AAxon Suite
Book a demo

Legal

Privacy Policy

Last updated: 11 June 2026 · Effective: 11 June 2026

1. Who we are

AXON Suite (the "Service") — including the web platform and the AXON mobile apps (collectively the "Apps") — is provided by Axon Suite ("we", "us", "our"), based in Amman, Jordan. We are the data controller for personal data processed by the Service, unless you use it as part of an organization that has licensed AXON Suite from us — in which case your organization is the data controller, and we act as a data processor on its behalf.

2. Scope of this policy

This policy applies to personal data we process when you:

  • Browse our marketing website.
  • Sign in to or use the AXON Suite web platform — the ERP workspace covering finance, sales, inventory, purchasing, and related modules.
  • Install or use the AXON field-ops mobile app, used by sales reps and delivery teams.
  • Install or use the AXON customer mobile app, used by your end customers to browse and place orders.
  • Communicate with our support team about the Service.

Some sections below describe data or permissions that apply to specific products only (for example, location and delivery-proof features are field-ops-only). Each section identifies which product it covers.

3. Data we collect

3.1 Account & identity

  • Name, email address, phone number, role, profile photo (optional).
  • The organization (tenant) you belong to and your permissions within it.

3.2 Operational data you create or interact with

  • Customer records, sales orders, quotes, invoices, payments, shipments, visits, inventory movements, returns, and any notes/attachments you add.
  • Signatures and photos captured during field operations (delivery proof, condition checks) — via the field-ops app.

3.3 Location data

When you grant permission on the field-ops app, the Service collects your device's precise location to enable field-ops features (visit tracking, customer check-ins, geo-tagged deliveries). Location is only collected while the app is in use (in the foreground) — we do not track your location in the background. You can revoke this permission at any time in your device settings; some features will then be disabled. The web platform and the customer app do not collect precise location.

3.4 Device & technical data

  • Device model, operating system version, app/browser version, language, time zone.
  • Installation and session identifiers used only for crash deduplication and to keep you signed in — not advertising. We do not collect the Android Advertising ID or iOS IDFA.
  • Diagnostic logs and crash reports (collected via Sentry).
  • Approximate IP-derived location for security and abuse prevention.

3.5 Bluetooth peripherals (field-ops app)

If you pair a thermal printer with the field-ops app, we record the peripheral's name and MAC address on your device so the app can reconnect. This data stays on your device unless you explicitly share it with support for troubleshooting.

3.6 Cameras & photos

When you grant permission, the mobile apps can use your camera to scan barcodes (field-ops app), capture delivery proof (field-ops app), or attach photos to records. The web platform uses your browser's native file picker when you choose to upload images. We don't access your photo library unless you explicitly select files.

3.7 Notifications

The field-ops app uses Firebase Cloud Messaging to send you operational push notifications (assigned visits, urgent alerts, etc.). The customer app uses push notifications for order status updates. The web platform delivers operational notifications in-app and via email. You can disable mobile push notifications in your device settings and manage email preferences in your account settings.

4. How we use your data

  • Provide the service — sign in, sync your data, route work, generate documents.
  • Improve reliability — diagnose crashes, performance, and offline-sync issues.
  • Security & abuse prevention — detect unauthorized access and rate-limit suspicious activity.
  • Compliance — meet tax, accounting, and regulatory requirements for documents your organization generates.
  • Communicate with you — service notifications, security alerts, support replies. We never send marketing email unless you opt in separately.

We do not sell personal data, and we do not use it for advertising or behavioral profiling.

5. Legal bases (GDPR)

  • Contract — performing the agreement between you/your organization and us.
  • Legitimate interest — reliability, security, and limited diagnostics.
  • Consent — optional permissions (location, camera, notifications).
  • Legal obligation — keeping records required by tax/accounting laws.

6. Sharing and disclosures

We share data only with:

  • Your organization — administrators in your tenant can see records you create.
  • Subprocessors who help us operate the Service. We host and process personal data in the European Union:
    • Cloud hosting and email delivery — Amazon Web Services.
    • Crash and performance diagnostics — Sentry.
    • Push notifications (mobile apps only) — Google Firebase.

    A current list of subprocessors and the jurisdictions they operate in is available on request to privacy@axon-suite.com.

  • Authorities — if required by law, valid legal process, or to protect rights, property, or safety.
  • Acquirers — in a merger, acquisition, or asset sale (with notice to you).

7. Data retention

  • Account data — for as long as your account is active. Deactivated accounts are marked inactive and can be deleted on request, typically within 90 days, subject to legal retention obligations.
  • Operational records (invoices, shipments, etc.) — retained per your organization's policy and applicable law (often 7–10 years for tax records).
  • Diagnostic logs — typically up to 90 days.
  • Backups — encrypted, rotated, retained up to 7 days.

8. Security

  • Encrypted in transit (TLS) and at rest.
  • Strict multi-tenant isolation — your data is scoped to your organization and only reachable by your users.
  • Short-lived authenticated sessions with automatic timeout and login rate limiting.
  • Every change is recorded with who and when, with optimistic concurrency to prevent silent overwrites.
  • Continuous error and anomaly monitoring, with encrypted automated backups and cross-region disaster recovery.
  • Internal access to production data is limited to authorized engineers on a need-to-know basis.

No system is 100% secure — please use a strong password and report any suspected unauthorized access to security@axon-suite.com.

9. Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (subject to legal/contractual retention limits).
  • Restrict or object to certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time (for permission-based features).
  • Lodge a complaint with your local data protection authority.

Request these by emailing privacy@axon-suite.com. We respond within 30 days.

10. Children

The Service is intended for use by employees and contractors of business customers. It is not directed at children under 16 and we do not knowingly collect their data.

11. International transfers

We are headquartered in Jordan. When we transfer personal data outside its origin jurisdiction, we use Standard Contractual Clauses and supplementary safeguards required by applicable law (UK IDTA, EU SCCs, etc.).

12. Changes to this policy

We'll post a notice in the Service at least 30 days before material changes take effect. The "Last updated" date at the top reflects the current version.

13. Contact us

Axon Suite
Amman, Jordan
Privacy inquiries: privacy@axon-suite.com
Security issues: security@axon-suite.com