1. Who We Are
Axiom Specialty Inc. ("Axiom," "we," "our," or "us") is a Delaware corporation and licensed Managing General Agent (MGA) headquartered in New York, NY. We operate Raptor, an AI risk intelligence platform, and offer AI Liability insurance products.
For questions about this policy, contact us at privacy@axiomspecialty.com.
2. What Data We Collect
Account & Organization Data
Name, work email address, and job title of users who sign up
Organization name, industry, and employee count range
Subscription and billing information (processed by Stripe — we do not store raw card data)
Workspace Telemetry Data (Google Workspace & Microsoft 365)
When you connect your workspace via OAuth, we collect the following via read-only access:
Names and categories of third-party applications authorized in your workspace (OAuth token grants)
Aggregate counts of AI-related application activity events (Drive, audit logs)
Whether AI governance groups or policy documents exist in your workspace
External file sharing counts and after-hours AI activity counts
Total number of users in the organization directory
We do not collect: email content, document content, message content, personal calendar data, contact lists, passwords, or any personally identifiable information about your employees beyond aggregate counts.
Risk Assessment Data
Responses to our AI risk questionnaire (industry, AI tool usage, governance practices)
Computed AI Risk Scores and dimension scores derived from workspace telemetry
Insurance Application Data
Business information provided when applying for AI Professional Liability coverage
This data is used solely for underwriting and policy administration purposes
Usage & Technical Data
Pages visited within the Raptor platform, feature usage, and session activity
IP address, browser type, and device information
Error logs and performance data
3. How We Use Your Data
Provide and operate Raptor — Account data, workspace telemetry, and risk scores.
Calculate your AI Risk Score — Workspace telemetry and questionnaire responses.
Underwrite and administer insurance — Insurance application data and risk scores.
Send platform notifications and alerts — Email address and risk score changes.
Billing and subscription management — Billing data via Stripe.
Improve our scoring models and product — Aggregated, anonymized telemetry only.
Fraud prevention and security — Usage and technical data.
Comply with legal obligations — As required by law.
4. Google Workspace Data - Additional Disclosures
Axiom's use of data obtained through Google Workspace APIs is limited to the practices described in this Privacy Policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.
We access Google Workspace data using read-only OAuth scopes
We do not transfer Google user data to third parties except as necessary to provide the Raptor service (e.g., secure storage in Supabase)
We do not use Google user data for serving advertisements
We do not allow humans to read Google user data unless you have given explicit permission or we are required to do so by law
You may revoke Axiom's access to your Google Workspace at any time through your Google Admin Console
5. Microsoft 365 Data - Additional Disclosures
Axiom accesses Microsoft 365 data via delegated OAuth permissions granted by your organization's admin. We access audit log data, directory information, and usage reports via read-only Microsoft Graph API scopes. The same use limitations described in Section 4 apply to Microsoft data.
You may revoke Axiom's access through your Microsoft Entra ID (Azure Active Directory) admin portal
6. Third-Party Service Providers
We share data with the following trusted service providers solely to operate our platform:
All service providers are contractually required to protect your data and may not use it for their own purposes.
7. Data Security
We implement industry-standard security measures to protect your data:
All OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption before storage
All data is transmitted over HTTPS/TLS
Database access is restricted via row-level security policies
We use service-role access controls to limit which parts of our system can access sensitive data
Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@axiomspecialty.com.
8. Data Retention
Workspace telemetry snapshots: Retained for the duration of your subscription plus 90 days following cancellation
Risk scores and assessment history: Retained for the duration of your subscription plus 90 days
Account data: Retained until you request deletion or your account is closed
Insurance application data: Retained for the duration required by applicable insurance regulations (typically 7 years)
OAuth tokens: Deleted immediately upon workspace disconnection or account cancellation
9. Your Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
The right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
The right to delete personal information we have collected about you
The right to opt out of the sale or sharing of personal information (we do not sell or share personal information for advertising)
The right to non-discrimination for exercising your privacy rights
To submit a CCPA request, email privacy@axiomspecialty.com.
California Residents (CCPA / CPRA)
Workspace telemetry snapshots: Retained for the duration of your subscription plus 90 days following cancellation
Risk scores and assessment history: Retained for the duration of your subscription plus 90 days
Account data: Retained until you request deletion or your account is closed
Insurance application data: Retained for the duration required by applicable insurance regulations (typically 7 years)
OAuth tokens: Deleted immediately upon workspace disconnection or account cancellation
Children's Privacy
Raptor is a B2B enterprise platform intended for use by organizations and their employees. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has provided us with personal data, contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and notify active customers by email for material changes. Your continued use of Raptor after any changes constitutes your acceptance of the updated policy.