Privacy & Security Architecture
Privacy is not our policy.
It is our architecture.
Alpyx is designed around one principle: your operational data belongs to you, lives on your infrastructure, and is inaccessible to anyone — including us. revFADP-aligned by design.
AES-256 at source · 100% on-premise · Zero egress · Zero-knowledge by architecture · revFADP-aligned
Security Design Principles
Five architectural guarantees.
Not five promises.
100% On-Premise
The agent installs entirely within your network perimeter. No cloud dependency. No SaaS pipeline. Air-gapped compatible. Your servers, your environment, full stop.
AES-256 at Source
Captured events are encrypted on the endpoint immediately upon collection, before any local storage or transmission. The key is generated during deployment and held exclusively by the client.
Zero-Knowledge by Architecture
Alpyx software contains no telemetry, no outbound transmission, no remote access. Our engineers cannot access client data, and the architecture does not allow a support backdoor. Design constraint, not policy constraint.
Client-Owned Dataset
The encrypted store is yours. The keys are yours. When Alpyx is removed, the dataset remains. There is no lock-in through data custody — ownership is structural.
revFADP & GDPR Aligned
Built for the revised Swiss Federal Act on Data Protection from the ground up. A Swiss data protection law firm has reviewed the capture architecture, employee consent framework, and revFADP compliance documentation. Works council templates included.
Technical Data Flow
Where data goes.
Where data stops.
Alpyx infrastructure
Receives: None · Sees: None · Stores: None
Regulatory Alignment
Designed for Swiss data sovereignty.
Fully aligned with the revised Swiss Federal Act on Data Protection (in force 1 September 2023, also known as nDSG/nLPD). On-premise deployment removes the cross-border data flow complexity faced by cloud-based tools — a structural advantage for regulated Swiss industries.
Deployments structured as internal processing under the client's data controller authority. DPIA template, DPA, and retention guidance provided. No cross-border transfer of personal data occurs in normal operation.
Alpyx ships a structured employee communication package: notification templates, FAQ documentation, and works council briefing materials. Reviewed by a Swiss data protection law firm.
Architecture aligns with ISO 27001 information security controls. Compatible with enterprise security policies, endpoint management systems, and information classification frameworks already in place.
Security Team FAQ
Questions IT and security teams ask us.
Does the Alpyx agent require internet connectivity?
No. The agent operates entirely within the local network. Internet access is not required for capture, encryption, or storage. Air-gapped deployments are fully supported.
Can Alpyx access our data from its infrastructure?
No. There is no network connection between your deployment and Alpyx infrastructure. The product is designed so that the connection cannot exist — no telemetry, no support backdoor, no diagnostic channel.
What happens if we remove Alpyx?
The agent uninstalls via standard enterprise software management. The encrypted dataset remains intact on your infrastructure. You retain everything. Alpyx retains nothing — and cannot.
How does the agent affect endpoint performance?
Target footprint: sub-2% CPU and under 50MB RAM on standard enterprise hardware. The agent runs as a background OS-level process and is fully invisible to end users during normal operation.
What network ports and protocols does the agent use?
The agent communicates only on the local network using TLS 1.3 channels to the on-premise encrypted store. No external connections are initiated. Full network specification provided during technical scoping.
Can we audit what the agent captures?
Yes. The local admin console provides full capture scope visibility. Administrators can audit capture settings, inclusion/exclusion rules, and dataset contents at any time. Capture is metadata only — never content.
How is per-employee surveillance prevented architecturally?
Reconstruction operates via privacy-preserving aggregation. Workflow statistics are computed without reconstructing individual sequences. Per-employee tracking is not a feature, and it is not architecturally possible.