Last updated: 2026-04-08
AxiomCausal operates the website axiomcausal.com and the isolated HQ service at axiomcausal.cloud. This Privacy Policy describes how we collect, use, and protect personal data in the context of the public commercial site and the procurement review process. It does not describe the data processing performed inside an AxiomCausal deployment at a client site — that processing is governed by a separate Data Processing Agreement (DPA) between the client institution and AxiomCausal.
The commercial site collects personal data only through the procurement review form, the email verification flow, the client portal lookup, and the planned lead-magnet and discovery-call forms. The data collected is strictly limited to what is necessary to evaluate a procurement request and respond to it:
We do not use third-party cookies on the commercial site. We do not run advertising pixels. We do not operate tracking beyond a self-hosted, privacy-preserving analytics instance (Plausible, self-hosted) that records aggregate page views and referrers without personal identifiers.
We process personal data submitted through the procurement review form on the basis of the pre-contractual steps necessary to respond to the request (GDPR Article 6(1)(b)) and our legitimate interest in evaluating and responding to commercial inquiries (GDPR Article 6(1)(f)). For Swiss prospects, the equivalent legal bases under the Swiss Federal Act on Data Protection (FADP) apply.
Submitted data is used exclusively to: (i) qualify the procurement request commercially, technically, and operationally; (ii) produce a written response to the prospect through the contact details provided; (iii) maintain an internal audit trail of procurement requests for compliance and accountability.
We do not sell, rent, or trade personal data. We do not share submitted data with advertising networks or marketing analytics services. We do not use submitted data for automated profiling or automated decision-making within the meaning of GDPR Article 22.
Procurement request data is stored in a PostgreSQL database hosted on Railway, within the European Economic Area where possible. The HQ isolated service enforces append-only audit semantics on sensitive operations. Procurement request records are retained for the duration of the commercial evaluation and for a period of up to twenty-four (24) months after the last contact, after which they are archived or deleted.
If you are a natural person in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you have the right to:
To exercise any of these rights, contact us at contact@axiomcausal.com. We respond to requests within thirty (30) days.
Our infrastructure is hosted on Railway. Where hosting occurs outside the European Economic Area, appropriate safeguards including Standard Contractual Clauses apply. Client deployments are, by design, on-premise or in the client's own cloud environment; no client data transits our infrastructure.
Access to procurement data is restricted to authorized personnel through multi-factor authentication on the isolated HQ interface. The HQ audit spine is append-only and protected by a database-level trigger. Physical security and operational security of the hosting environment are the responsibility of the hosting provider (Railway).
We may update this Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. The date at the top of this page indicates when it was last updated.
For any question regarding this Privacy Policy or our data processing practices, contact us at contact@axiomcausal.com.