Veritas Security & Governance Statement

A Service of AI Excellence & Strategic Intelligence Solutions, LLC

Effective Date: May 26, 2026
Version: 1.0
Contact: compliance@axislabs.ai

Summary

AI Excellence & Strategic Intelligence Solutions, LLC (“AXIS AI,” “we,” “our,” or “us”) is committed to maintaining a secure, responsible, and well-governed platform environment for Veritas and related services, including The Prism of Veritas.

This Security & Governance Statement explains the safeguards, governance practices, access controls, monitoring procedures, AI oversight principles, incident-response commitments, and user-responsibility expectations that support the operation of Veritas.

Veritas is designed as a writing analysis platform that helps users examine patterns in language, framing, reasoning, clarity, structure, and communication risk. Veritas reports and Prism responses are advisory and informational. They are designed to support human review, not replace professional judgment or make final legal, academic, employment, medical, financial, or institutional decisions.

1. Purpose

The purpose of this Security & Governance Statement is to explain how AXIS AI approaches platform security, data protection, responsible AI use, operational oversight, and governance for Veritas.

This document is intended to support transparency, user trust, institutional readiness, and responsible use of the Services.

This Statement should be read together with the Veritas Privacy Policy and Veritas Terms of Use.

2. Scope

This Security & Governance Statement applies to the Veritas writing analysis platform, The Prism of Veritas, related dashboards, reports, tools, interfaces, support systems, billing-related systems, API access, authentication systems, workspace features, and associated services provided by AXIS AI.

This Statement applies to:

  • Individual users

  • Paid subscribers

  • Trial users

  • Institutional users

  • Organizational workspaces

  • API users

  • Administrative users

  • Partners and affiliates, where applicable

  • Internal AXIS AI personnel with authorized platform responsibilities

  • Third-party service providers supporting the Services

3. Security Governance Overview

AXIS AI uses a layered security and governance approach designed to protect the confidentiality, integrity, and availability of the Services.

Our security governance approach includes:

  • Administrative safeguards

  • Technical safeguards

  • Access controls

  • Role-based permissions

  • Authentication protections

  • API token safeguards

  • Secure data handling

  • Vendor oversight

  • Monitoring and logging

  • Audit records

  • Incident-response procedures

  • AI-output governance

  • Human review expectations

  • Responsible-use enforcement

Security and governance practices may evolve as the platform, customer base, regulatory requirements, and operational risks change.

4. Authentication and Access Security

AXIS AI uses authentication controls designed to protect user accounts, administrator access, platform sessions, and API access.

Authentication controls may include:

  • Email and password authentication

  • Magic-link authentication where available

  • Session-based access controls

  • Short-lived session tokens where supported

  • Login activity logging

  • Failed-login monitoring

  • Account status enforcement

  • Immediate access restriction for deactivated or suspended users

  • Administrative access controls

  • API token controls where applicable

Users are responsible for maintaining the confidentiality of their credentials and for promptly reporting suspected unauthorized access.

5. API Token Governance

Where API access is provided, AXIS AI may issue user-specific API tokens or keys.

API token governance may include:

  • User-specific token issuance

  • Hashed token storage

  • User-revocable tokens

  • Access tied to account status and permissions

  • Usage monitoring

  • Abuse detection

  • Suspension or revocation of API access when appropriate

API credentials should be treated as confidential. Users must not share API tokens publicly, embed them in client-side code, expose them in repositories, or transfer them to unauthorized parties.

6. LTI 1.3 and Institutional Integration Governance

Where Veritas is integrated with learning platforms, institutional systems, or supported external platforms through LTI 1.3 or similar integration standards, AXIS AI uses authentication and validation controls designed to support secure institutional access.

Integration safeguards may include:

  • OpenID Connect-based authentication flows

  • State and nonce validation

  • Time-limited authentication values

  • JWT signature verification

  • Verification against trusted institutional key sources

  • Role and identity mapping where applicable

  • Controlled launch and access validation

Institutional integrations may be governed by additional agreements, configuration requirements, customer responsibilities, or data-processing terms.

7. Authorization and Role Model

AXIS AI uses role-based access controls to help ensure users access only the features and data appropriate for their role.

Common role types may include:

Role General Access Scope
User Access to the user’s own account, reports, submitted content, and available features
Admin Administrative access needed to manage platform operations, support, security, and governance
Partner Access to partner-related features and permitted account/workspace resources
Affiliate Access to affiliate-related features, portal tools, and permitted account resources
AXIS Staff Access to assigned internal tools and resources based on role, authorization, and internal use policies

Administrative backend functions are restricted to authorized administrative users. Unauthorized users are denied access to administrative functions.

