Axya is built with security at its core. We implement industry-standard practices to protect your data, ensure platform reliability, and meet compliance requirements.
Need our SOC 2 certificate? Request it at security@axya.co.
SOC 2 Type 2 Certified — Axya has been independently audited and certified for SOC 2 Type 2 compliance, demonstrating our commitment to security, availability, and confidentiality of customer data.
| Feature | Description |
|---|---|
| Single Sign-On (SSO) | SAML 2.0 and OpenID Connect compatible. Works with Azure AD, Okta, Google Workspace, OneLogin, Ping Identity, JumpCloud, ADFS, and any SAML/OIDC-compliant provider. Full SSO guide. |
| Two-Factor Authentication | Email-based 2FA available for all users, with backup codes for account recovery. |
| Role-Based Access Control | Granular permissions for buyers, suppliers, and administrators. Module-specific roles control what each user can see and do. |
| Team-Based Visibility | Users only see data scoped to their team. Admins have full visibility across the organization. |
| Secure Supplier Portal | Suppliers access orders and RFQs through time-limited, secure links — no account or password required. |
| Measure | Details |
|---|---|
| Encryption in Transit | All network communication protected with TLS/SSL encryption. |
| Encryption at Rest | Server-side encryption with AWS KMS for storage, TDE for databases, and client-side encryption for sensitive data. |
| Data Location | All customer data is stored exclusively within Canada. |
| Password Security | Passwords are securely hashed and salted using industry-standard algorithms. |
| Measure | Details |
|---|---|
| Cloud Provider | AWS (Canada Central region) with multi-availability zone for high availability and fault tolerance. |
| Uptime | 99.8% or higher. |
| Status Page | Monitor incidents at axya.instatus.com. |
| Environments | Separate test/development, staging, and production environments to ensure controlled, secure releases. |
Where is my data hosted?
All data is hosted exclusively in the Canada Central region on AWS, with multi-availability zone enabled.
Is Axya compatible with our SSO provider?
Yes. Axya supports SAML 2.0 and OpenID Connect, which covers virtually all enterprise identity providers — Azure AD, Okta, Google Workspace, OneLogin, Ping Identity, JumpCloud, ADFS, and more. Contact security@axya.co to get started. See the full SSO guide for details.
What is your uptime SLA?
We maintain 99.8% uptime or higher. Current status is available at axya.instatus.com.
Do you have separate environments for development and production?
Yes. We maintain separate environments for development, staging, and production to ensure a controlled and secure release process.