Axovera
Sign in
Legal · Privacy

Privacy Policy

Status: DRAFT v1. Effective date TBD. Material changes are emailed to account holders 30 days in advance.

1. Information we collect

1.1 Account information

Email, name, institutional affiliation (you provide on sign-up). Identity provider sub (Cognito), MFA enrollment status.

1.2 Lab + project metadata

Lab name, members, role assignments. Job submissions: pipeline, parameters, timestamps, author, status.

1.3 Research data you upload

Videos, pose keypoints, neural recordings (LFP / EOD / IPI), and any derived artifacts. Treated as YOUR data; we are the processor, not the owner. We do not train shared models on your data without written opt-in (see Section 4).

1.4 Billing information

Stripe handles card data; we never see the PAN. We store the Stripe customer id + the cached invoice and charge events from webhooks.

1.5 Operational telemetry

Request logs (CloudFront + ALB access logs). Application logs via structlog with PII redaction (Authorization headers, Idempotency keys, X-Demo-User-* headers stripped at the log writer). Sentry error traces, scrubbed of bodies and headers.

2. How we use it

  • Provide the service (performance of contract).
  • Bill you (performance of contract).
  • Detect abuse + threat events (legitimate interest).
  • Improve the platform (legitimate interest, with anonymization).
  • Audit + compliance (legal obligation).

3. Sharing + sub-processors

  • AWS (us-east-1 + us-west-2 DR): compute, storage, KMS, Cognito, SES.
  • Stripe: card processing + invoicing.
  • Anthropic: Co-pilot turns are sent server-side; we never include customer data unless your lab member explicitly invokes a Co-pilot tool that reads it.
  • Sentry: error tracing.
  • Cloudflare: DNS + DDoS layer.

No data is sold to third parties. No advertising IDs.

4. Research data + model training

We do NOT train shared models on customer videos by default. Two classes of opt-in exist:

  • Per-customer overlays: trained from YOUR data, bound to YOUR customer id; never served to another customer.
  • Atlas contributions (Phase 5+, opt-in): you may consent to share redacted labels for cross-lab atlas building. Off by default.

5. Retention

  • Account + billing: retained for the duration of the contract + 7 years (statutory).
  • Research data: retained for the contract duration. On termination, exported within 90 days and then deleted.
  • Logs + telemetry: 90 days hot, 1 year archive.

6. Your rights

Access, correct, delete, port your data: email privacy@axovera.ai. We respond within 30 days. Object to processing, withdraw consent: same channel. Lodge a complaint with your supervisory authority (EU DPA, FTC, CPPA).

7. Security

ENFORCED Cognito Threat Protection, TOTP MFA mandatory, per-data-class CMKs, FORCE ROW LEVEL SECURITY on customer-scoped tables.

8. Children's privacy

The service is not directed to anyone under 16. We do not knowingly collect such data.

9. Changes

Material changes are emailed 30 days in advance to all account holders. The version + effective date stamp at the top.

10. Contact

privacy@axovera.ai · data-protection officer dpo@axovera.ai · Axovera, Inc.