Security practices for the Axon platform

Axon applies layered technical and operational controls to protect service availability, tenant isolation, and data confidentiality.

Security is built into authentication, authorization, route-level guardrails, audit logging, and operational workflows.

Axon supports session-based authentication and multi-factor authentication (MFA), with organization-level policy controls.

Role-based permissions and scoped authorization are used to limit access to the minimum required actions.

We use secure transport, scoped backend access patterns, and tenant-aware data checks designed to prevent cross-organization data access.

Privileged operations are logged to support traceability and security review workflows.

State-changing APIs are protected by origin checks, app-check verification, authenticated identity checks, and payload validation.

Additional safeguards such as rate limiting and abuse controls are used for sensitive endpoints.

We monitor service behavior and investigate suspicious activity, operational failures, and potential security issues.

When required, we notify affected customers in line with legal and contractual obligations.

Customer organizations are responsible for account hygiene, role assignment, and secure handling of credentials within their teams.

Customers should promptly report suspected compromise, abuse, or unauthorized access.

To report a security concern, contact us using the email listed below with relevant details and reproduction context.