Privacy Policy

What we collect

When you register for Netway, we collect:

• Your email address
• Your AWS account ID and region (used to associate your deployment)
• Aggregated traffic summaries sent by the Netway Lambda — grouped by resource, AZ, and destination type with byte totals, not raw packet data or IP-level logs
• Findings generated by Netway server-side analysis — traffic pattern names, resource identifiers, and estimated savings

How we use it

We use collected data to:

• Deliver the Netway service — validate your API key, store and display your findings
• Send you product updates and support communications
• Improve detection accuracy over time using aggregated, anonymized data

We do not sell your data to third parties.

Data sharing

We do not sell, rent, or share your personal data or scan findings with any third party for commercial purposes.

Data is shared only in the following limited circumstances:

• AWS infrastructure: Account and findings data is stored and processed on Amazon Web Services (ap-south-1). AWS acts as a data processor under our control and is bound by their data processing terms.
• Legal obligations: We may disclose data if required to do so by law or in response to a valid legal request from a competent authority.
• Your explicit consent: For any other sharing, we will ask for your consent first.

Data storage

Account and findings data is stored on Amazon Web Services infrastructure in the ap-south-1 (Mumbai) region. All data is encrypted at rest using AES-256 encryption on encrypted EBS volumes. All data in transit between your browser, the Netway Lambda, and our servers is encrypted using TLS 1.2 or higher.

Data retention

While your account is active: scan findings, topology data, compliance history, and cost findings are retained for up to 365 days from the date they were collected. Data older than 365 days is automatically purged. This retention window enables annual PCI-DSS and SOC2 audit evidence covering a full calendar year.

After account cancellation or deletion request: all account data — including findings, topology snapshots, compliance history, and personal information — is permanently deleted within 30 days. You will retain access to your dashboard during this window to export any data you need.

To request immediate deletion, see Your rights below.

Data backup

Your data is backed up daily to encrypted, geographically redundant storage. Backups are retained for 30 days and are used solely for disaster recovery — they are not accessible to Netway staff for any other purpose, and are subject to the same encryption and access controls as production data. In the event you request account deletion, all associated backup copies are also purged within the 30-day deletion window.

Cookies

The Netway dashboard uses session cookies only for authentication. We do not use tracking or advertising cookies.

Your rights

You have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Correction: request that inaccurate data be corrected.
• Deletion: request deletion of your account and all associated data. We will permanently delete all your data within 30 days of your request (see Data retention above).
• Portability: request your findings data in a machine-readable format (JSON).
• Opt-out of marketing email: use the unsubscribe link in any email we send, or contact us directly.

To exercise any of these rights, email support@basavytix.com. We will acknowledge your request within 2 business days.

If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority. If you are a California resident (CCPA), you have the right to know what personal data we collect, request deletion, and opt out of the sale of personal data — we do not sell personal data.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users by email for material changes. The date at the top of this page reflects the most recent update.