and adequacy assessments under UU PDP and GDPR (for EU customers).

8. Third Parties

We use trusted vendors for infrastructure and services:

  • Google Cloud Platform: Data hosting, compute, and storage
  • Better Auth: User authentication and session management
  • SendGrid: Email delivery (transactional emails only, no marketing)

All vendors comply with our data protection standards. We do not authorize third parties to use your data for their own purposes.

9. Security

Axiara implements industry-standard security measures:

  • End-to-end encryption for sensitive data
  • HTTPS/TLS 1.3 for all communications
  • Regular security audits and penetration testing
  • Multi-factor authentication (optional, available in Settings)
  • IP whitelisting for Cloud Run services

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

  • Email: privacy@axiara.ai
  • Website: https://axiara.ai
  • Address: Jakarta, Indonesia

By using Axiara, you agree to this Privacy Policy. If you disagree with any part, please do not use the Services. We may update this policy periodically. Significant changes will be announced to active users.