1. General Information and Definitions
AXUR: AXUR SEGURANÇA E DEFESA CIBERNÉTICA LTDA, headquartered at Rua Mostardeiro, No. 777, room 1401, 14th floor, Rio Branco district, Porto Alegre/RS, ZIP Code 90430-001, registered with CNPJ/MF under No. 10.318.969/0001-69 (fiscal address); AXUR, INC., and AXUR, INC., a corporation incorporated under the laws of the State of Delaware, United States of America, using 601 Brickell Key Drive, Suite 901, Miami, FL 33131, USA as its virtual office and mailing address.
LEGAL BASIS: The legal foundation that legitimizes the processing of personal data for a specific purpose by Axur.
PERSONAL DATA: Information related to an identified or identifiable natural person.
PURPOSE: The reason for which Axur processes Personal Data.
PRIVACY POLICY: This document contains Axur's operational guidelines for Personal Data Processing.
PROCESSING: Any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control, modification, communication, transfer, dissemination, or extraction.
NECESSITY: The justification for which Axur processes Personal Data.
PRODUCTS/SERVICES: All events, websites, products and/or services managed, maintained, created, or marketed by Axur, including but not limited to its websites, blogs, the Axur platform, webinars, training sessions, live events, and similar offerings.
DATA SUBJECT: A natural person whose Personal Data is processed by Axur.
USER: A natural person who is at least 18 (eighteen) years old, fully capable, and uses Axur's products/services.
By accessing and/or using Axur's products/services, the user declares that they are at least 18 (eighteen) years old and have full and express capacity to accept the terms and conditions of this Privacy Policy for all legal purposes.
If the user does not meet the above description and/or does not agree, even partially, with the terms and conditions contained in this Privacy Policy, they must not access and/or use any products/services offered by Axur.
2. Personal Data Processing
Axur processes Personal Data Subjects’ data from different sources and in various ways:
1. For the formalization of proposals for the acquisition of products and services;
2. For the formalization of the acquisition or contracting of products and services;
3. For receiving information about products and services;
4. For access to Axur’s Platforms, Products, and Solutions;
5. For the execution of the Products and Solutions contracted by its Clients;
6. For compliance with legal and regulatory obligations.
When directly registering or filling out forms made available by Axur, the Data Subject may provide certain Personal Data. Additionally, Axur may also receive Personal Data through its Clients, Partners, and Suppliers. Such information will be processed exclusively for the purposes described in this Policy, observing the applicable legal bases and as specified below.
Via Contact Request Forms / Product Demonstration Forms
Data collected: First name, last name, corporate email, phone number with country and area code, country, job title, department, company name, number of employees, how the user learned about Axur, and message.
Purpose of use / data processing: If the user wishes to contact Axur to obtain more information about its products/services, Axur will need this data to respond to the user and provide assistance in the best possible manner, referencing any potential history of interactions with the company they work for.
Legal Basis: Consent.
Consent: “I have read and agree to the Terms and Privacy Policy and consent to receiving messages about new events, content, and solutions.”
Via Axur Content (blog, podcast) and resources
Axur blog articles, new e-books, new reports, offers or promotions, upcoming webinars, webinar participation information, Axur podcast, smart content (aligned with the user’s role), specialized contact (from our experts for scheduling meetings, negotiations, opportunities, etc.) and future communications.
Data collected: First name, last name, corporate email, phone number, job title, and company name.
Purpose of use / data processing: If the user wishes to subscribe to any of the content listed above, Axur will need contact details to send the requested content and notify the user of new content availability. Axur will also send marketing emails to users who provide this information and may contact them regarding products/services.
Legal Basis: Consent.
Consent: “I have read and agree to Axur’s Terms and Privacy Policy and consent to receiving messages about new events, content, and solutions.” All emails include an “unsubscribe” option. Additionally, there is a consent field where the user may indicate whether they “Would like to learn more about the Axur platform in an individual demo?”
Via WhatsApp Community
The community is a space dedicated to professionals in the cybersecurity sector and related areas, where members may share information, discuss trends, and participate in exclusive events. This group is composed of clients, partners, and professionals interested in cybersecurity, providing an environment for collaboration and networking.
Data collected: First name, last name, corporate email, company name, WhatsApp phone number, LinkedIn profile.
Purpose of use / data processing: The collected data is used to identify community members, facilitate communication, promote networking among professionals in the sector, and enable the organization and the management of relevant events and discussions within the group. Additionally, this data helps personalize participants’ experiences and ensure the security and proper functioning of the community.
Legal Basis: Consent.
Consent: The user completes the registration on Axur’s website under “Discover the CTI Community” to request access and declares: “I have read and agree to the Code of Conduct and the Axur Privacy Policy.”
