Privacy Policy

Last updated: June 1, 2026

1. Introduction

Audexon ("we", "our", "us") operates the audexon.com website and audit platform. This Privacy Policy explains how we collect, use, and protect personal information when you use our services. It should be read together with our Terms of Service.

2. Information We Collect

We collect the following information:

• Account information: name, email address, and password when you sign up
• Organization information: firm name, team member details
• Engagement data: client names, trial balance data, audit procedures, findings, review notes, and documents you create within the platform
• Usage data: activity logs, page views, and feature usage for improving the product

3. How We Use Your Information

• To provide and maintain the Audexon platform
• To manage your account and organization
• To send transactional emails (invitations, password resets)
• To improve our services and user experience
• To comply with legal obligations

4. Roles & Legal Basis

For the engagement data you process through Audexon (including your clients' information), your firm is the data controller and Audexon acts as a data processor, processing that data on your instructions to provide the Service. For your own account and usage data, Audexon is the controller.

Where data protection laws such as the GDPR apply, we rely on the following legal bases: performance of our contract with you, our legitimate interests in operating and improving the Service, and compliance with legal obligations. For customers subject to such laws, a Data Processing Addendum (DPA) is available on request at support@audexon.com.

5. Data Storage and Security

Your data is stored on managed cloud database infrastructure (PostgreSQL) with row-level security that isolates each organization's data. We use HTTPS/TLS encryption for all data in transit and rely on our cloud provider's encryption at rest for the database.

For audit evidence and working-paper documents, Audexon stores links to files you host in your own cloud storage (Google Drive, OneDrive, or SharePoint) — those files remain in your control. The one exception is financial statements you upload directly to Audexon: these are stored on our managed infrastructure with per-organization access controls and are integrity-protected with a SHA-256 hash recorded at upload.

We apply role-based access controls (preparer / supervisor / partner roles), and we maintain an activity log of key actions taken on engagement data. No security measure is perfect; we cannot guarantee absolute security, but we work to protect your data using industry-standard measures.

Our database, file storage, and application hosting are provided by reputable third-party cloud providers that offer encryption at rest and robust security controls. Your data is processed in the region configured for our infrastructure; where data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required by applicable law. A current, named list of our sub-processors — with their roles and regions — is available on request and forms part of our Data Processing Addendum.

6. Data Sharing & Sub-processors

We do not sell, rent, or trade your personal information. We share it only with:

• Service providers / sub-processors: trusted third-party providers for database infrastructure and file storage, application hosting, and transactional email. They process data only on our instructions and under appropriate confidentiality and security obligations. A current, named list of our sub-processors is available on request and forms part of our Data Processing Addendum.
• Legal requirements: where required by law, regulation, or valid legal process

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law or regulation. You may request earlier deletion of specific engagements unless retention is required by law or by our legitimate interests.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data

To exercise these rights, contact us at support@audexon.com.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at support@audexon.com.