Trust & security

Practical controls for private AI adoption

AXOS is positioned for teams that need clear operational boundaries before they evaluate AI. This page summarises the controls and review areas that matter during a technical assessment.

Deployment ownership

AXOS is designed to run in infrastructure controlled by the customer or their appointed hosting partner.

Data residency

Application data, uploaded documents, generated outputs, and logs stay inside the chosen deployment environment.

Transport security

Production deployments should terminate HTTPS at the reverse proxy and use TLS for public service traffic.

Access control

AXOS supports role-based administrative patterns and is intended to sit behind customer identity and network controls.

Auditability

Operational events, registration activity, and application failures should be logged for review and incident handling.

Security contact

Security and procurement questions can be routed to ScotiTech for technical review before deployment.

Evaluation pack contents

For enterprise review, AXOS should be assessed with concrete deployment and operations evidence rather than marketing claims. These are the areas we recommend covering in a technical review.

Production domain and TLS configuration
Container health checks and restart behavior
Database backup and restore process
SMTP sender authentication and delivery monitoring
Data retention and deletion expectations
Administrator access and escalation ownership

Privacy

Customer content should be processed only for the requested workflow and retained according to the deployment policy agreed with the customer.

Resilience

Production deployments should include monitored health checks, container restarts, database backups, and documented rollback steps.

Procurement

Security questions, DPA requests, SLA expectations, and support routes should be reviewed before any production rollout.

Contact

Security questions, vulnerability reports, and procurement requests can be sent to the contacts below. We aim to acknowledge security reports within two business days.

Security reports
security@scotitech.com
Procurement and commercial review
info@scotitech.com
Operator
ScotiTech Solutions Limited · scotitech.com

Last updated: June 2026