Privacy Policy

1. Data Controller

This Privacy Policy applies to the website axionly.io and the services provided under the Axionly brand, which is a division of:

Axiontic SRL is registered in Romania and operates within the European Union. As data controller, we are responsible for how your personal data is collected, used, and protected in accordance with Regulation (EU) 2016/679 (GDPR).

2. What We Collect

We collect only the data that is necessary to provide our services:

• Contact information — full name, work email address, phone number, and company name, provided when you complete a contact form, book a discovery call, or subscribe to our newsletter.
• Business information — the nature of your organisation's AI use, sector, and any context you voluntarily share during scoping calls or assessments.
• Assessment and contractual data — information gathered during the course of a paid assessment engagement, including findings, documentation, and deliverables.
• Website performance data — anonymised search query and indexing data collected via Google Search Console (see Section 3).

We do not collect payment card details. Any payments are processed through third-party payment providers under their own privacy policies.

3. How We Collect It

Forms on this website

When you submit a contact form, newsletter sign-up, or booking request, the information you enter is transmitted securely and stored in our internal database (see Section 6).

Google Search Console

We use Google Search Console to monitor how our website appears in Google Search results — for example, which search terms lead visitors to our site and whether our pages are indexed correctly. Google Search Console does not place cookies on visitors' browsers and does not track individual user behaviour or sessions. The data it provides is aggregated and anonymised by Google before we see it.

No behavioural tracking

We do not use any analytics tools, session recording software, heatmaps, advertising pixels, or other technologies that track how you move around or interact with this website. No profiling of website visitors takes place.

4. Legal Basis for Processing

We process personal data on the following legal bases under Article 6 GDPR:

• Contractual necessity (Art. 6(1)(b)) — to fulfil an assessment engagement or respond to a service request you have made.
• Legitimate interests (Art. 6(1)(f)) — to manage our business relationships, maintain service records, and monitor the security of our systems.
• Consent (Art. 6(1)(a)) — for newsletter subscriptions, which you can withdraw at any time.
• Legal obligation (Art. 6(1)(c)) — where we are required to retain records by applicable law.

5. How We Use Your Data

We use the personal data we collect exclusively to:

• Respond to enquiries and schedule discovery calls.
• Deliver contracted assessment services and produce reports.
• Send newsletters and regulatory updates to subscribers who have opted in.
• Manage ongoing business relationships and follow-up communications.
• Meet our legal and regulatory obligations.
• Monitor website search performance (aggregated, anonymised data only).

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Storage & Security

Internal database

Contact information — including names, email addresses, phone numbers, and company details — is stored in a secured internal database accessible only to authorised personnel at Axiontic SRL.

Digital vault

All assessment deliverables, contractual documents, and engagement records are stored in an encrypted digital vault. Access is strictly controlled and limited to the individuals directly involved in your engagement.

NDA protection

Every assessment engagement is governed by a Non-Disclosure Agreement (NDA). All information you share during the course of an assessment — including internal systems, policies, vulnerabilities, and findings — is treated as strictly confidential. We do not disclose engagement details to any third party without your explicit written consent.

Technical measures

We apply appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, or disclosure. Our systems are maintained within the European Union.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

• Assessment and contractual records — retained for the duration of the engagement and up to 4 years thereafter, in line with standard business record-keeping practice.
• Contact and enquiry data — retained for up to 4 years from the date of last contact, unless you request earlier deletion.
• Newsletter subscriber data — retained until you unsubscribe.

If you are a client and your organisation requests deletion of all associated data after the 4-year period, we will carry out that deletion within 30 days of receiving a written request, provided there is no overriding legal obligation to retain it.

8. Third Parties & Data Sharing

We do not share your personal data with third parties, except in the following limited circumstances:

• Service providers — trusted providers who assist with our operations (e.g. email delivery, calendar booking) and who are bound by data processing agreements.
• Legal requirements — if required by law, court order, or a competent supervisory authority.
• Business transfers — in the event of a merger or acquisition, data may be transferred to a successor entity under equivalent protections.

All data remains within the European Union or is transferred under appropriate safeguards in accordance with Chapter V GDPR.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access — to obtain a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate data corrected without undue delay.
• Right to erasure — to request deletion of your data where there is no overriding legal basis for retention.
• Right to restriction — to limit how we process your data in certain circumstances.
• Right to data portability — to receive your data in a structured, commonly used format.
• Right to object — to object to processing based on legitimate interests.
• Right to withdraw consent — at any time, for processing based on consent (e.g. newsletter).

To exercise any of these rights, contact us at hello@axionly.io. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian data protection authority:

10. Contact

For any questions or requests regarding this Privacy Policy:

This policy may be updated from time to time. The date at the top of this page reflects when it was last revised. Continued use of the website after an update constitutes acceptance of the revised policy.