How Axiom.ai Protects Your Data
Protecting your data is a high priority for us here at Axiom.ai. We store the code to run your automations, not the data that you process with them. Your data is your own and is never stored, sold, or used to train AI models.
Let's dive into how your data has been handled within your automations, what is stored and what is not stored as well as how to ensure that your use of Axiom.ai in your projects complies with any regulations that your organisation may be required to adhere to.
For more details on specifics, see our privacy policy (opens new window).
# How step data is stored
When you create an automation, we store the data for the steps that make up your automation. This includes any of the settings that you have enabled within your automation. For example, if you have an "Enter text" step in your automation that is set to input the text "Hello, World!", we are going to store the text and any of the other options that you have enabled. In the exported automation, this will appear in the params of the step as follows:
{
"collapsible": 0,
"configurable": true,
"default_value": "",
"description": ["Input the text to enter."],
"help": [],
"image": "h-text-input",
"name": "Text",
"type": "long_text_required",
"value": "Hello, World!"
}
If you have used a data token within the step, you will see this here, too. This data, along with all other steps, are stored within our cloud services ensure availability when you need them - your data is encrypted at rest and in transit.
If you are concerned about how your data is being stored within your automations, we recommend making use of data tokens and an external service to pass data into your automation. Going back to the example of the "Enter text" step, you could use a Read data from a Google Sheet step to read in the data that you wish to enter in the textfield, when exporting your automation, you would only see the data token that you have input into the step.
# Exporting your automations
When contacting our support team it is quite common for us to ask for a copy of your automation so that we can assess it for any issues that you are experiencing. For additional security purposes, we limit internal access to your automations. When requesting a copy of your automation we are aware that there are times when you may be hesitant to share due to the sensitivity of the data that you are working with - unless shared with us, we will not have access to the data that you are working with apart from the data that you have stored in steps. We will not have access to the Google or Excel sheets that you are using.
If your automation contains credentials, we would recommend removing these - we generally recommend storing these elsewhere regardless of whether or not you are sharing your automation. There are instances where we may need additional access but we will discuss this with your directly in the event of contacting our team. If there are credentials present in the automation when shared, our team will always request permission before running the automation - but would always rather a test account be set up for the team where possible.
# How processed data is stored
Understanding how data is stored when being processed by an automation is key to ensuring that you have met the information security requirements that you may have for your project.
# Running your automations locally
When you make use of the desktop application to run your automations locally the data that you process with your automation will never leave your local computer, or server - unless you have steps specifically to send this data. This can be massively beneficial when you are working with sensitive data that is not shareable outside of your organisation, for example, when working with PII or medical data. If required, the Axiom.ai desktop application can be installed on a server to be used.
# Running in the cloud
When running in the cloud, we only store the data that is processed by your automation for the amount of time that your automation runs. Once your run has finished, no matter what the state of that finish is, the data will be erased from the "pod" that your automation has run in. Your automation is only able to access data that has been created during the run.
# Things to note
It's important to note that Run Reports will be stored for each run and this data is stored within Axiom.ai's servers. In the event of your automation running into an error, it's possible that some data could be included in these error messages. For example, if a "Click element" step is unable to find the selector that you have selected, this selector may be included in the error message.
Similarly, if you make use of the Add error metadata step and include your data, or data tokens, in this field, then this will be included in the Run Reports. An alternative to this may be to use the Send an email or Trigger webhook to catch errors and report them to your own systems rather than let the automation run into errors. See our documentation on handling errors for more tips. You could also make use of the API to pass in credentials, if you are on an appropriate Axiom.ai plan.
# Third-party services
We provide a few steps that allow you to directly interact with third-party services, such as:
- OpenAI (ChatGPT)
- Zapier
- Google Sheets
- Microsoft Excel
When you use any of these steps to interact with these services, the data that you set to be shared with this service will be shared to provide the service. For example, the prompt that you input into the ChatGPT steps will be shared, along with your API key that has been set within the step or in the settings. You should refer to their privacy policies for more details on how your data is managed within those services.
We do not share any usage data with these service providers, only the data required to perform the action, and the data that you have input.
# Connecting your accounts
To allow you to make use of certain steps, you have the ability to connect certain accounts to your Axiom.ai account. For example, you can connect your Google or Microsoft (work or school) account to be able to use their respective steps. When you use this feature to connect to your account, you will be prompted to use their native login flow to connect your account - when you do this, we do not store your login credentials. These services provide us with an access token that can be used to interact with these services.
Note, as part of their security features, these services can revoke these access tokens at any point for reasons that they do not publish.
# Storing API keys
Some services that we allow you to interact with within your automations require an API key to be used, these can be stored within the automation itself but we would recommend storing these in our "External API keys" section within your account. These keys are encrypted at rest and in transit within our systems, ensuring that they remain private and only for your use. When used within a step, this will not be included in the export of your automation.
# Storing cookies
The Store cookies feature allows you to sync your local cookies with your automation to carry them over to your cloud browser session, this can be massively beneficial to carry over login sessions. These cookies are encrypted and will not be included in the export of the automation.
# Regulatory compliance
Axiom.ai always strives to protect your data in line with information security standards and regulations, and has a Cloud App Security Assessment (CASA) (opens new window) Tier II certification. However, if your organisation requires you to adhere to specific standards and regulations while using third-party services, there are still methods of using Axiom.ai within these limits.
As discussed above in Running your automations locally, your data never leaves your device or network when being process on a locally run automation. Only the data stored in the steps themselves will be stored by Axiom.ai. This means that you can maintain compliance with local regulations such as HIPAA (US), GDPR (EU), DPA (UK), PIPEDA (CAN) and the Fair Information Processing Principles (US).
# Tips
If you are concerned with storing login credentials within your automations, consider storing them in Google Sheets and then importing them into your automation using the "Read data from a Google Sheet" step or the "Read data from an Excel" step. This would mean that they are imported each time that the automation runs rather than being stored in the automation.
Alternatively, you can use the Store cookies option within your automation to store the authentication token from sites that you are already logged into ony our desktop. For most sites, this will mean that you do not need to log into the site when your automation runs. When running locally, your automation will automatically use your local cookies. We recommend setting up notifications when using this method as your automation may run into errors if the site revokes the authentication cookie at any time.
# Wrapping up
Understanding how Axiom.ai handles your data is key to ensuring security and compliance with your organization's regulations. While we store step configuration data to keep your automations available, processed data is only stored temporarily when running in the cloud and never leaves your device when running locally. By leveraging data tokens, external storage, and local execution, you can take full control over how sensitive data is handled within your workflows.
If you have any concerns about data storage or security, we encourage you to review our privacy policy (opens new window) or reach out to our support team for further guidance.