AXIS AI may update role structures, permissions, and access levels as the platform evolves.

8. Data Access Controls

AXIS AI uses data access controls designed to limit access to user data, reports, workspace content, and analysis records.

Data access controls may include:

  • Database-level access restrictions

  • Row-level access controls where supported

  • User-specific data boundaries

  • Workspace-based sharing controls

  • Administrator access restrictions

  • Access based on role, permission, and operational need

  • Server-side authorization checks

  • Access denial for unauthorized requests

In general:

  • Users may access their own analyses and account-related information.

  • Workspace members may access shared workspace analyses where permitted by configuration.

  • Authorized administrators may access information necessary for support, security, compliance, auditing, and platform operations.

9. Platform Security Measures

AXIS AI uses reasonable technical and organizational safeguards to protect Veritas and related systems.

Security measures may include:

  • HTTPS/TLS encryption for data in transit

  • Encryption at rest where supported

  • Secure password handling and hashing

  • Role-based access controls

  • Server-side authorization enforcement

  • Administrative access restrictions

  • Session controls

  • Rate limiting and abuse prevention

  • Bot and automated activity detection

  • Activity logging

  • Monitoring for suspicious activity

  • Secure development practices

  • File upload restrictions

  • System error monitoring

  • Controlled access to production systems

  • Vendor security review where appropriate

  • Anti-clickjacking protections for payment or checkout flows where applicable

No online platform can guarantee absolute security. However, AXIS AI takes reasonable steps to reduce risk, protect user information, and maintain platform integrity.

10. Input and Abuse Controls

AXIS AI uses input and abuse controls designed to protect the platform, reduce misuse, and support responsible operation of Veritas.

These controls may include:

  • Prompt injection and jailbreak detection

  • Guardrails for prohibited or abusive input

  • Fail-closed handling where appropriate

  • Bot detection based on technical and behavioral signals

  • Rate limiting based on account, usage, or plan tier

  • Logging of automated submission indicators

  • Abuse-prevention workflows

  • Suspension or restriction of accounts that violate Terms of Use

  • Restrictions on repeated misuse, unauthorized automation, or attempts to bypass platform controls

AXIS AI may decline to process, restrict, or suspend activity that creates security, legal, operational, reputational, or platform-integrity risk.

11. Account Controls

AXIS AI may use account-level controls to enforce security, governance, subscription status, and responsible use.

Account controls may include:

  • Suspension of accounts that violate Terms of Use

  • Restriction of analysis submission for suspended accounts

  • Immediate logout or access restriction for deactivated users

  • Feature-level restrictions based on account status

  • Permanent or administrative restrictions on Prism access where appropriate

  • Enforcement of staff-use policies before access to internal tools

  • Required acknowledgment of applicable terms, policies, or use rules

Users remain responsible for account activity and must notify AXIS AI promptly of suspected unauthorized access or account compromise.

12. Secret Management

AXIS AI maintains internal practices designed to protect sensitive credentials, keys, and service configuration values.

Secret management practices may include:

  • Storing secrets outside of frontend code

  • Restricting access to authorized personnel

  • Using environment-based configuration where appropriate

  • Limiting exposure of API keys, signing keys, payment credentials, and provider tokens

  • Rotating or revoking credentials when appropriate

  • Preventing sensitive secrets from being publicly disclosed

Users and developers should never place confidential credentials, API tokens, private keys, or production secrets in public repositories, frontend code, client-visible environments, or unsecured communication channels.

13. Data Protection Measures

AXIS AI applies data protection practices designed to limit unnecessary access, reduce exposure, and protect user-submitted content and platform records.

Data protection practices may include:

  • Limiting collection to information reasonably necessary to provide the Services

  • Processing user-submitted content for the purpose of generating Veritas reports and related features

  • Restricting internal access to authorized personnel with a legitimate business need

  • Using service providers that support reasonable data protection safeguards

  • Maintaining security logs and operational records where appropriate

  • Applying retention and deletion practices described in the Veritas Privacy Policy

  • Avoiding unnecessary reuse of customer-submitted content

  • Not selling personal information

  • Not using customer-submitted content to train AXIS AI models unless separately authorized

Users should avoid submitting sensitive, confidential, regulated, or third-party information unless they have authority to do so and the submission is appropriate for their intended use.

