Privacy & Security Architecture
Privacy is not our policy.
It is our architecture.
We designed ALPIX around one principle: your operational data belongs to you, exists on your infrastructure, and is inaccessible to anyone — including us.
AES-256 encrypted · On-premise · Zero egress · No ALPIX access by design
Security Design Principles
Five architectural guarantees.
Not five promises.
On-Premise by Design
The agent installs entirely within your infrastructure. No cloud dependency. No SaaS data pipeline. Your servers. Your network. Your environment.
AES-256 Encryption at Source
Data is encrypted using AES-256 on the endpoint before it is written to the data store. The encryption key is generated during deployment and held exclusively by the client.
Zero ALPIX Access
ALPIX software does not include telemetry, data transmission, or remote access capability. Our engineers cannot access your workflow data. There is no support backdoor. By architecture.
Client-Owned Dataset
The data store is yours. The encryption keys are yours. When ALPIX is removed, the dataset remains. There is no lock-in through data custody. Ownership is structural.
European Compliance Alignment
Built for GDPR and Swiss LPD from the ground up. Works council templates, employee notification documentation, DPAs, and retention policy guidance included.
Technical Data Flow
Where data goes.
Where data stops.
ALPIX infrastructure
Receives: None · Sees: None · Stores: None
Regulatory Alignment
Designed for European data sovereignty.
Deployments structured as internal data processing operations under the client's data controller authority. Standard DPIA template, DPA, and retention schedule provided. No cross-border transfer of personal data.
Fully aligned with the revised Swiss Federal Act on Data Protection. On-premise deployment eliminates the primary cross-border data flow compliance complexity faced by cloud-based tools.
ALPIX provides structured employee communication: notification templates, information materials, and FAQ documentation for employee representatives and HR.
Architecture aligns with ISO 27001 information security controls. Compatible with existing enterprise security policies, endpoint management systems, and information classification frameworks.
Security Team FAQ
Questions IT and security teams ask us.
Does the ALPIX agent require internet connectivity?
No. The agent operates entirely within the local network. Internet access is not required for capture, encryption, or storage. Remote management is handled through the local admin console.
Can ALPIX see our data from its infrastructure?
No. There is no network connection between your deployment and ALPIX infrastructure. The product is designed so that this connection cannot exist. We do not have a support access mechanism into client environments.
What happens if we remove ALPIX?
The agent uninstalls via standard enterprise software management. The encrypted data store remains intact on your infrastructure. You retain all data. ALPIX retains nothing.
How does the agent affect endpoint performance?
Typical CPU overhead is under 1%. Memory footprint is under 50MB. The agent operates at system process priority and does not interfere with user applications.
What network ports and protocols does the agent use?
The agent communicates only on the local network using TLS 1.3 encrypted channels to the on-premise data store. No external network connections are initiated. Full network specification provided during technical scoping.
Can we audit what the agent captures?
Yes. The admin console provides full capture scope visibility. Administrators can audit capture settings, inclusion/exclusion rules, and data store contents at any time.