Privacy Policy
Last updated: 2026-06-26This policy describes how the GPUPilot service handles personal data. It is written to satisfy the Israeli Protection of Privacy Law as amended (PPL, Amendment 13 effective 14 August 2025), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act as amended by the CPRA (CCPA / CPRA), whichever applies to you.
1. Who we are (data controller)
GPUPilot is delivered by Bynet (Israel). Bynet is the controller for personal data described in this policy. For any privacy question, data-subject request, or breach notification, contact us at computingIT@bynet.co.il.
Bynet operates GPUPilot in partnership with Altostratus. Where required by counsel, this section will be updated to reflect the precise contracting legal entity.
2. Two deployment models, two data flows
How your data flows depends on which version of GPUPilot you are using:
2.1 Connected clusters (managed)
When you install the GPUPilot agent in a connected mode, the agent makes outbound HTTPS calls to the GPUPilot service to stream cluster telemetry. That telemetry is stored, analysed, and surfaced in the GPUPilot dashboard. This is the data flow described in sections 3-6 below.
2.2 Air-gapped clusters (on-premises / sovereign)
When you install the GPUPilot air-gap variant, the entire GPUPilot stack (agent, API, AI model endpoint, database) runs inside your perimeter. No cluster telemetry leaves your network. Bynet does not see, host, or receive a copy of that telemetry. In this deployment, Bynet acts only as a software provider, and you are the controller for the data the in-perimeter stack processes. This policy describes the connected service; the air-gap deployment is governed by the separate written agreement that accompanies it.
3. What we collect (connected deployment)
3.1 From your Kubernetes cluster (cluster telemetry)
The GPUPilot agent collects observability data needed to detect and diagnose GPU faults:
- Node state, pod specs and status, Kubernetes events.
- GPU telemetry exposed by DCGM (utilization, temperature, power, XID error codes, ECC counters, row remaps, PCIe replays, NVLink bandwidth, clock states).
- Network fabric counters (InfiniBand and Ethernet port state) when the fabric feature is enabled.
- Host pressure metrics (CPU, memory, I/O) when enabled.
- Tailed container logs only for failing pods, used to surface the proximate error.
3.2 From you (account data)
- Email address (used for authentication and account communication).
- IP addresses you log in from, when used as an access-control allow-list you configure.
- An optional API key for a third-party AI provider (your “Bring Your Own Key”), stored encrypted at rest. We use it only to call the AI provider you selected, on your behalf.
- Account preferences (notification channels, retention windows, alert thresholds, NOC opt-in).
3.3 What we do not collect
- Values of Kubernetes Secrets (only Secret names are indexed; the agent role does not grant read access to Secret data).
- Your application source code.
- End-user data inside your workloads (we do not introspect application payloads).
- Pod environment variables, mounted secret volumes, or in-cluster credentials.
- Marketing identifiers or cross-site tracking. We do not run advertising trackers on this site.
4. Marketing site cookies and analytics
On the GPUPilot marketing site (the page you are reading), we use a single optional analytics cookie:
- Google Analytics 4 (cookie names:
_ga,_ga_*) with IP anonymisation enabled. Used to count visits and aggregate page popularity. Not used for advertising, retargeting, or profile building.
This cookie is not set until you click Accept on the cookie banner. If you click Reject, or take no action, no analytics scripts load. Your choice is stored locally in your browser only. You can change it at any time by clearing site data and reloading.
Strictly necessary cookies (such as a logged-in session for the GPUPilot dashboard) are not subject to consent under ePrivacy and PPL guidance, and are only set once you sign in.
5. Why we process this data (legal basis)
| What | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Cluster telemetry | Provide the service you contracted us to provide | Performance of a contract |
| Account email and credentials | Authentication, security, support, billing communication | Performance of a contract |
| BYOK encrypted API key | To call the AI provider you instructed us to call | Performance of a contract |
| Marketing-site analytics | Understand how the site is used | Consent (you click Accept) |
| Security logs, abuse detection | Protect the service and other customers | Legitimate interests |
6. Sub-processors
We use the following categories of sub-processor to deliver the connected service. The current named sub-processor list is available on request from computingIT@bynet.co.il and will be published here when finalised.
- Cloud hosting provider — for hosting the GPUPilot service, with data stored in encrypted form.
- Authentication provider — for sign-in and identity.
- AI model provider(s) — for the default AI analysis (when you have not configured a Bring-Your-Own-Key or a self-hosted model). Each AI provider’s own privacy terms apply to the prompts and context we send it. You can switch to your own AI provider key at any time from Settings.
- Bynet NOC (opt-in only) — if you enable NOC alerting, critical findings (XID errors, ECC double-bit errors, sustained node-down events) are forwarded to the Bynet Network Operations Centre so a human can reach you on your registered escalation channel. NOC is off by default.
We will give you reasonable prior notice (typically via email to the account holder) before adding or replacing a sub-processor that materially changes how data is handled, so you can object if you wish.
7. Where data is stored and for how long
Data for the connected service is stored in encrypted form within reputable cloud infrastructure. We logically isolate each customer’s database. Default retention windows:
- GPU and host metrics: 30 days
- Kubernetes events: 30 days
- Tailed container logs from failing pods: 7 days
- Raw ingest snapshots: 24 hours
- Investigation memory (semantic summaries): 30 days
- Account record and audit log: until you close the account, then deleted within 30 days (some security/audit log entries may be retained where required by law).
You can lower retention from Settings. On account closure, the per-customer database is dropped within 30 days; encrypted backups roll off on their normal cycle. For air-gap deployments, retention is whatever you configure inside your perimeter.
8. International data transfers
If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in countries outside your region (including Israel, which is the subject of an EU adequacy decision, and the United States, where applicable safeguards such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses apply to our sub-processors). Where required, we put in place appropriate safeguards before transferring personal data outside the EEA.
9. Your rights
You have rights over your personal data. The specific rights you can exercise depend on the law that applies to you, but they generally include:
- Access — ask us what personal data we hold about you and get a copy.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data, subject to legal retention obligations.
- Restriction and objection — ask us to limit certain processing or to stop processing based on legitimate interests.
- Portability (GDPR / PPL) — receive your data in a structured, machine-readable form.
- Withdraw consent — where we rely on your consent (such as marketing-site analytics), you can withdraw it at any time without affecting prior processing.
- Right to know / right to delete / right to opt-out of sale or sharing (CCPA / CPRA, for California residents). We do not sell or share personal data for cross-context behavioural advertising.
- Lodge a complaint with your supervisory authority (in Israel: the Privacy Protection Authority; in the EEA: your local Data Protection Authority).
To exercise any of these rights, email computingIT@bynet.co.il. We respond within the deadline set by the law that applies to you (typically 30 days; PPL allows a longer initial response window for certain requests).
10. Security
We protect personal data with administrative, technical and physical safeguards proportionate to the risk, including: encryption in transit (TLS) and at rest, least-privilege access controls, separation of customer data, multi-factor authentication for administrative access, audit logging, and a documented incident response process. No system is perfectly secure; we will notify you and the relevant supervisory authority of a personal data breach within the timelines required by GDPR (Art. 33-34) and PPL.
11. Automated decisions and AI
GPUPilot uses AI to assist analysis and produce suggested remediation. The AI is AI-assisted, not autonomous. Suggested remediations are not executed automatically; a human operator in your organisation reviews and approves any action. The AI does not make decisions that produce legal or similarly significant effects about you within the meaning of GDPR Art. 22.
12. Children
GPUPilot is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16.
13. Changes to this policy
If we materially change this policy we will notify account holders by email before the change takes effect, and update the “Last updated” date above. Continued use of the service after the effective date means you accept the updated policy.
14. Contact
Questions, requests, or complaints: computingIT@bynet.co.il. We aim to respond within five business days.