Privacy

This policy explains what PYXIS3 accesses in your cloud, what it does with that access, and the rights you have over it. It applies to every workspace and to all of the cloud accounts and infrastructure you connect across AWS, Google Cloud, Azure, VMware, Nutanix, and on-prem.

To operate, PYXIS3 needs a scoped role in each cloud account you connect. That role is read-first: it grants visibility into your resources (instances, disks, snapshots, addresses, load balancers, databases, reservations, and the like) and into the billing and usage metadata those resources generate. We read this inventory and cost data to find waste, size commitments, detect anomalies, and forecast budgets. We do not access the workload data, application data, or customer data that lives inside your resources: not the contents of your databases, object storage, message queues, or running processes. We do not need it, and the role is not scoped to reach it.

PYXIS3 writes only the changes you authorize. The guardrails and policies you configure define exactly what it may act on and how far it may go: which accounts, which resource classes, which windows, and which thresholds. Within those limits it can retire idle and orphaned resources, schedule non-production off outside working hours, rightsize over-provisioned compute and databases, manage savings plans and reserved capacity, remediate cost anomalies, and enforce budgets. Outside those limits it does nothing. Every action is recorded in a searchable, attributable log so you can see what was changed, when, and why.

The account inventory, billing metadata, configuration, and action history we hold are stored on infrastructure operated for PYXIS3 and are encrypted in transit using TLS. Each workspace is logically isolated: your data is processed and stored under your tenant alone and is never exposed to another customer. We retain operational and billing data only for as long as needed to run the service, support your account, produce savings and invoicing records, and meet legal obligations; when an account is closed, we delete or anonymize this data on a defined schedule, retaining only what the law requires us to keep.

We rely on a small number of sub-processors at a high level: cloud hosting and infrastructure providers and, where used, transactional email and payment processing. We share with them only what each needs to perform its function, and never your resource contents. We do not sell your data and we do not use it to build profiles or to train models for any party other than the operation of your own workspace.

You can exercise any data right (access, export, correction, or deletion) and ask questions about how your data is handled by emailing ops@pyxis3.ai. Enterprise customers can run PYXIS3 on a dedicated instance with defined data-residency commitments and custom policy; the specifics are set in your agreement.