๐ New 2026 HIPAA Security Rule changes are here. Download the Free 2026 HIPAA Compliance Checklist โ
AXIS CloudSync ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud file sync and storage service. If you use AXIS CloudSync to handle Protected Health Information (PHI) under HIPAA, please also review Section 5 and contact us to execute a Business Associate Agreement.
When you register for AXIS CloudSync, we collect your name, email address, organization name, and billing information. This information is required to create and maintain your account.
AXIS CloudSync stores the files and data you upload to the service. We do not access, review, or use your files for any purpose other than providing the service, except as required by law or described in this policy.
We collect information about how you use the service, including log data (IP addresses, browser type, pages visited, timestamps), device information, and sync activity. This data is used to operate, improve, and secure the service.
We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings, though disabling cookies may affect service functionality.
We use your information to provide, maintain, and improve AXIS CloudSync, process transactions, send service-related communications, and respond to support requests.
We use account and usage data to detect and prevent fraud, unauthorized access, and other security incidents. Audit logs are maintained to support your compliance obligations under HIPAA, SOX, SEC, and other applicable regulations.
We may send you service announcements, security alerts, and administrative messages. With your consent, we may also send marketing communications about new features or products. You can opt out of marketing emails at any time.
We may use or disclose your information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
We share information with third-party vendors and service providers who perform services on our behalf, such as payment processing, data hosting, and customer support. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
AXIS CloudSync is powered by Axcient x360Sync infrastructure. Axcient processes data on our behalf as a sub-processor under appropriate data processing agreements. Axcient's data centers are SOC 2 certified.
If AXIS CloudSync is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
We may disclose your information if required to do so by law or in response to valid legal process, including to meet national security or law enforcement requirements.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
All files stored in AXIS CloudSync are encrypted at rest using 256-bit AES encryption. All data transmitted between your devices and our servers is encrypted in transit using TLS 1.2 or higher.
Access to your data is restricted to authorized personnel who need it to operate and support the service. We enforce role-based access controls and require multi-factor authentication for administrative access.
In the event of a data breach that affects your personal information, we will notify you as required by applicable law, including HIPAA Breach Notification Rule requirements where applicable.
You are responsible for maintaining the security of your account credentials. We recommend enabling two-step authentication, using a strong unique password, and promptly reporting any suspected unauthorized access.
If you use AXIS CloudSync to store or process Protected Health Information (PHI) on behalf of a Covered Entity, a Business Associate Agreement (BAA) is required under HIPAA. BAAs are included on the Franchise plan ($18/user/mo) and above. Contact us at [email protected] to request a BAA.
We handle PHI in accordance with our BAA and applicable HIPAA requirements. We do not use or disclose PHI except as permitted by our BAA and HIPAA. PHI is encrypted at rest and in transit using the same standards described in Section 4.
We apply the HIPAA minimum necessary standard when accessing PHI for operational purposes. Access to PHI is logged and auditable through the AXIS CloudSync audit log system.
We retain your files and account data for as long as your account is active or as needed to provide the service.
Upon account termination, we will delete your files and personal data within 30 days, unless we are required to retain it for legal or compliance purposes. Audit logs may be retained for up to 7 years to support regulatory compliance obligations.
Files you delete are moved to a recycle bin and permanently deleted after the retention period configured by your administrator (default: 30 days). Version history is retained for the period configured by your administrator.
You may request a copy of the personal information we hold about you. You can export your files at any time through the AXIS CloudSync web portal or desktop client.
You may request that we correct inaccurate personal information. You can update most account information directly in your account settings.
You may request deletion of your personal information. Note that some information may be retained as required by law or for legitimate business purposes such as fraud prevention.
You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at [email protected].
For questions about this Privacy Policy or our data practices, contact our Privacy Team at [email protected]. For HIPAA-specific inquiries or to request a BAA, use the same address and include 'BAA Request' in the subject line.
AXIS CloudSync Privacy Team c/o The Brass Effect United States
This Privacy Policy may be updated periodically. We will notify you of material changes by email or by posting a notice on our website. Continued use of AXIS CloudSync after changes take effect constitutes acceptance of the updated policy.