Privacy Policy | PeytonixAI

Core Principle

Privacy Is Built Into the Deployment Model

PeytonixAI is designed for regulated environments. In production deployments, customer evidence files are stored in customer-controlled cloud infrastructure, and customers control the associated regions, retention settings, encryption keys, and logging configurations. PeytonixAI may handle upload orchestration, validation, malware scanning, and metadata creation as part of delivering the service.

This policy applies to: Visitors to peytonixai.com, users of the PeytonixAI application, and customers, prospects, and support contacts. For customer-controlled infrastructure, this policy works alongside the applicable customer agreement and the deployment controls configured by the customer.

Data Collection

Information We Collect

Website Information

Website hosting and security infrastructure may generate logs such as IP address, browser or user-agent details, requested pages, referral source, and basic performance or interaction data used for website security, delivery, and service monitoring.

Sales & Demo Requests

If you request a demo or contact PeytonixAI through the website, we collect the information you submit, which may include your name, work email address, company name, current audit system, and timeline details.

Account & Identity Information

Name, work email address, organization name, role and access level, authentication identifiers (e.g., SSO subject ID). Authentication is typically handled through the customer's identity provider.

Application Metadata

Audit entities and hierarchies, control definitions, workpaper status, automated test definitions, execution history, exception and AI-review metadata, evidence references (object IDs, hashes, timestamps, and related metadata rather than the business purpose of the underlying file), access logs, and audit trails.

Support & Communications

Contact information, support messages, and troubleshooting metadata when you contact us for assistance.

Privacy Boundaries

Information We Do Not Collect

✓ We do not sell personal data
✓ We do not use customer data for advertising
✓ We do not use customer data to train PeytonixAI models or shared models without customer approval
✓ We do not monitor customer business data except as needed to operate, secure, support, or comply with legal obligations for the service
✓ We do not grant third parties access to customer data except as required to provide the service or comply with law

Customer evidence is intended to remain in customer-controlled storage. Depending on deployment and workflow, PeytonixAI may process file transfers, scan uploads for malware, or generate metadata needed to secure and operate the application. When AI features are enabled, prompts and outputs may be processed by the customer-selected provider under the customer's agreement with that provider.

Data Usage

How We Use Information

We use information only for the following purposes:

✓ Provide and operate the PeytonixAI platform
✓ Respond to demo requests, sales inquiries, and other communications
✓ Authenticate users and enforce access controls
✓ Maintain security and audit logging
✓ Provide customer support
✓ Improve system reliability and performance
✓ Meet legal and regulatory obligations

Your Control

Customer-Owned Infrastructure

For production deployments, customers control the core infrastructure boundaries for regulated data handling.

Evidence Storage

Customer-owned Amazon S3 buckets for all audit evidence files.

Encryption Keys

Customer-managed AWS KMS keys for encryption at rest.

CloudTrail & Logging

Customer-controlled audit logging and object access logging are part of the baseline deployment model.

Data Residency

Customer-selected regions and retention policies.

PeytonixAI accesses customer infrastructure only through explicit, customer-granted permissions configured for the deployment. Customers retain control over storage boundaries, keys, and logging within their environment.

Retention

Data Retention

✓ Website, demo-request, and support-contact data: retained as needed to respond to inquiries, operate the website, manage the relationship, and satisfy legal, security, and recordkeeping obligations
✓ Audit metadata, automated test records, and security logs: retained according to the deployment configuration, customer policy, and applicable legal or regulatory requirements
✓ Operational events: retained only as long as needed for security, troubleshooting, reliability, and compliance purposes
✓ Evidence files: retained and deleted according to customer-controlled policies in customer-owned systems

Upon Contract Termination

PeytonixAI handles return, deletion, or anonymization of provider-controlled data according to the applicable customer agreement and legal requirements. Customers retain control of their evidence storage, encryption keys, and related customer-managed resources.

Protection

Security Measures

PeytonixAI implements industry-standard security controls.

✓ Role-based and entity-level access controls
✓ Encryption in transit (TLS 1.2+)
✓ Encryption at rest using customer-managed keys
✓ Immutable audit logging
✓ Secure authentication and session handling
✓ Regular security testing and monitoring

Detailed security documentation is available to customers under NDA. See our Security page for more information.

Third Parties

Subprocessors & International Transfers

Subprocessors

PeytonixAI uses a limited number of subprocessors to support service delivery, including cloud infrastructure providers, monitoring and alerting services, and AI providers where enabled for a deployment. A current list of subprocessors is available through our trust and security review process.

Customer Runtime Data

In customer-hosted production deployments, application metadata is processed within the customer's configured runtime environment, and evidence files remain in customer-selected regions and accounts.

Website, Sales, and Support Data

Website, demo-request, sales, and support data may be processed in PeytonixAI-operated systems or by service providers used to operate the website and respond to inquiries. Where applicable, appropriate safeguards are applied for international transfers.

Your Rights

Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

✓ Access your personal information
✓ Request correction, export, or deletion
✓ Restrict or object to processing
✓ Request additional information about how your data is handled

Requests can be submitted via the contact information below. Requests related to website, demo-request, sales, and support data are handled by PeytonixAI. Requests related to customer-controlled runtime data are handled in coordination with the relevant customer organization and the applicable customer agreement.

Contact

Changes & Contact Information

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated effective date.

Privacy Questions

privacy@peytonixai.com

Security Team

security@peytonixai.com

Legal & DPA

legal@peytonixai.com