14. User-Submitted Content Protection

Veritas may process text, files, documents, images where supported, prompts, follow-up questions, reports, and related metadata submitted by users.

AXIS AI protects user-submitted content by limiting use of that content to purposes reasonably necessary to:

  • Provide the Services

  • Generate Veritas reports

  • Support The Prism of Veritas

  • Maintain platform security

  • Troubleshoot technical issues

  • Provide customer support

  • Enforce Terms of Use

  • Comply with legal obligations

  • Maintain internal service records where appropriate

User-submitted content remains the responsibility of the user. Users must ensure they have the rights, permissions, consents, and authority necessary to submit content to Veritas.

15. AI and Model Governance

Veritas uses AI-assisted systems to generate writing analysis reports and related outputs.

AXIS AI applies AI governance principles intended to support responsible use, transparency, and appropriate user expectations.

AI governance practices include:

  • Positioning Veritas outputs as advisory and informational

  • Requiring human review before users rely on outputs

  • Avoiding claims that Veritas makes final legal, employment, academic, medical, financial, disciplinary, or regulated decisions

  • Limiting Prism responses to the relevant report context where appropriate

  • Providing structured outputs designed to support user understanding

  • Maintaining policies that restrict misuse of AI outputs

  • Monitoring platform behavior for operational, quality, and security concerns

  • Updating product guidance as features evolve

Veritas reports and Prism responses may be incomplete, inaccurate, overinclusive, underinclusive, or context-dependent. Users are responsible for reviewing and validating outputs before using them.

16. Model Training and AI Provider Governance

AXIS AI does not use customer-submitted content to train AXIS AI models unless separately authorized by the user or customer, covered by a separate written agreement, or lawfully de-identified or aggregated so that it no longer identifies the user or customer.

Where AXIS AI uses third-party AI infrastructure or model providers, such providers may process submitted text or related technical information only as necessary to provide AI analysis functionality and related Services.

AXIS AI expects AI providers and infrastructure vendors to process information in accordance with applicable contractual, technical, and legal safeguards.

17. Human Review and Advisory Use

Veritas is designed to support human review, not replace it.

Reports and Prism responses are intended to assist users in understanding writing-related patterns, including language, framing, reasoning, clarity, structure, and communication risk.

Veritas does not independently make final decisions in areas such as:

  • Legal matters

  • Employment decisions

  • Academic discipline

  • Admissions

  • Hiring or promotion

  • Medical or psychological care

  • Financial decisions

  • Housing decisions

  • Credit or insurance decisions

  • Criminal justice decisions

  • Eligibility determinations

  • Institutional compliance findings

Users and organizations remain responsible for decisions made based on or influenced by Veritas outputs.

18. The Prism of Veritas Governance

The Prism of Veritas is a guided follow-up companion designed to help eligible users engage more deeply with a Veritas report.

The Prism may help users:

  • Clarify report findings

  • Understand advisory guidance

  • Explore language, framing, and reasoning patterns

  • Ask follow-up questions about a generated report

  • Better understand how communication may be interpreted

The Prism is not intended to provide unrelated general-purpose advice, legal conclusions, medical advice, psychological counseling, academic grading, employment decisions, or compliance determinations.

AXIS AI may restrict Prism usage based on subscription tier, credit usage, workspace settings, abuse-prevention rules, security concerns, operational requirements, or administrative restrictions.

19. Monitoring, Logging, and Audit Records

AXIS AI may maintain monitoring, logging, and audit records to support platform security, service reliability, abuse prevention, troubleshooting, customer support, and compliance.

Records may include:

  • Login events

  • Authentication logs

  • Session data

  • Error logs

  • Report generation metadata

  • External and internal report IDs

  • Usage records

  • Security alerts

  • Rate-limit activity

  • Policy violation records

  • Bot or automated activity indicators

  • Support-related records

  • Administrative actions

  • Billing-related metadata

  • Affiliate or partner policy acknowledgments where applicable

Logging and audit records are used to maintain service integrity, investigate technical issues, enforce platform rules, respond to security concerns, and support governance obligations.

20. Audit Trail Governance

AXIS AI may maintain structured audit trails for certain platform activities.

