Trust

Security

How we protect your data and your users.

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • Secrets stored in a dedicated secrets manager — never in environment variables or code

Access control

  • JWT authentication with short-lived tokens and refresh rotation
  • Role-based access: viewer, editor, admin per workspace
  • MFA enforced for all internal Axonave engineers
  • Short-lived, scoped credentials for all production access

Monitoring & audit

  • Full audit log of all write operations — who changed what, when
  • Anomaly detection alerts for unusual access patterns
  • Uptime monitoring with <5-minute alert SLA
  • Automated dependency scanning on every pull request

Incident response

  • 24-hour initial response SLA for critical vulnerabilities
  • Responsible disclosure programme (see below)
  • Post-mortems published for all P0 incidents

Responsible disclosure

If you discover a security vulnerability in PathPilot, please report it responsibly. Do not exploit it or disclose it publicly until we've had a chance to address it.

Email: security@axonave.com
We aim to acknowledge all reports within 24 hours and provide a resolution timeline within 72 hours.

Questions? Contact us