PRIVACYPOLICY
PIPEDACOMPLIANT
TORONTOONTARIO · CANADA
UPDATEDAPRIL 2026

PRIVACY

Your data belongs to you — always. CASTLE is deployed on your hardware. AXE has zero access to your operational data. PIPEDA compliant by design, not by policy.

SCROLL

Privacy Policy

Last updated: April 2026

01

Introduction

AXE Technology Inc. ("AXE", "we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect information when you use CASTLE and our services.

We are a Canadian company subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. We take our obligations under these laws seriously and have designed our products and services with privacy at their core.

02

Data Custody Commitment

AXE was founded on a simple principle: your data belongs to you and should never leave your control. Our architecture reflects this commitment at every level.

  • Your data never leaves your infrastructure
  • CASTLE runs on your hardware — we do not host customer data
  • No data is transmitted to AXE servers during normal operation
  • Air-gapped deployments are available for classified environments

Unlike cloud-dependent AI platforms, CASTLE is deployed entirely within your network perimeter. Your models, your data, your prompts, and your outputs remain on premises at all times. AXE has zero access to your operational data unless you explicitly grant it.

03

What We Collect from Website Visitors

When you visit our website or interact with our online services, we may collect the following information:

  • Contact form submissions, including your name, email address, organization, and role
  • Website analytics data, which is anonymized and does not use tracking cookies
  • Bootcamp and event registration information

We do not collect:

  • Browsing history or page-by-page navigation patterns
  • Device fingerprints or hardware identifiers
  • Cross-site tracking data or third-party advertising cookies
04

What CASTLE Collects on Customer Infrastructure

When deployed on your infrastructure, CASTLE generates the following data — all of which remains entirely under your control:

  • Inference logs, stored locally on your hardware
  • Authentication events, stored in your Atlas instance
  • Model performance telemetry, which is optional and customer-controlled

All data generated by CASTLE remains on customer premises. AXE has no access to this data unless explicitly granted by the customer through a documented support agreement.

05

How We Use Information

Information we collect is used solely for the following purposes:

  • Website form data: to respond to your inquiries, schedule bootcamps, and provide requested information about our products and services
  • Customer telemetry (if voluntarily shared): to improve model performance, diagnose issues, and enhance the CASTLE platform
  • Analytics data: to understand aggregate website usage patterns and improve our online presence

We never sell, rent, or share personal information with third parties for marketing purposes. We do not use your data for advertising. We do not build profiles for cross-platform targeting.

06

Data Retention

  • Website form data is retained for 24 months from the date of submission, after which it is permanently deleted
  • CASTLE deployment data is controlled entirely by the customer — AXE does not determine retention periods for on-premises data
  • Analytics data is aggregated and anonymized; no individual records are retained beyond 12 months

You may request deletion of your personal information at any time by contacting our Privacy Officer. We will process your request within 30 days.

07

Security

We employ industry-standard security measures to protect any personal information we hold:

  • All website communications are encrypted via TLS 1.3
  • Form submission data is encrypted at rest using AES-256
  • Access to personal information is limited to authorized AXE personnel on a need-to-know basis
  • We conduct regular security audits and penetration testing

For comprehensive information about our security posture, certifications, and compliance standards, see our Trust Center.

08

Your Rights Under PIPEDA

As a Canadian company, we respect and uphold your rights under the Personal Information Protection and Electronic Documents Act. You have the right to:

  • Access your personal information held by AXE
  • Request correction of any inaccurate or incomplete data
  • Request deletion of your personal information
  • Withdraw consent for data processing at any time
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, contact our Privacy Officer using the information below. We will acknowledge your request within 5 business days and respond substantively within 30 days.

09

Contact

If you have questions about this privacy policy or wish to exercise your rights, please reach out:

Privacy Officer

James Lewis

privacy@axe.observer

Toronto, Ontario, Canada

Regulatory Authority

Office of the Privacy Commissioner of Canada

www.priv.gc.ca

1-800-282-1376

10

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

/ Contact · we read every inquiry

Talk to AXE.

Demos, partnerships, government RFPs, technical questions. A person reads every form. You hear from someone — not a queue.

Inquiry type

Replies within one business day · Knox audit chain records every inquiry