Legal
Privacy Policy
Axiom is built to give you an institutional view of your own money without ever putting that money at risk. This policy explains what we collect, how we use it, how we protect it, and the control you keep over it.
Who we are
Axiom is operated by Helios Collective, Inc. ("Helios," "we," "us"), a Nova One Capital company. This policy applies to all data collected from or about users of the Axiom platform, including data obtained through third-party financial-data integrations.
Information we collect
- Account & identity data — name, email, address, and single sign-on credentials.
- Financial account data — linked account details, balances, positions, and transactions, accessed through our brokerage data-connectivity providers, SnapTrade and Plaid, depending on your broker.
- Activity & audit logs — in-app actions, portfolio activity, and audit trails.
- Authentication & access logs — login events, multi-factor records, and session tokens.
- Support records — tickets and communications with our team.
- Marketing preferences — email opt-ins and communication settings.
- De-identified analytics — aggregated usage data that contains no personal information.
How we use your information
To operate and secure the platform, deliver portfolio analytics, provide support, comply with legal obligations, improve our products, and send communications you have opted into. We do not sell your personal data. We never place trades, move funds, or store your brokerage passwords.
How we protect it
Our security program (internal policy NOC-SEC-001) includes:
- All data encrypted in transit using TLS 1.2 or higher, and sensitive data encrypted at rest using AES-256 or equivalent.
- Brokerage links established via OAuth 2.0 / OIDC — you authenticate on your broker's own site; credentials are never stored in plain text.
- Tokenization in place of raw financial credentials wherever possible.
- Role-based access control (RBAC) and multi-factor authentication (MFA) for administrative access, with quarterly access reviews.
- Production isolated from development, dependency scanning in CI/CD, and a documented incident-response plan with breach-notification procedures.
How long we keep it
We retain data only as long as necessary for legal, regulatory, and operational requirements:
| Data category | Retention period |
|---|---|
| Account & identity data | Duration of account + 3 years post-closure |
| Financial account data | Duration of active link + 2 years |
| Transaction & activity logs | 7 years |
| Authentication & access logs | 2 years |
| Customer support records | 3 years post-resolution |
| Marketing & communication | Duration of consent + 1 year |
| De-identified / aggregated data | Indefinite (no personal data) |
Your rights
You may access, correct, or delete your personal data, and opt out of marketing at any time. You can disconnect any brokerage or delete your account and data in one click from within Axiom. Consumer deletion requests are honored as provided under applicable privacy law.
Regulatory compliance
This policy is designed to comply with applicable U.S. data privacy and financial recordkeeping laws, including the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA/CPRA), the Fair Credit Reporting Act (FCRA), and CAN-SPAM. It is reviewed at least annually.
Children
Axiom is intended for users 18 and older and is not directed to children.
Changes & contact
We may update this policy as our practices or the regulatory landscape change; material changes will be posted here. Questions or requests? Reach us via the contact page.