Personal data collected for participation in the WhatsApp Community is not automatically deleted when the user leaves the group or is removed due to rule violations. Data deletion may be formally requested to the DPO at privacy@axur.com by requesting consent revocation. For more details, please consult the Community Code of Conduct.
Via Executives & VIPs Product
Data collected: Personal identification documents (CPF, SSN, DNI, driver’s license, passport), email addresses (personal and/or corporate), four phone numbers, four credit/debit cards, and links to official social media accounts (for automatic Safelist inclusion).
Purpose of processing: Axur uses the data submitted by the client to monitor publicly accessible sources for fraud and threats against the Executive or VIP (who are employees or partners), including the surface web, deep/dark web groups and pages, data leaks, social networks, among others. Axur only checks these sources for the data that the executive (data subject) provided directly through their employer or data provided by the client.
Additionally, links to official social media accounts are used for automatic Safelist inclusion, ensuring that Axur does not request the removal of the person’s official profile. In these cases, Axur acts as a Personal Data Processor.
Official document data, credit card details and telephone submitted via forms are encrypted, with no human interaction, and stored directly in AWS Secrets.
Legal Basis: Consent obtained by the client from its executives and contract execution.
Via Axur Platform
Data collected:
(i) Full name, corporate email, company, and industry segment. The segment is optional and may be provided by the user in accordance with monitoring rules. The corporate phone number is optional and may be provided if the user wishes to receive automated platform alerts and notifications through channels such as WhatsApp and/or SMS;
(ii) Audit logs;
(iii) Data regarding user interactions on the Platform, such as navigation, searches, and other actions. Axur also collects time spent on each page or file and device information such as browser and operating system.
Purpose of use / data processing:
(i) The data is necessary to contact the client regarding the products/services they have contracted. Additionally, the Axur Platform is accessible only to registered users. If the user does not agree to the processing of their data, they will not be able to access the platform, and the service cannot be properly provided.
(ii) Compliance with applicable legislation.
(iii) Enhancement of User Experience, service personalization, performance and functionality analysis, detection and prevention of suspicious activities such as fraud, and ensuring system integrity.
Legal Basis:
(i) Contract execution;
(ii) Compliance with legal or regulatory obligations by the controller;
(iii) Legitimate interest.
Cookies
Cookies are small file fragments or pairs of text-formatted data that may be stored on your devices when you use or access Axur’s products/services. Typically, a cookie contains the name of the originating site, its lifetime, and a randomly generated value.
Axur uses cookies to facilitate use and provide greater adaptability of its Pages/Platforms’ content to the interests and needs of data subjects. Cookies may also accelerate your activities and future experiences with the products/services.
Necessary/Mandatory Cookies
These cookies are essential for the operation of the website/Platforms and cannot be disabled in our systems. In general, they are set in response to actions taken by you, such as setting your privacy preferences, logging in, or completing forms.
Learn more about necessary cookies.
Analytical Cookies
These cookies help us understand how visitors engage with the website/Platforms. We may use a set of cookies to collect information and generate reports on website/platform usage statistics. The data collected, along with some of the advertising cookies described below, may also be used to display more relevant ads on the web and measure interactions with the advertisements we display.
Learn more about analytical cookies.
Advertising Cookies
We use cookies to make our advertisements more engaging and valuable to website visitors. Common uses include selecting ads based on user relevance, improving campaign performance reports, and preventing ads that are not aligned with the user’s interests.
Learn more about advertising cookies.
Functionality Cookies
We use a set of functionality cookies to enhance your experience. These cookies are set based on responses you provide on the Site or Platforms to personalize and optimize your experience and remember your history.
Axur will store these cookies on your device to remember them for the next session.
If you want to learn more about cookies and how to manage them in your browser, visit the following links:
If you wish to revoke cookies, simply adjust your browser settings.
3. Storage of Personal Data and International Data Transfer
Axur will store the information collected on cloud servers of service providers contracted by Axur, located in the state of Northern Virginia, United States of America, and located in the city of Frankfurt, state of Hesse, Germany. These providers are evaluated to ensure they deliver the security standards expected by Axur, ensuring that all personal data processed by Axur is kept confidential, intact, and accessible when necessary. If there is any change in the cloud hosting country, Axur will notify its clients, and such change will only be made if the new cloud provider offers the same level of security, privacy, and data protection. Additionally, the data may also be accessed by employees and clients located in other countries, maintaining an adequate level of security and in compliance with applicable laws.
