FAQ

Questions buyers and engineers actually ask

A focused FAQ for the people who evaluate, deploy, and support AXOS. Anything missing here will be answered directly during a discovery call.

Deployment and architecture

Is AXOS self-hosted or SaaS?

AXOS is self-hosted by default. Customer deployments run inside infrastructure the customer operates — on-premises, in a private cloud account, or in a sovereign region of a public cloud. ScotiTech also operates a hosted demo environment for evaluation only; it is not intended for production data.

Can AXOS run in an air-gapped or restricted-network environment?

Yes. AXOS is designed to support fully isolated deployments. External calls are off by default, and any optional outbound connectivity is opt-in and documented. Air-gap deployments are scoped during the technical review so that image distribution, updates, and support all align with your change-control process.

Which LLMs does AXOS support?

AXOS is model-flexible. You can connect to your existing Azure OpenAI, Anthropic, AWS Bedrock, Google Vertex, or compatible API endpoint. You can also run open-weight models (such as Llama-family or Mistral-family) on customer-owned GPU infrastructure when network or sovereignty rules require it. Model selection is part of the deployment scope.

What are the hardware and GPU requirements?

For workloads using a customer-hosted API model (Azure OpenAI, Bedrock, Vertex), AXOS itself runs on standard CPU-only servers. For workloads running open-weight models locally, GPU requirements depend on the chosen model. We size this during the technical review and confirm in the proposal.

Does AXOS support high availability?

Yes. AXOS components run as standard containers and can be deployed in highly available configurations against the customer load balancer, database HA, and storage replication patterns. HA topology is part of the deployment plan agreed with the customer.

Security and data handling

Does AXOS use customer data to train models?

No. AXOS does not ingest customer prompts, documents, or generated content to train external models. Models you connect AXOS to are governed by your contract with the model provider; ScotiTech does not redirect that data anywhere else.

Where is customer data stored?

In the customer-controlled deployment. Application data, uploaded documents, prompts, and generated outputs are stored in the database and object store the customer operates. ScotiTech-hosted services (marketing site, hosted demo) are separate and listed on the /subprocessors page.

Can my IT team scan AXOS container images?

Yes. Customers can scan released images with their own SCA, vulnerability scanning, and policy tooling. We are also happy to share a Software Bill of Materials and signed checksums on request as part of the engagement.

What is the patch SLA for security issues?

Critical and high-severity issues are addressed through out-of-band releases according to severity. Medium and low issues are bundled into the regular release cadence. Reporting routes and our coordinated disclosure policy are on the /security page.

How are encryption keys managed?

AXOS uses TLS 1.3 in transit and AES-256 at rest. Encryption keys live in the customer environment and are managed by the customer KMS or equivalent. ScotiTech operators do not have implicit access to keys in customer deployments.

What audit logging is provided?

Per-user activity, document access, administrative actions, and authentication events are logged with timestamp and context. Logs can be exported to your existing SIEM or log destination via syslog, webhook, or file export.

Integrations and access

Does AXOS support SSO?

Yes. AXOS integrates with standard SAML 2.0 and OIDC identity providers, including Microsoft Entra ID (Azure AD), Okta, Ping, and Google Workspace. Group-to-role mapping is configurable during deployment.

Which document and collaboration tools does AXOS integrate with?

Microsoft 365, SharePoint, OneDrive, Teams, and Outlook are supported today. iManage Work and NetDocuments connectors are on the roadmap and we welcome design partners. The /integrations page lists current and roadmap connectors by status.

Can AXOS read from our existing file shares and storage?

Yes. AXOS supports SFTP, S3-compatible object stores, and SMB/NFS shares as content sources, with access scoped to the user’s permissions.

Can I bring my own LLM API key?

Yes. Bring-your-own-key for Azure OpenAI, Anthropic, OpenAI, AWS Bedrock, and Google Vertex is the typical pattern. Customers retain the commercial and contractual relationship with the model provider.

Engagement and pricing

What does an AXOS engagement cost?

Engagements are scoped to the customer environment rather than priced from a public SKU. Typical first-year ranges fall between £45k and £180k depending on team size, integration scope, hosting model, and support tier. Exact pricing is part of the scoped proposal after the discovery call.

How long does a pilot take?

A typical pilot reaches a working internal use case in 4–6 weeks from kickoff, depending on environment readiness and the scope agreed in the proposal. Air-gapped or highly regulated environments take longer and we plan that timeline jointly.

What support is included?

Production engagements include named technical contacts, scoped response targets, and security advisories. Support tiers are agreed before deployment. Customer support contact and response targets are listed on the /contact page.

Do you offer a free trial?

We do not run a free public trial. We do run a hosted evaluation environment that we provide credentials to after a short qualification step, and we run pilots inside customer infrastructure before any commitment.

Procurement and compliance

Do you provide a DPA?

Yes. A Data Processing Agreement is available and is signed where ScotiTech processes personal data on behalf of the customer (for example, during the hosted demo or support activities). Self-hosted production AXOS does not place ScotiTech in the processor role for customer-controlled data.

Which certifications do you hold?

AXOS is GDPR-aligned today. ISO 27001 and SOC 2 work is in progress. Cyber Essentials Plus is on the roadmap. We keep the /trust and /security pages updated as new certifications complete.

Can you fill in our supplier security questionnaire?

Yes. We routinely respond to SIG-Lite, CAIQ, and customer-specific security questionnaires. Send the document with your initial contact and we will return responses during the technical review.

What references can you share?

Reference conversations are arranged after a mutual NDA. We are honest about the size and stage of our customer base on the /about page and during the discovery call.

Have a question we missed?

Send it to info@scotitech.com and we will fold it into this page if it helps other buyers.

Contact options