Audit trail records may include:

Audit Record Type General Purpose
Administrative action logs Track administrative changes, responsible user, affected record, and relevant change history
Login activity logs Track authentication activity, timestamps, device information, session details, and security review needs
Policy violation logs Track prohibited input, guardrail events, misuse indicators, or Terms-related concerns
Bot detection logs Track automated submission signals and suspicious activity patterns
Policy acknowledgment records Track acceptance of required policies, terms, staff-use rules, partner obligations, or affiliate acknowledgments

Audit records may be retained as necessary to support platform integrity, legal compliance, security investigations, user support, fraud prevention, and governance requirements.

21. Compliance and Privacy Governance

AXIS AI aligns Veritas security and governance practices with the Veritas Privacy Policy, Terms of Use, and internal operational policies.

Compliance and privacy governance practices may include:

  • No sale of personal information

  • No customer-content model training unless separately authorized

  • Payment processing through third-party payment processors

  • Retention of payment-provider identifiers rather than full payment credentials

  • Verification of payment-related webhook events where applicable

  • Required acceptance of applicable terms or policies where appropriate

  • Staff-use policy acknowledgment before access to internal tools where applicable

  • User-initiated account deletion or deletion request workflows

  • Anonymization or de-identification of certain records where deletion is limited by audit, legal, billing, security, or compliance requirements

Where full deletion is not possible or legally appropriate, AXIS AI may anonymize, de-identify, restrict, or retain limited records as permitted by law and described in the Veritas Privacy Policy.

22. Data Retention and Deletion Governance

AXIS AI retains information only as long as reasonably necessary for the purposes described in the Veritas Privacy Policy, unless a longer retention period is required or permitted by law, contract, security needs, billing obligations, dispute resolution, tax requirements, accounting requirements, or legal process.

Retention practices may include:

  • Account information retained while the account is active and for a reasonable period after closure

  • Authentication and security logs retained for security and fraud-prevention purposes

  • Uploaded source content processed as necessary to generate analysis results

  • Reports retained when saved by the user, workspace, or organization

  • Report IDs and metadata retained for auditing, troubleshooting, support, and platform integrity

  • Prism conversations retained where necessary for continuity, user access, support, or workspace administration

  • Billing records retained as required by tax, accounting, payment, or legal obligations

  • Support records retained as necessary to resolve issues and maintain records

  • Certain audit records retained or anonymized to preserve security, fraud-prevention, compliance, or platform-integrity needs

Deletion requests may be submitted according to the Veritas Privacy Policy.

23. Third-Party Service Provider Governance

AXIS AI may use third-party service providers to operate, secure, support, and improve Veritas.

Service providers may include:

Provider Category Purpose Data Potentially Processed
AI infrastructure and model providers AI-assisted analysis and report generation Submitted text, prompts, outputs, technical metadata
Payment processors Payments, subscriptions, refunds, billing events Email, billing information, payment status, provider IDs
Transactional email providers Account notices, verification messages, transactional emails Email, name, message metadata
Support providers Customer support, ticketing, user communication Email, name, messages, support context
Platform infrastructure providers Hosting, storage, authentication, application operations Application data necessary to provide the Services
Analytics, logging, and monitoring providers Service reliability, diagnostics, security, and platform improvement Usage data, logs, technical metadata

AXIS AI seeks to use service providers that support appropriate contractual, technical, and organizational safeguards.

Third-party providers are expected to process information only as necessary to provide services to AXIS AI and in accordance with applicable agreements and legal obligations.

24. Payment Security

AXIS AI does not directly store full credit card numbers, full bank account details, or complete payment credentials.

Payment processing is handled through third-party payment processors. AXIS AI may retain limited payment-related information such as customer IDs, subscription status, invoice IDs, payment confirmations, refund status, and billing metadata as necessary to operate billing and account systems.

Payment-related security may include:

  • Third-party payment processor controls

  • Verification of payment-related webhook events where applicable

  • Retention of provider identifiers rather than full payment credentials

  • Restricted access to billing-related records

  • Suspension or restriction of access for failed, reversed, or disputed payments where permitted

25. Incident Response

AXIS AI maintains incident-response practices designed to identify, assess, contain, investigate, and respond to security incidents affecting the Services.

Incident-response activities may include:

  • Reviewing alerts or reports of suspicious activity

  • Investigating potential unauthorized access

  • Containing affected systems or accounts

  • Taking corrective action

  • Documenting incident details

  • Notifying affected users, customers, regulators, or other required parties when required by law

  • Reviewing lessons learned

  • Updating safeguards where appropriate

If users believe their account, data, or workspace may be affected by a security issue, they should contact AXIS AI at compliance@axislabs.ai.

