Privacy Policy
1.Overview
The short version: we collect almost nothing, because there is almost nothing to collect.
axiomic.ai (the “Site”) is a single static page operated by Axiomic, LLC (“Axiomic,” “we,” “us,” or “our”). It has no user accounts, no forms, no payments, no subscriptions, no cookies set by us, no advertising, no tracking pixels, no social-media trackers, no marketing database, and nothing to sell. This policy explains the small amount of information that nonetheless necessarily touches the Site, and how we treat it.
2.Data Controller
For purposes of the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and any comparable data-protection laws, the data controller for any personal data processed in connection with the Site is:
Axiomic, LLC · Marin County, California, United States · marc@axiomic.ai
Axiomic is a small U.S.-based holding company. We are not required to, and have not, appointed a data protection officer or an EU/UK Article 27 representative; because of the de minimis nature of any processing that occurs through the Site, the controller contact above is the appropriate point of contact for all privacy inquiries.
3.Information We (Don’t) Collect
We do not actively collect any personal information from visitors. The only information that necessarily reaches the Site or its infrastructure is:
- Server logs. Our hosting provider automatically receives standard HTTP request data — IP address, user-agent string, referrer, timestamp, and the URL requested — as an inherent part of serving any website over the public internet. These logs are used for abuse prevention, security, and operational troubleshooting and are not combined by us with any other data.
- Webfonts. The Site loads typefaces from Google Fonts. When your browser fetches those assets, Google may log the request under its own terms. See Google’s privacy disclosures for details.
- Analytics. We do not currently use analytics. If we add analytics in the future, we will use a privacy-friendly, cookie-free service (for example, Plausible) that produces only aggregated, anonymous usage statistics and does not track individuals across sites. This policy will be updated before any such change takes effect.
4.What We Do Not Do
We do not: set tracking or advertising cookies; run third-party advertising pixels; build visitor profiles; sell, rent, trade, or share personal information with data brokers or for marketing purposes; send marketing email; maintain an email list through the Site; use device fingerprinting; embed social-media trackers; or process your data through AI systems or automated decision-making for any purpose on this Site.
5.Legal Basis for Processing (GDPR / UK GDPR)
To the extent the incidental processing described in Section 3 constitutes processing of personal data of EU or UK data subjects, the legal basis is our legitimate interests under Article 6(1)(f) of the GDPR (and the corresponding provision of the UK GDPR) in operating a functioning, secure website and understanding basic operational metrics. We have balanced those interests against your rights and freedoms and concluded that the processing is minimally intrusive and proportionate.
If you contact us by email, we process your contact details and message content on the basis of legitimate interests in responding to your inquiry and, where applicable, taking steps at your request prior to entering into a contract under Article 6(1)(b).
6.Sub-Processors and Third-Party Sites
The Site links outward to portfolio companies, products, and publications operated by separate legal entities. Those third parties have their own privacy practices. When you follow a link from the Site, the destination’s privacy policy applies from the moment your browser requests the external page.
The following service providers (“sub-processors”) process a limited amount of technical data on our behalf, or as inherently necessary to serve the Site over the public internet:
| Service | Purpose | Region | Privacy Policy |
|---|---|---|---|
| Render, Inc. | Static-site hosting and TLS termination | United States | render.com/privacy |
| Cloudflare, Inc. | DNS resolution and, where applicable, CDN delivery | Global | cloudflare.com/privacypolicy |
| Google LLC | Google Fonts asset delivery | Global | policies.google.com/privacy |
| GitHub, Inc. | Source-code hosting for the Site’s deployment pipeline | United States | github.com/privacy |
We may substitute comparable providers from time to time and will update this list accordingly. Where required by applicable law, international transfers of personal data are made under appropriate safeguards, including (as applicable) the EU Standard Contractual Clauses and the UK International Data Transfer Addendum.
