Axon will not disclose Customer Content except as compelled by a court or administrative body or required by any law or regulation. Axon will notify Customer if any disclosure request is received for Customer Content so Customer may file an objection with the court or administrative body.
Customer's Access and Choice
Customer can access Customer's tenant to manage Customer Content.
Within the scope of Axon's authorization to do so, and in accordance with Axon's commitment under the Privacy Shield, Axon will work with Customers to provide access to Personal Data about Customer that Axon or Sub-processors holds. Axon will also take reasonable steps to enable Customers to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.
If at any time after registering an account on Axon Cloud Services you desire to update Personal Data you have shared with us, change your mind about sharing Personal Data with us, desire to cancel your Customer account, or request that Axon no longer use provided Personal Data to provide you services, please contact us at email@example.com. We will retain and use Personal Data for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
Customers can opt-out of tracking on Axon Cloud Services by disabling cookies or preventing Customer's browser from accepting new cookies. To prevent data collected specifically by Mixpanel, users can visit https://mixpanel.com/optout/ to opt out. To opt out of mapping and geolocation functionality, users can block network or device access to *.mapbox.com. To opt out of Axon Client Application crash reporting, users can block network or device access to *.crashlytics.com.
Data Security Measures
Axon is committed to help protect the security of Customer Data. Axon has established and implemented policies, programs, and procedures that are commercially reasonable and in compliance with applicable industry practices, including administrative, technical and physical safeguards to protect the confidentiality, integrity and security of Customer Content and Non-Content Data against unauthorized access, use, modification, disclosure or other misuse.
Axon will take appropriate steps to ensure compliance with the data security measures by its employees, contractors and Sub-processors, to the extent applicable to the respective scope of performance.
Customer Content and Non-Content Data is encrypted in transit over public networks. Customer Content is encrypted at rest in all Axon Cloud Service regions.
Axon protects all Customer Content and Non-Content Data with strong logical access control mechanisms to ensure only users with appropriate business needs have access to data. Third-party specialized security firms periodically validate access control mechanisms. Access control lists are reviewed periodically by Axon.
As Evidence is ingested into Axon Cloud Services, a Secure Hash Algorithm (“SHA”) checksum is generated on the upload device and again upon ingestion into Axon Cloud Services. If the SHA checksum does not match, the upload will be reinitiated. Once upload of Evidence is successful, the SHA checksum is retained by Axon Cloud Services and is made viewable by users with access to the Evidence audit trail for the specific piece of Evidence. Tamper-proof audit trails are created automatically by Axon Cloud Services upon ingestion of any Evidence.
Axon takes a comprehensive approach to ensure the availability of Axon Cloud Services. Axon replicates Customer Content over multiple systems to help to protect against accidental destruction or loss. Axon Cloud Services systems are designed to minimize single points of failure. Axon has designed and regularly plans and tests its business continuity planning and disaster recovery programs.
Axon logically isolates Customer Content. Customer Content for an authenticated customer will not be displayed to another customer (unless Customers explicitly create a sharing relationship between their tenants or shared data between themselves). Centralized authentication systems are used across an Axon Cloud Service region to increase uniform data security.
Additional role-based access control is leveraged within Customer’s Axon Cloud Service tenant to define what users can interact with or access Customer Content. Customer solely manages the role based access control mechanisms within its Axon Cloud Services tenant.
Within the Axon Cloud Services supporting infrastructure, access is granted based on the principle of least privilege. All access must be approved by system owners and undergo at least quarterly user access reviews. Any shared computing or networking resource will undergo extensive hardening and is validated periodically to ensure appropriate isolation of Customer Content.
Non-Content Data is logically isolated within information systems such that only appropriate Axon personnel have access.
Axon personnel are required to conduct themselves in a manner consistent with applicable law, the company’s guidelines regarding confidentiality, business ethics, acceptable usage, and professional standards. Axon personnel must complete security training upon hire in addition to annual and role-specific security training.
Axon personnel undergo an extensive background check process to the extent legally permissible and in accordance with applicable local labor laws and statutory regulations. Axon personnel supporting Axon Cloud Services are subject to additional role-specific security clearances or adjudication processes, including Criminal Justice Information Services background screening and national security clearances and vetting.
