Privacy Policy

Axion ("we", "our", or "us") operates the platform available at https://app.axion.co.il (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Axion, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Account Information

When you register, we collect your name, email address, organization name, and password (stored as a secure hash). We also collect billing information when you subscribe to a paid plan.

2.2 Connected Third-Party Services

To provide our analytics and automation features, you may connect Axion to third-party services. When you do, we receive and store credentials and data from those services:

• Google Services — via Google OAuth 2.0 we may access Google Search Console (site performance data), Google Analytics 4 (traffic and conversion data), and Google Sheets (for report export). We request only the minimum scopes necessary for the features you use.
• Google Ads — campaign performance, budget data, and ad metrics for accounts you explicitly connect.
• Meta Ads (Facebook / Instagram) — campaign performance and audience data for ad accounts you connect.
• WooCommerce / Shopify — order counts, revenue data, and product information from stores you connect.
• CRM systems — lead and contact data from CRM integrations you configure.

We only access data that is necessary to provide the features you have enabled. You can disconnect any integration at any time from the Integrations page.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, IP address, and timestamps. This data is used to improve the Service and diagnose issues.

2.4 Website Data (via the Axion Script)

If you install the Axion AutoFix JavaScript snippet on your website, it applies pre-approved SEO changes to your site's DOM. The script does not collect visitor data and does not set cookies on your visitors' browsers.

• To provide, operate, and improve the Service
• To generate SEO and marketing insights and recommendations for your account
• To send transactional emails (account confirmation, billing receipts, alerts)
• To respond to support requests
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell, rent, or trade your personal data or your connected third-party data to any third party for advertising or marketing purposes.

Axion's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request Google OAuth scopes that are necessary for features you explicitly enable.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google data unless you have given us explicit permission, it is necessary for security purposes, or it is required by law.
• We do not transfer Google user data to third parties except as necessary to provide the Service (e.g., a database provider under a data processing agreement).
• You can revoke Axion's access to your Google account at any time through your Google Account permissions page or from the Integrations settings in Axion.

We retain your account data for as long as your account is active. Connected third-party data (analytics, ads, etc.) is retained for up to 24 months to power trend analysis, unless you disconnect the integration or delete your account, in which case it is deleted within 30 days.

Backup copies may be retained for up to 90 days in encrypted cold storage before permanent deletion.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for credentials, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

API credentials and OAuth tokens are stored encrypted and are only decrypted in memory during an active API request.

We may share your information with:

• Service providers — cloud hosting, database, email delivery, and payment processors who process data on our behalf under data processing agreements.
• Legal requirements — when required by law, court order, or to protect the rights and safety of Axion or others.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with advance notice provided to affected users.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing
• Data portability (receive your data in a structured format)
• Withdraw consent at any time

To exercise any of these rights, contact us at privacy@axion.co.il. We will respond within 30 days.

You may delete your account and all associated data at any time from Settings → Account.

Axion uses strictly necessary session cookies for authentication (e.g., next-auth.session-token). We do not use third-party tracking cookies or advertising cookies. You can configure your browser to refuse cookies, but this may affect the functionality of the Service.

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at privacy@axion.co.il.

Axion is operated from Israel. Your data may be stored and processed in Israel or other countries where our service providers operate. Israel has been granted adequacy status by the European Commission. For transfers to other countries, we rely on Standard Contractual Clauses or other appropriate safeguards.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice in the Service at least 14 days before the change takes effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

For questions, data requests, or concerns about this Privacy Policy, please contact: