Privacy Policy

Last updated: 2026-06-26

This policy describes how the GPUPilot service handles personal data. It is written to satisfy the Israeli Protection of Privacy Law as amended (PPL, Amendment 13 effective 14 August 2025), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act as amended by the CPRA (CCPA / CPRA), whichever applies to you.

1. Who we are (data controller)

GPUPilot is delivered by Bynet (Israel). Bynet is the controller for personal data described in this policy. For any privacy question, data-subject request, or breach notification, contact us at computingIT@bynet.co.il.

Bynet operates GPUPilot in partnership with Altostratus. Where required by counsel, this section will be updated to reflect the precise contracting legal entity.

2. Two deployment models, two data flows

How your data flows depends on which version of GPUPilot you are using:

2.1 Connected clusters (managed)

When you install the GPUPilot agent in a connected mode, the agent makes outbound HTTPS calls to the GPUPilot service to stream cluster telemetry. That telemetry is stored, analysed, and surfaced in the GPUPilot dashboard. This is the data flow described in sections 3-6 below.

2.2 Air-gapped clusters (on-premises / sovereign)

When you install the GPUPilot air-gap variant, the entire GPUPilot stack (agent, API, AI model endpoint, database) runs inside your perimeter. No cluster telemetry leaves your network. Bynet does not see, host, or receive a copy of that telemetry. In this deployment, Bynet acts only as a software provider, and you are the controller for the data the in-perimeter stack processes. This policy describes the connected service; the air-gap deployment is governed by the separate written agreement that accompanies it.

3. What we collect (connected deployment)

3.1 From your Kubernetes cluster (cluster telemetry)

The GPUPilot agent collects observability data needed to detect and diagnose GPU faults:

3.2 From you (account data)

3.3 What we do not collect

4. Marketing site cookies and analytics

On the GPUPilot marketing site (the page you are reading), we use a single optional analytics cookie:

This cookie is not set until you click Accept on the cookie banner. If you click Reject, or take no action, no analytics scripts load. Your choice is stored locally in your browser only. You can change it at any time by clearing site data and reloading.

Strictly necessary cookies (such as a logged-in session for the GPUPilot dashboard) are not subject to consent under ePrivacy and PPL guidance, and are only set once you sign in.

5. Why we process this data (legal basis)

WhatPurposeLegal basis (GDPR Art. 6)
Cluster telemetryProvide the service you contracted us to providePerformance of a contract
Account email and credentialsAuthentication, security, support, billing communicationPerformance of a contract
BYOK encrypted API keyTo call the AI provider you instructed us to callPerformance of a contract
Marketing-site analyticsUnderstand how the site is usedConsent (you click Accept)
Security logs, abuse detectionProtect the service and other customersLegitimate interests

6. Sub-processors

We use the following categories of sub-processor to deliver the connected service. The current named sub-processor list is available on request from computingIT@bynet.co.il and will be published here when finalised.

We will give you reasonable prior notice (typically via email to the account holder) before adding or replacing a sub-processor that materially changes how data is handled, so you can object if you wish.

7. Where data is stored and for how long

Data for the connected service is stored in encrypted form within reputable cloud infrastructure. We logically isolate each customer’s database. Default retention windows:

You can lower retention from Settings. On account closure, the per-customer database is dropped within 30 days; encrypted backups roll off on their normal cycle. For air-gap deployments, retention is whatever you configure inside your perimeter.

8. International data transfers

If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in countries outside your region (including Israel, which is the subject of an EU adequacy decision, and the United States, where applicable safeguards such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses apply to our sub-processors). Where required, we put in place appropriate safeguards before transferring personal data outside the EEA.

9. Your rights

You have rights over your personal data. The specific rights you can exercise depend on the law that applies to you, but they generally include:

To exercise any of these rights, email computingIT@bynet.co.il. We respond within the deadline set by the law that applies to you (typically 30 days; PPL allows a longer initial response window for certain requests).

10. Security

We protect personal data with administrative, technical and physical safeguards proportionate to the risk, including: encryption in transit (TLS) and at rest, least-privilege access controls, separation of customer data, multi-factor authentication for administrative access, audit logging, and a documented incident response process. No system is perfectly secure; we will notify you and the relevant supervisory authority of a personal data breach within the timelines required by GDPR (Art. 33-34) and PPL.

11. Automated decisions and AI

GPUPilot uses AI to assist analysis and produce suggested remediation. The AI is AI-assisted, not autonomous. Suggested remediations are not executed automatically; a human operator in your organisation reviews and approves any action. The AI does not make decisions that produce legal or similarly significant effects about you within the meaning of GDPR Art. 22.

12. Children

GPUPilot is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16.

13. Changes to this policy

If we materially change this policy we will notify account holders by email before the change takes effect, and update the “Last updated” date above. Continued use of the service after the effective date means you accept the updated policy.

14. Contact

Questions, requests, or complaints: computingIT@bynet.co.il. We aim to respond within five business days.

Document status. This policy reflects current practice and applicable law as we read it. It is provided for transparency, not as legal advice; the operative terms between you and Bynet are those in your subscription agreement (or, for the air-gap product, your separate written agreement). We expect to refine the named sub-processor list and the controlling legal entity following a formal counsel review.
← Back to GPUPilot

Start monitoring in 30 seconds

One kubectl. Read-only. Works on any NVIDIA GPU cluster on Kubernetes.

Book a demo