7.Data Retention
Because we do not actively collect personal data through the Site, there is typically nothing to retain. Technical server logs are retained for a short period (generally no more than 90 days) for security and operational purposes. Inbound email correspondence is retained only as long as reasonably necessary to respond and to maintain a normal business record, and then deleted or archived in accordance with ordinary record-keeping practices.
8.Your Rights Under GDPR and UK GDPR
If you are a data subject in the EU, the EEA, or the UK, you have the following rights with respect to personal data we process about you:
- the right of access (Article 15);
- the right to rectification (Article 16);
- the right to erasure / “right to be forgotten” (Article 17);
- the right to restriction of processing (Article 18);
- the right to data portability (Article 20);
- the right to object to processing based on legitimate interests (Article 21);
- the right not to be subject to solely automated decision-making, including profiling (Article 22); and
- the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.
Because we collect almost nothing, there is typically nothing to access, correct, port, or delete — but if you believe we hold information about you and want to exercise a right, email marc@axiomic.ai with the subject line “Privacy Request.” We aim to respond within 30 days.
9.California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”), gives you the following rights:
- the right to know what categories of personal information we have collected, the sources of that information, and the purposes of collection;
- the right to access specific pieces of personal information we have collected about you;
- the right to request deletion of personal information;
- the right to request correction of inaccurate personal information;
- the right to opt out of the sale or sharing of personal information;
- the right to limit the use and disclosure of sensitive personal information; and
- the right not to be discriminated against for exercising your rights.
We do not sell or share personal information within the meaning of the CCPA and have not done so in the preceding 12 months, whether for monetary consideration or otherwise, including for cross-context behavioral advertising. We do not knowingly sell or share personal information of consumers under 16.
To exercise a CCPA right, email marc@axiomic.ai with the subject line “California Privacy Request.” We will respond within 45 days, with an additional 45-day extension if reasonably necessary. You may also designate an authorized agent to make a request on your behalf, subject to our verification of the agent’s authority and your identity.
10.Other U.S. State Privacy Rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, and other U.S. states with comprehensive consumer privacy laws in effect may have rights similar to those described above, including rights to access, correct, delete, opt out of targeted advertising and profiling, and appeal adverse decisions. To exercise any such right, email marc@axiomic.ai with the subject line “State Privacy Request” and identify your state of residence. We will respond within the timeframe required by your state’s law.
11.EU AI Act Statement
The Site is not an “AI system” as defined in Article 3(1) of Regulation (EU) 2024/1689 (the “EU AI Act”). The Site does not deploy, provide, or make available any AI system for content generation, automated decision-making, profiling, biometric identification or categorisation, emotion recognition, scoring, classification, or any other AI-driven processing directed at visitors. No personal data processed in connection with the Site is used to train, fine-tune, evaluate, or develop AI models.
Certain companies in our portfolio are independent entities that develop or operate AI systems; Axiomic is not a provider, deployer, importer, distributor, or authorised representative within the meaning of the EU AI Act with respect to those portfolio companies merely by virtue of listing them. Please consult each portfolio company’s own disclosures for information about their AI practices.
12.Children
The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us and we will take appropriate steps to delete it.
13.Data Security and Breach Notification
The Site is served over HTTPS. Because we collect no accounts, passwords, payment information, or sensitive personal data, the attack surface of the Site is intentionally minimal. No method of transmission over the internet or electronic storage is 100% secure, however, and we cannot guarantee absolute security.
In the unlikely event of a personal-data breach affecting individuals with rights under the GDPR or UK GDPR, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where required, we will also notify affected individuals in accordance with Article 34 and applicable U.S. state breach-notification laws.
14.Do Not Track and Global Privacy Control
Because we do not track visitors across sites or services, Do Not Track (“DNT”) signals and Global Privacy Control (“GPC”) signals have no additional effect on our processing — we already do not do the things those signals ask us not to do.
15.Changes to This Policy
If this policy changes, we will update the “Effective” date above. If the change is material (for example, introducing analytics, forms, or any form of active data collection), we will call it out plainly on the Site.
16.Contact
Axiomic, LLC · Marin County, California · marc@axiomic.ai