Axon recognizes that customers place great trust in us to secure data. We know our customers and the communities they serve deeply care about the security and privacy of data stored within Axon's systems. We are committed to maintain this trust.

With the global adoption and trending focus on expansive data protection and privacy regulation, Axon believes that the need for secure and thoughtful data collection, management, and sharing functionality within public safety has never been stronger. Many traditional solutions and technologies were not design to uphold modern data protections practices and have fundamentally become obstacles in adhering to the data protection and privacy norms in the 21st century.

Axon is confident that Axon Cloud Services and Axon Products enable customers to implement governance over the collection, handling, management and sharing of data to adhere to their applicable data protection and privacy requirements.

Axon is committed to continuing to develop and enhance Axon's products to ensure customers can meet data protection and privacy expectations from their communities and regulatory environment when using Axon products. Many of these commitments are supported by Axon's Compliance programs, such as ISO 27018:2014 certification. As a cloud service provider, Axon will work to maintain a continued partnership with our customers and communities to enable a fair and effective justice system.

Axon Data Classification

Foundational in being transparent is to first establish a common set of terms to describe data within a system. In addition to to explanation of primary data classifications below, within the Axon Cloud Services Privacy Policy in-depth details are provided regarding these data classifications and associated data processing activities.

Customer Data means Customer Content and Non-Content Data.

Customer Content is data uploaded into, ingested by, or created in Axon Cloud Services within a Customer’s tenant. For clarity, Customer Content includes Evidence but does not include Non-Content Data.

Evidence is media or multimedia uploaded into Axon Evidence as 'evidence' by a Customer. Evidence is a subset of Customer Content.

Non-Content Data is data, configuration, and usage information about customer's Axon Cloud Services tenant, Axon Devices, Axon Client Applications, and users that is transmitted or generated when using Axon Products. Non-Content Data also includes data about customers and users captured during account management and customer support activities. Non-Content Data includes many data classifications described within the Axon Cloud Services Privacy Policy. Non-Content Data does not include Customer Content.

Considerations for Data Sharing Partners

Axon is proud to lead the way in developing Artificial Intelligence (AI) technology for the public safety community. Axon has developed the Axon AI Data Sharing program to enable machine learning based technology advancements within public safety. Within the program, enrolled agencies enable Axon to securely access Customer Data to train AI models.

Using machine learning enables Axon to develop advanced technologies to enhance the effectiveness of public safety. Any such data sharing is supported on a contractual basis and opted into by each individual customers. Axon extends its commitment to security, privacy and compliance to data within this program. Currently, the program is only open to customer based in the United States.

Additional detail about the Axon AI Data Sharing program is available here: Data Sharing Reference Guide.

We also encourage a review of our commitments to ethical application AI technologies here:

Frequently Asked Questions:

What are some examples of privacy and data protection features in Axon products?
Axon has prepared the following document to highlight a selection of privacy focused features available in Axon products. This is not an exhaustive listing. Axon Products & EU Data Protection Reform 2018-11-19.pdf

Can Axon help me determine privacy or data protection impacts when using Axon Products?
Yes, Axon is available to assist in a privacy impact assessment or data protection impact assessment, including providing response to common considerations when using Axon Cloud Services. Axon has prepared an impact assessment template Data Protection Impact Assessment Guidance for Axon Cloud Services to assist customers. Additionally, customers can contact for additional assistance and discussion.

Does Axon respond to government requests for data?
If a government, domestic or foreign, demands Customer Data residing within Axon, it must follow the applicable legal process, serving Axon with a court order for content or a subpoena for information. Axon would redirect such request to the customer that owns the data. If compelled to disclose data, Axon would notify the customer and provide a copy of the demand, unless legally prohibited from doing so. Axon is also willing to work with the customer if the customer desires to apply for a protective order or motion to quash.

Where is Customer Content data stored and processed?
Axon Cloud Services are offered in numerous geographic regions. Customers determines which regional deployment of Axon Cloud Services it wishes to utilize prior to agency creation in Axon ensures that all Customer Content in Axon Cloud Services remains within the selected economic area, including any backup data, replication sites, and disaster recovery sites. Additional details are provided with the Axon Cloud Services Privacy Policy.

Can Axon personnel access Customer Content?
Axon contractually commits that customers control and own all right, title, and interest in and to their Customer Content. Axon obtains no rights to such content and commits to not accessing Evidence data without the explicit authorization from the customer. The only exception to accessing Evidence data without explicit customer authorization would be in the event of a system emergency where access may be utilized to ensure the operability and continuity of the service. Only a small team of Axon system administrators have the potential to execute such access and must be authenticated using 2 factors prior to gaining system access. These system administrators have undergone and are continually subject to background check procedures and system usage monitoring. Any Evidence data access by Axon personnel is closely logged, monitored and correlated to appropriate business need by the Axon Information Security team.

Axon personnel will have access to Customer Content for customer who are enrolled and share data with Axon as part of the Axon AI Data Sharing Program. Additional detail about the Axon AI Data Sharing program is available here: Data Sharing Reference Guide

Is data transmitted to/from Axon Cloud Services remain in my country or region?
By default, Axon Cloud Services are delivered over the public internet. Due to the nature of the public internet, Axon cannot guarantee that data transmitted remains in the Customer's selected region. However, all data transmitted to and from Axon Cloud Services is encrypted (more details on Axon's encryption protocols are located here)

If a Customer desires to not communicate with Axon Cloud Services over the public internet, Axon can support customers that leverage private connections from a Customer to Axon's underlying infrastructure provider in their region. Restrictions can be implemented within Axon Cloud Services to ensure data transfer only occurs over such connection. To further evaluate private connection options and considerations, please contact your Axon Sales Representative or Sales Engineer.

How would Axon handle a data breach or security incident?
Axon has implemented security monitoring and incident response policies and practices for Axon Cloud Services, including, which follow industry best practice standards. Incident Management policies and procedures are tested and meet Axon's comprehensive compliance program requirements including ISO/IEC 27001:2013, SOC 2+ Reporting, FedRAMP Moderate, and the U.S. FBI CJIS Security Policy. Learn more about Axon's approach to incident handling in the Axon Cloud Services Security Incident Handling and Response Statement.