Security Overview
Table of Contents
Security Program
AXOMO’s security program is built upon industry-recognized standards, including the AICPA’s Trust Services Principles and ISO 27000 suite of security standards. We continue to improve our security program over time as part of operating in line with these standards.
Encryption
AXOMO uses industry-recognized encryption to protect data at rest and in transit. AXOMO uses AES 256-bit encryption to protect data at rest in backend data stores and TLS 1.2 (or higher) to protect data in transit.
Service Level Agreements
AXOMO builds resiliency into its products – utilizing some of the powerful out-of-the-box functionalities enabled by the cloud services providers in use by AXOMO – to provide robust service level agreements for uptime for customers. We aim to provide 99.9% uptime with fast response times.
Data Storage and Isolation
Your data is always stored properly – encrypted at rest in our backend databases or object stores in our cloud service providers. Data from one customer cannot be accessed by another customer.
Access Management
Access to production systems and data is restricted to vetted, authorized personnel. Personnel access is established based on roles, using the principle of least privilege. Access to data is logged and monitored.
Credit Card Processing & PCI Compliance
AXOMO partners with Stripe for credit card processing. All credit card data is sent directly to Stripe’s secure network and a token is returned that is then stored in the AXOMO database. The token stored allows us to keep your card on file without storing any sensitive information about the credit card. Stripe is one of the world leaders in online credit card processors and is certified to PCI Service Provider Level 1 (the most stringent level of certification available). For more information about Stripe’s security policies see – https://stripe.com/docs/security/stripe.
Vulnerability Testing
Our regularly updated scan engine identifies external network vulnerabilities so we can keep your data safe. This vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, and remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.
Vulnerability Disclosure Program
Found a vulnerability that you’d like to report? We sincerely appreciate you taking the time to identify and report your findings to us! AXOMO takes these seriously, if you think you have found a vulnerability, please use the form below to submit details about your findings. If you need to contact the security team for something else security-related, please reach out to us at support@axomo.com.
Data Location and Redundancy
AXOMO’s products are hosted both on Amazon Web Services (AWS) and Google Cloud Platform (GCP). These organizations have robust security and privacy programs and have commitments to encryption, data security, confidentiality, and availability that are maintained at standards that meet those established with AXOMO.
AWS and GCP environments are built with resiliency and scale in mind, with the ability to distribute documents and servers between various physical locations within an AWS or GCP region. These regions are built to use geographically dispersed physical locations within the same region to allow for effective redundancy and protection against disasters that might impact a single location within a region.
Partner Plug-ins and Connectors
AXOMO has a vast partner network, which offers various solutions for delivering strategic integrations with independent vendor applications. Safeguards for the tools built and implemented by AXOMO’s partners are established and maintained by the partner. AXOMO does not include these plug-ins and connectors during control performance or application penetration testing and encourages organizations to perform their due diligence on these integrations prior to their use. Any additional information related to the security of these partner plug-ins and connectors should be addressed with the AXOMO partner.
Single Sign-On (SSO)
We encourage you to use your identity and access management technology or SAML-based Single Sign-On (SSO) provider to authenticate to AXOMO. AXOMO provides a centrally managed Single Sign-On (SSO) configuration that integrates AXOMO with your existing SSO solution. Using this functionality, AXOMO easily plugs into the most popular SSO solutions, including LDAP, Active Directory, and other Federated solutions that support SAML 1.1/2.0. Using your own provider simplifies access control for organizations, and allows organizations to implement their own.
How are customer passwords stored and protected from unauthorized access or disclosure?
Passwords on Axomo are hashed using SHA512 so that not even our team can decrypt our user’s passwords. We additionally added unique salt per user so that a rainbow table could not be used to discover passwords. Finally, we offer single sign-on options to avoid passwords altogether.
Facility Security Compliance
AXOMO’s facility has been assessed by Intertek as conforming to the requirements of the standard Workplace Conditions Assessment. Intertek has assessed the practices of the above facility according to the scope of the Workplace Conditions Assessment, which resulted in meeting the performance criteria required for the “Achievement Award”.
The evaluation of the facility covered the following areas:
- Labor
- Wages and Hours
- Health and Safety
- Management System
- Environment
For further information about these or to get a copy of the certification, please reach out to your AXOMO Account Executive.
Code of Ethics
The aim of our code of ethics policy is to unify AXOMO employees and partner entities around creating positive client experiences and demonstrating professional neutrality in all that we do. We expect our team to carry out their job responsibilities with integrity and consideration for each of our end-users. This policy outlines the guidelines we adhere to and the course corrections for violating our code of ethics.
The Influence of Core Values
It is important to pause and make mention of the company’s Core Values, which underscore everything we do at AXOMO.