If Axon becomes aware that Customer Data has been accessed, disclosed, altered, or destroyed by an unlawful or unauthorized party, Axon will notify relevant authorities and affected customers.
Within 48 hours of an incident confirmation, Axon will notify Customer administrators registered on Axon Cloud Services. Authorities will be notified through Axon's established channels and timelines. The notification will reasonably explain known facts, actions that have been taken, and make commitments regarding subsequent updates. Additional details are available in the Axon Cloud Services Security Incident Handling and Response Statement.
Data Portability, Migration, and Transfer Back Assistance
Evidence uploaded to Axon Cloud Services is retained in original format. Evidence may be retrieved and downloaded by Customer from Axon Cloud Services to move data to an alternative information system. Evidence audit trails and system reports may also be downloaded in various industry-standard, non-proprietary formats.
In the event Customer’s access to Axon Cloud Services is terminated, Axon will not delete any Customer Content during the 90 days following termination. During this 90-day period, Customer may retrieve Customer Content only if Customer has paid all amounts due (there will be no application functionality of the Axon Cloud Services during this 90-day period other than the ability for Customer to retrieve Customer Content). Customer will not incur any additional fees if Customer downloads Customer Content from Axon Cloud Services during this 90-day period. Axon has no obligation to maintain or provide any Customer Content after the 90-day period and will thereafter, unless legally prohibited, delete all Customer Content stored in Axon Cloud Services. Upon written request, Axon will provide written proof that all Customer Content has been successfully deleted and removed from Axon Cloud Services.
Axon will provide Customer with the same post-termination data retrieval assistance that is generally made available to all customers. Requests for additional assistance to Customer in downloading or transferring Content will result in additional fees and Axon cannot warrant or guarantee data integrity or readability in the external systems.
Data Retention, Restitution, and Deletion
Axon maintains internal disaster recovery and data retention policies in accordance with applicable laws and regulations. The disaster recovery plan relates to Axon's data and extends to Axon Cloud Services and Customer Content stored within. Axon's data retention policies relate to Axon's Non-Content data. Axon's data retention policies instruct for the secure disposal of Non-Content Data when such data is no longer necessary for the delivery and support of Axon product and services and in accordance with applicable regulations. As outlined below, Customer is responsible for adhering to its own retention policies and procedures.
Customer defines Evidence retention periods pursuant to Customer’s internal retention policies and procedures. Customer can establish its retention policies within Axon Cloud Services. Therefore, customer controls the retention and deletion of its Evidence within Axon Cloud Services. Axon Cloud Services can automate weekly messages summarizing upcoming agency-wide deletions to all customer Axon Cloud Services administrators. Customer users can receive a weekly message regarding Evidence uploaded within their user account to protect against accidental deletions. Customer can recover Evidence up to 7 days after Customer queues such Evidence for deletion. After this 7-day grace period, Axon Cloud Services initiates deletion of Evidence. Data deletion processing may occur asynchronously across storage systems and data centers. During and after data deletion processing, Evidence will not be recovered or recoverable by any party.
As outlined herein, Axon is committed to maintaining compliance with relevant security and privacy standards to ensure the continued security, availability, integrity, confidentiality, and privacy of Axon Cloud Services and Customer Data stored within.
In addition to the security efforts outlined herein, Axon will maintain its ISO/IEC 27001:2013 certification or comparable assurances for Axon Cloud Services. Customers may review the certificate.
Axon will maintain, during the term of the Agreement, a cyber-insurance policy and will furnish certificates of insurance following Customer's written request.
How to Contact Us
Axon commits to resolve complaints about Customer privacy and use of Axon Products. Complaints surrounding this Policy can be directed to Customer's local Axon representative or firstname.lastname@example.org. If Customer has any questions or concerns regarding privacy and security of Customer Content or Axon's handling of Customer's Personal Data under Privacy Shield, please contact email@example.com.
If Customer is an EU citizen and we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if Axon fails to acknowledge Customer's complaint in a timely fashion, Customer can contact the relevant EU Data Protection Authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC). In certain circumstances, the Privacy Shield provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles in each of the Privacy Shield Frameworks. Axon is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.