Terms of use and data protection
Terms & Privacy
Rules for using Axomap and information about how the service handles data.
Operator and contact
Axomap is operated by Clement Vouillon, Adenauerallee 12-14, D-53113 Bonn, Germany.
For questions about these terms, privacy, or a data protection request, contact clement.vouillon@gmail.com.
Last updated: July 6, 2026.
Service and acceptable use
Axomap is a research tool for creating, enriching, monitoring, and publishing market landscapes from user input and public sources. It does not provide legal, tax, financial, or investment advice.
You are responsible for the prompts, notes, imports, API keys, source URLs, publications, and other content you add to Axomap, and for keeping your account access secure.
Do not use Axomap to harass people, infer sensitive traits, build unlawful datasets, violate third-party rights, or make automated decisions with legal or similarly significant effects about individuals.
Access may be limited, suspended, or terminated where necessary to protect the service, other users, security, or legal compliance.
Research outputs
Axomap can summarize public company, market, funding, product, go-to-market, hiring, and founder signals. Public availability does not guarantee that information is current, complete, or appropriate for every use.
Generated outputs may contain errors, omissions, stale source material, or third-party service interruptions. Review outputs and source links before publishing, sharing, or relying on them.
If you ask Axomap to publish a landscape or make content public, you remain responsible for checking that the content is accurate, lawful, and free of confidential information.
Personal data processed
Axomap processes account data such as name, email address, authentication provider, avatar URL where provided, session data, plan and access settings, and security/audit events.
Workspace data can include landscapes, companies, notes, categories, source URLs, generated summaries, timeline events, publication settings, OAuth client data, and encrypted provider API keys that users save in settings.
Public-source research may include information about founders, executives, hiring activity, public profiles, product launches, funding events, company websites, and source citations. Where this information identifies a natural person, it may be personal data even if it was publicly available.
Purposes and legal bases
Axomap processes data to provide accounts, authentication, research workspaces, agent workflows, public pages, MCP access, security controls, abuse prevention, debugging, analytics, and support.
Where GDPR applies, the legal bases are usually performance of a contract or pre-contractual steps for account and workspace features, legitimate interests for security, analytics, product operation, and business research features, legal obligations where applicable, and consent where a feature specifically asks for it.
For public-source business research, Axomap relies on legitimate interests in providing source-backed market research tools, balanced against the rights and freedoms of the people mentioned in the data.
Service providers and transfers
Axomap uses infrastructure needed to host the application, database, sessions, and security logs. Google OAuth may be used for sign-in. Plausible is used for privacy-friendly aggregate analytics. OpenAI may process prompts and workspace context when a user runs AI workflows with a configured OpenAI API key. Brandfetch may be used to load company logos from company domains.
Some providers may process data outside the European Economic Area. Where required, Axomap relies on adequacy decisions, standard contractual clauses, or another lawful transfer mechanism.
Third-party websites linked as sources are operated by their own providers and are not controlled by Axomap.
Cookies, sessions, and analytics
Axomap uses session cookies and CSRF tokens to keep users signed in, protect forms, and secure account actions.
Plausible analytics is used to understand aggregate page usage without building advertising profiles. Browser or server logs may be processed to maintain security, investigate errors, and prevent abuse.
Retention and deletion
Workspace records are retained while the account or project remains active, unless deletion is requested or a longer retention period is required for security, legal, or operational reasons.
OAuth tokens, audit events, sessions, backups, and security logs are retained only as long as needed for authentication, service operation, security, troubleshooting, and legal compliance.
If you are mentioned in public-source research and want information corrected, removed, or reviewed, email clement.vouillon@gmail.com with the relevant page, company, source, and requested change.
Your rights
Depending on your jurisdiction, you may request access, rectification, erasure, restriction, portability, or object to processing. Where processing is based on consent, you may withdraw that consent at any time with effect for the future.
You may also lodge a complaint with a competent data protection supervisory authority. In Germany, this can be the authority responsible for your place of residence, workplace, or the alleged infringement.
To exercise rights or ask a privacy question, contact clement.vouillon@gmail.com.