- We Put People First – The challenges we tackle are particularly rewarding because of the people we get to work with, which includes our teammates and our customers. When we seek to elevate each other and the clients we serve, the road to success is already being paved.
- We Embody An Attitude of Ownership – Each day we get the opportunity to not only expand the influence of AXOMO but to also build up trust and rapport by thoroughly following through on tasks.
- We Are Cool Under Fire – We don’t allow ourselves to become distracted by the size or complexity of any given job; we simply organize, prioritize, and crush the next task in front of us.
Integrity and Honesty
It is expected that our team members will conduct themselves honestly and transparently in the performance of their work responsibilities. We do not tolerate malicious, deceitful, or petty conduct. Lies and cheating are huge red flags and, if you’re discovered, you will receive write-ups or immediate termination depending on the severity of your actions. Stealing from the company or other people is illegal, whether it be money, data, office supplies, or other tangible goods. Those caught stealing will be at risk for termination and/or legal action. The decision is at HR’s discretion on a case-by-case basis.
Anti-Harassment and Anti-Discrimination
There is no tolerance for harassment or discrimination (of any kind) at AXOMO. Also, any kind of violence is strictly prohibited and will result in immediate termination. If someone, be it a customer, colleague, or stakeholder, is offensive, demeaning, or threatening toward you or someone you know, report them immediately to HR or your manager. You can also report rudeness and dismissiveness if they become excessive or frequent.
Conflicts of Interest & Kickback Clauses
Conflicts of interest may occur whenever your interest in a particular subject leads you to actions, activities, or relationships that undermine our company. This includes situations like using your position’s authority for your own personal gain, exploiting company resources to support a personal money-making business, using an ill-advised vendor in order to take advantage of certain seasonal incentives/customer rewards, etc.
AXOMO has a “kickback clause” in place to remind you that it is NOT okay to personally accept or solicit gifts, rewards, or unpaid overages from our vendors. If it turns out you have created a conflict of interest that impacts the company, you will be at risk for termination. If the conflict of interest is involuntary, we will take action to rectify the situation. If you repeat the offense, you may be terminated.
Explicit Content / Right of Recusal
In nearly all cases, AXOMO remains a neutral party, ready to customize and fulfill all types of item and design requests regardless of their origin or message. We do not discriminate against any race, religion, sexual orientation, or any other protected class. We do allow our employees to individually recuse themselves from working on orders that they feel are offensive or make them uncomfortable, and we provide sufficient cross-training in order to properly complete said orders without alienating those employees or our customers. It should be clearly understood, though, that we do NOT stand for anything that promotes “hate speech”, and we reserve the right to decline any job that is perceived to be such.
AXOMO has a “kickback clause” in place to remind you that it is NOT okay to personally accept or solicit gifts, rewards, or unpaid overages from our vendors. If it turns out you have created a conflict of interest that impacts the company, you will be at risk for termination. If the conflict of interest is involuntary, we will take action to rectify the situation. If you repeat the offense, you may be terminated.
Communication
Effective communication is a critical component of every facet of our business. Employees are expected to be courteous and professional in all their communications (whether verbal, in-person, or digital), as well as thorough enough to clearly convey important details. In all things, we strive to put ourselves in the customers’ shoes, in order to provide them with the best possible experience. Those found to be compromising the company’s reputation or causing internal errors/issues on account of poor communication will receive Improvement Plans and adequate instruction/training on how to correct the matter. If performance doesn’t improve, the employee may be reassigned or possibly terminated.
Lawfulness
You are obliged to follow all local, state, and federal laws that apply to you individually, to your profession (if applicable), and to our organization.
You are also included in our Privacy and Non-Compete policies. You must not expose, disclose, or endanger the information of our customers, employees, stakeholders, special Non-Disclosure Agreements (NDA), or financial holdings.
Following laws regarding fraud, bribery, corruption and any kind of assault is a given. You are also obliged to follow laws on child labor and avoid doing business with unlawful organizations. If you’re not sure what the law is in a specific instance, don’t hesitate to ask HR or our legal counsel.
Customer Acceptable Use Policy
AXOMO’s By signing up for Axōmō (“Service”) or any of the services of Namify LLC (“Namify”) you are agreeing to specified terms and conditions (“Terms of Service”), applicable to both online tools for e-commerce store management and/or our customization and fulfillment of your company’s branded goods. AXOMO reserves the right to change its Terms of Service at any time.
Any new features or tools that get added to the Service offering shall be subject to the most up-to-date version of our Terms of Service (which can be reviewed here at any time). Namify will periodically notify its users/subscribers when changes are made to the Terms of Service below.