Privacy Statement

Privacy Statement

Last updated: 27 Aug 2025

Operating principle: AXIOMA implements and operates fintech infrastructure as a control-plane service. Under our standard deployment pattern we have no default access to client customer content or personal data handled by identity, biometric, or collections vendors (e.g., Shufti Pro, FACIA, CollectMaxx). Data flows are configured to run directly between the client and the selected vendor(s).

1) Who we are

AXIOMA Corporate Services (“AXIOMA”, “we”, “our”) provides implementation and managed operations for KYC/AML integrations, biometric operations governance, collections workflows, and audit evidence across Aruba, Curaçao, Sint Maarten, and Suriname.

Privacy contact: privacy@axioma-corp.com  |  +297 7440399

2) Our role

  • Processor / service provider (control-plane): We configure and operate integrations, workflows, and governance without accessing client customer content/PII by default.
  • Controller (limited): Our own business data (website, sales inquiries, recruiting, vendor due diligence) is handled as controller.

3) What we handle under the standard model

  • Configuration metadata (e.g., routing rules, thresholds, UI text, language packs).
  • System telemetry and health metrics (uptime, error codes, job status) designed to exclude PII.
  • Governance artifacts and audit evidence (control matrix, SOPs, change/incident records, decision frameworks)—structured to avoid personal data.
  • Support tickets & business contacts for client personnel (names, roles, emails/phones).
  • Anonymized/pseudonymized statistics (e.g., volumes, success/error counts) where contractually required.

4) What we do not handle by default

  • No copies of government-ID images, video captures, biometric templates, or screening records processed by vendors.
  • No direct access to customer account data used in collections content or transaction monitoring alerts.
  • No use of client production content to train any AXIOMA or third-party AI models.

5) Access exceptions (“break-glass” support)

In rare cases where client issues require deeper inspection, access may be granted under a client-approved, time-bound, audited break-glass procedure:

  • Written approval by the client’s authorized contact; scope & duration minimized.
  • Prefer redacted or synthetic/test data. If production access is unavoidable, it is session-logged and revoked upon resolution.
  • No local copies; no retention beyond ticket documentation unless required by law/contract.

6) Security & privacy-by-design

  • Zero-trust access (MFA, least privilege, SoD) to control-plane tools only.
  • Encryption in transit and at rest for managed environments and evidence stores.
  • Data minimization & retention: configuration/telemetry only; evidence retained per contract; otherwise deleted or anonymized.
  • Logging & audit trails: admin actions, change windows, incident response, and break-glass sessions.
  • DPIA/PIA support: consent, retention, and data-residency patterns built into designs.

7) Vendors and responsibility

Identity, biometric, and collections vendors typically act as direct processors to the client. Their privacy notices and DPAs govern customer content handled within those platforms. AXIOMA performs vendor due diligence and configures data paths to keep customer content out of AXIOMA systems by default.

Direct client ↔ Vendor data path
AXIOMA control-plane only

8) International transfers & residency

Deployments can be on-island or in agreed regions. Where a vendor involves cross-border transfers, the client’s DPA with that vendor applies (e.g., SCCs where applicable). AXIOMA mirrors the client’s residency choices in control-plane components.

9) Your rights

For customer content processed by vendors, please contact your institution (the controller) or the relevant vendor. For AXIOMA’s own business contact data, email privacy@axioma-corp.com.

10) Cookies & online tracking

Our website may use strictly necessary cookies and, with consent where required, analytics cookies. See our Cookie Notice.

11) Public-sector projects

Performed under confidentiality and statutory secrecy where applicable. AXIOMA does not publicly disclose sensitive details.

12) Changes to this statement

We may update this page as law or services change. Material changes will be signposted with a new “Last updated” date.

13) Contact

Questions or requests: privacy@axioma-corp.com  |  +297 7440399

Legal note: This statement reflects AXIOMA’s standard no-default-access model. Project-specific contracts and DPAs prevail where they differ.