26. Organizational and Workspace Governance

For institutional, enterprise, organizational, educational, or team-based customers, Veritas may support workspace-based access and administration.

Depending on configuration, organization administrators may be able to:

  • Invite or remove users

  • Assign roles or permissions

  • Review workspace membership

  • View usage levels

  • Manage subscription or billing information

  • Access reports or activity associated with the organization

  • Request deletion, export, suspension, or administrative changes

  • Enforce internal organization policies

AXIS AI is not responsible for the internal policies, monitoring practices, employment decisions, academic decisions, or administrative actions of customer organizations.

Organizations are responsible for ensuring that their use of Veritas complies with applicable laws, policies, contracts, privacy obligations, and institutional standards.

27. Acceptable Use Enforcement

AXIS AI may enforce acceptable-use requirements to protect users, the platform, and the integrity of the Services.

Prohibited conduct may include:

  • Unauthorized access

  • Abuse of trial or promotional access

  • Attempts to bypass rate limits or credit systems

  • Uploading malicious code or harmful files

  • Misusing reports for unlawful discrimination or harmful targeting

  • Attempting to extract system prompts, proprietary workflows, or confidential logic

  • Using the Services to develop competing products without authorization

  • Submitting content without required rights or permissions

  • Using Veritas outputs as final legal, academic, employment, or institutional determinations

AXIS AI may suspend, restrict, or terminate access when necessary to protect the Services, users, data, or operational integrity.

28. Responsible Use Expectations

Users are expected to use Veritas responsibly, lawfully, and ethically.

Users should:

  • Review reports carefully before relying on them

  • Use Veritas as a support tool, not a final authority

  • Avoid submitting unauthorized third-party data

  • Avoid submitting unnecessary sensitive information

  • Maintain account security

  • Follow applicable laws and institutional policies

  • Avoid misrepresenting Veritas outputs

  • Use human judgment when applying recommendations

  • Report suspected security issues promptly

Veritas is designed to support better writing awareness and communication review. It should not be used to replace professional advice, institutional review, legal counsel, or human decision-making.

29. Current Compliance Status and Limitations

AXIS AI maintains security and governance practices intended to support responsible operation of Veritas.

Unless separately stated in writing, AXIS AI does not currently claim formal SOC 2 certification, ISO 27001 certification, HIPAA compliance, FERPA certification, GDPR certification, or other third-party compliance certification.

Enterprise, institutional, or regulated customers may request additional documentation, security review materials, data-processing terms, vendor information, or contractual assurances as part of their procurement process.

This Statement does not guarantee that Veritas is appropriate for every regulated use case. Customers are responsible for evaluating whether Veritas meets their own legal, institutional, procurement, cybersecurity, and compliance requirements.

30. Limitations

This Security & Governance Statement describes AXIS AI’s general approach to security and governance. It does not guarantee that the Services will be error-free, uninterrupted, immune from security threats, or suitable for every use case.

Security and governance practices may vary based on:

  • Product version

  • Subscription tier

  • Workspace configuration

  • Customer agreement

  • Third-party provider capabilities

  • Legal requirements

  • Operational needs

  • Technical limitations

This Statement does not create contractual warranties, service-level commitments, third-party audit rights, compliance certifications, or legal obligations beyond those stated in the applicable Terms of Use, Privacy Policy, written agreement, or applicable law.

31. Updates to This Statement

AXIS AI may update this Security & Governance Statement from time to time.

If material changes are made, AXIS AI may provide notice through the platform, by email, through account notices, or by other reasonable means.

Updates will include a revised Effective Date.

Continued use of the Services after an updated Statement becomes effective means you acknowledge the updated Statement.

32. Contact Us

If you have questions, concerns, security reports, governance questions, or data protection inquiries, contact us at:

AI Excellence & Strategic Intelligence Solutions, LLC
Email: compliance@axislabs.ai

For security or governance inquiries, please include:

  • Your name

  • Your account email, if applicable

  • The organization or workspace involved, if applicable

  • A description of the concern

  • Any relevant report ID, support ticket, or technical details

  • Whether the matter involves suspected unauthorized access or data exposure

End of Security & Governance Statement

AXIS AI

Responsible AI tools built for clarity, structure, and real-world decision support.

Explore

Home
Veritas
Pricing

Company

About
Contact

Resources

How Veritas Works
The Prism
Help Center
Veritas Insights
Become an Affiliate

Legal & Trust

Privacy Policy
Terms of Service
Security & Governance

Access

Sign In
Try Veritas Free