Privacy Policy

This policy applies to Sernixa websites, local demos, SDKs, APIs, Command Center surfaces, documentation, and related support workflows. It does not replace customer privacy obligations for systems connected to Sernixa.

• -Account and organization information, such as name, email, role, organization, team, and identity-provider claims.
• -Governance data, such as approval IDs, decisions, policy settings, risk levels, delegation chains, action metadata, and audit events.
• -Technical data, such as API request metadata, SDK version, runtime identifiers, service identity references, logs, and diagnostic events.
• -Security evidence, such as replay reason codes, signature verification status, hash-chain verification results, and DLP or shadow-discovery events.

• -To provide the approval, governance, audit, delegation, and policy features customers request.
• -To verify identity, authorization, request signatures, nonces, and delegation scope.
• -To render review surfaces that explain proposed actions, enforced outcomes, blast radius, and evidence.
• -To maintain auditability, investigate suspicious activity, improve reliability, and support customer requests.

Sernixa may process raw or normalized model output when customers enable review surfaces such as Counterfactual Twin or Intervention Trace. These records are used to explain what the model proposed, what policy allowed, and what Sernixa enforced.

Customers should avoid sending unnecessary sensitive content. Where sensitive raw output is captured, access should be limited to authorized reviewers and auditors.

Sernixa does not sell personal information. Information may be shared with service providers, customer-authorized integrations, legal or security responders, or as required to provide and protect the services.

When customers connect collaboration tools, identity providers, agent frameworks, or observability systems, Sernixa may process the minimum metadata needed to route approvals, display evidence, verify access, or deliver notifications.

Sernixa is designed with layered controls including role checks, deterministic enforcement, signed envelopes, replay resistance, immutable audit records, and hash-chain verification. No system is risk-free, and customers should configure deployment, identity, and key management controls appropriate for their environment.

Governance and audit records may be retained for the period needed to provide evidence, satisfy customer audit requirements, resolve disputes, maintain security, or comply with law. Local demo data can be reset by the customer in their own environment.

• -Customers can configure policy settings, approval routing, auto-approval thresholds, and delegation constraints.
• -Authorized administrators can inspect audit history, policy history, export evidence, and revoke delegation tokens.
• -Customers can choose what systems, data classes, and agent runtimes are connected to Sernixa.

Sernixa is intended for business and developer use and is not directed to children under 16.

Depending on location, individuals may have rights to access, correct, delete, or restrict processing of certain personal information. Requests should be submitted through the customer organization or the Sernixa support channel where applicable.

Privacy questions can be directed to the Sernixa team through the contact channel listed in the relevant order form, workspace, or customer support process.