Security & Trust
Last updated: 8 June 2026
How Axively stores, processes and protects your data. This page summarises the key facts; full legal detail is in our Privacy Policy.
Data residency
Your data stays in the European Union. Our application servers and the PostgreSQL database run on a single dedicated server in the Czech Republic. We do not use a separate managed database or object-storage provider.
AI processing outside the EU
Selected AI sub-processors, OpenAI (active) and Anthropic (standby), both in the USA, receive only the HTML snippets of flagged elements from your audited public website, to generate and translate fix suggestions. No e-mails, personal correspondence or visitor personal data are sent to any AI provider. See our Privacy Policy.
Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Huko.net | Application servers & PostgreSQL database | Czech Republic (EU) |
| OpenAI | AI fix suggestions and remediation translations | United States |
| Anthropic | AI fix suggestions and remediation translations (standby) | United States |
| Polar | Payment processing (Merchant of Record) | United States |
| efik.cz | Transactional email delivery | Czech Republic (EU) |
Data retention
Account data: kept for the life of your account; after closure we delete it within 90 days — only data needed to defend legal claims is kept for the 3-year limitation period. Audit data: within 90 days after account closure, or immediately on request. Inactive accounts: after 24 months without a sign-in we notify you and then delete or anonymize the account. Billing and tax records: 10 years (legal obligation). Logs: 90 days.
Responsible disclosure
Found a security issue? Please report it to security@axively.com. We aim to acknowledge reports within 72 hours. Please don't publicly disclose a vulnerability until we have had a chance to address it.