Axur employs recognized and legally required measures to preserve the privacy of the data collected. It is noteworthy that Axur's suppliers adhere to standards that are equivalent to or stricter than those required by law. To this end, the following precautions are adopted:
i. When necessary, Axur uses standard and market methods to encrypt and anonymize the collected data;
ii. Axur has protection mechanisms against unauthorized access to its systems and databases; and
iii. Individuals who come into contact with the information are contractually obligated to maintain absolute confidentiality regarding any personal data they have access to, under penalty of liability, in accordance with international legislation.
Axur makes its best efforts to preserve user data privacy. Furthermore, Axur incorporates the practices of ISO 27001, ISO 27701, and TSC 2017 Section 100 into its operations. However, no website or platform is completely secure, and Axur cannot fully guarantee that all information transmitted through its pages will not be subject to unauthorized access by methods designed to unlawfully obtain information.
For this reason, we encourage users to take appropriate measures to protect themselves, such as keeping all usernames and passwords confidential.
4. Data Sharing
Like any other technology company, Axur operates in partnership with various companies to offer its services and products, all of which adhere to the same level of security and commitment. Axur may disclose the personal data collected to third parties under the following circumstances and within the limits authorized by law:
i. In the event of a merger, spin-off, acquisition, or incorporation of Axur;
ii. To deliver the product and/or service contracted by the client with Axur;
iii. When necessary to comply with a legal obligation, determination of a competent authority, or court order;
iv. With suppliers, service providers, and business partners, such as cloud hosting companies, cybersecurity firms, security companies, companies that intermediate employee benefits, among others.
5. Legal Grounds for Data Disclosure
Axur is committed to protecting the privacy and personal data of its users; however, in certain circumstances, it may be necessary to disclose such information to comply with legal requirements or to ensure the integrity of its operations. The situations in which such disclosure may occur include:
i. Compliance with legal or regulatory obligations imposed by a public authority;
ii. Cooperation with investigations by public bodies and authorities and/or for the protection of national security;
iii. Execution of contracts;
iv. Investigation and defense against third-party claims;
v. Protection of the security or integrity of the services provided by Axur.
6. Data Retention
Axur retains personal data only for the period necessary to fulfill the stated purpose. Axur adheres to retention and disposal practices in compliance with applicable laws. Data may be retained, for example, to meet regulatory or contractual obligations, defend against litigation, among other purposes.
7. What Are Data Subjects’ Rights and How to Exercise Them
Some rights are guaranteed to data subjects, in accordance with applicable legislation in the USA, Brazil and foreign law. Below we provide examples:
i. Confirmation of the existence of data processing;
ii. Access to the data;
iii. Correction of incomplete, inaccurate, or outdated data;
iv. Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data, when applicable;
v. Portability of data to another service or product provider, upon the data subject’s express request;
vi. Deletion of data processed with the data subject’s consent, upon request;
vii. Obtaining information about public or private entities with whom Axur has shared data, where legally permitted;
viii. Information about the possibility of denying consent and the consequences of such denial; and
ix. Revocation of consent.
Axur is available to fulfill data subjects’ rights upon request, which should be sent via email to privacy@axur.com. If a request for data deletion is made, and there is a need to retain such data due to legal or regulatory obligations or other legal bases, this will be communicated to the data subject.
It is important to note that Axur, as a B2B company without a direct legal relationship with data subjects in these cases, may rely on legal grounds other than consent. This does not affect your right to object or contact Axur regarding your concerns.
When Axur acts as a Data Processor and receives a request, it will forward the request to the Data Controller for a direct response within the legal timeframe or inform the data subject of this redirection.
Axur recognizes the importance of a prompt and effective response to security incidents involving personal data. According to the General Data Protection Regulation (GDPR), the communication of a security incident involving personal data that may result in a risk to the rights and freedoms of data subjects must be made to the competent supervisory authority and to the data subject without undue delay and, where possible, within 72 (seventy-two) hours of the organization becoming aware of the incident. If the notification is not made within this period, a documented justification for the delay must be provided.
8. Contact Information for the Data Protection Officer (DPO)
We are available to address any questions regarding personal data processing or requests from data subjects or competent authorities via the email privacy@axur.com.
Designated DPO: Paula Lima Zanona
Deputy DPO: Gustavo Vanderlei Meneses
Direct Email: privacy@axur.com
9. Jurisdiction and Governing Law
This Policy will be governed, construed, and enforced in accordance with the EUA and foreign laws. To resolve any dispute arising from this policy, the Parties elect the Courts of Delaware - United States of America, expressly waiving any other, however privileged it may be.
10. Policy Revisions
Axur’s Privacy Policy will be reviewed at least once every twelve (12) months, following its internal procedures or to incorporate improvements and updates. We recommend periodically reviewing this Policy.
Last updated: December 23, 2025
Previous versions: To access previous versions, please email privacy@axur.com.
06.00.01 AN - Privacy Policy - Revision December 23, 2025
