LAST UPDATED 2026-06-03 // [email protected] // dynexiscloud.com
Dynexis is a full-service B2B cloud services agency. We architect, migrate, run, and improve the infrastructure that businesses depend on, and our work covers far more than any short list: cloud strategy and cost control, environment design, application and container builds, hybrid and multi-cloud integration, automation, workload migration, and round-the-clock managed operations, along with a wide range of related services shaped around each client. If it runs in the cloud, we tend to look after it.
Cloud work has its own way of dividing up who is responsible for what, and that division is the right place to start, because it explains everything that follows.
The Shared Responsibility Model
Cloud security and privacy are shared. The cloud provider is responsible for the security of the underlying platform: the physical data centres, the hardware, and the core services. The customer is responsible for what sits on top: the data, who can reach it, and how it is configured. Dynexis usually operates on the customer side of that line, taking on parts of the work that would otherwise fall to your team, such as setting up access controls, hardening configurations, and managing the environment day to day.
Knowing which side of the line a task sits on tells you who to hold responsible for a given piece of data. The next section makes that concrete.
Our Role and the Data Chain
There is a chain of parties here, and your rights depend on where a party sits in it.
For people who visit dynexiscloud.com, enquire about our services, or become clients, Dynexis decides how the data is used, so we are the controller. For the data inside a client’s cloud environment, the client is the controller; we act as its processor, working on its instructions. Beneath us sit the cloud providers themselves, such as AWS, Microsoft Azure, and Google Cloud, which act as sub-processors in that chain. We pass a client’s data to those providers only to run the services the client asked for, and they are bound by their own data protection terms.
Information We Collect When You Engage Us
When you use our enquiry form, request an assessment, or email us, we receive your name, business email, phone number, company, role, and the details you share about your infrastructure and goals, along with our correspondence. As you browse the site, we log ordinary technical data such as your IP address and rough location, device and browser type, the pages you open, and how you arrived. We use this to run and secure the site and to understand which content is useful, not to profile you.
Infrastructure Data We Process for Clients
This is where a cloud agency differs from most. We manage infrastructure, not your business’s content, and that distinction shapes what we actually handle. In the normal course of work we deal with operational data rather than the records inside your applications:
- Logs and telemetry from servers, networks, and services, which can contain IP addresses, user identifiers, and records of access
- Configuration and infrastructure-as-code definitions
- Identity and access management settings, including the accounts and roles that govern who can reach what
- Monitoring metrics, alerts, and cost and usage data
The personal data inside your databases and applications, the content your business runs on, generally stays within your environment, and we do not extract or use it for our own purposes. We touch it only where a specific task such as a database migration requires it, and then under your instruction.
Privileged Access and How We Constrain It
Running someone’s cloud means holding administrative access to it, and administrative access could in principle reach almost any data in the environment. We treat that power as something to limit rather than to enjoy. Our engineers work under least privilege, holding only the access a role needs and no more. Access is granted for specific work and removed when it ends. Strong authentication is required for every account that can reach a client environment, and our own administrative actions are logged so there is a record of who did what. We do not browse client data, and we access content only when a task genuinely calls for it.
Where Your Data Lives: Regions, Residency, and Sub-Processors
In the cloud, the physical location of data matters, and many of our clients have rules about where theirs may be held. We design environments to keep data in the regions a client specifies, so that residency requirements are met. The cloud providers we build on operate data centres in many countries and act as the sub-processors that store and process the data on our and the client’s behalf. We choose providers that hold recognised security and privacy certifications, and we configure regions and replication so that data does not move outside an agreed location without reason.
Backups, Replication, and Why Deletion Takes Time
Resilience depends on copies. We set up backups, snapshots, and replication across locations so that an outage does not become a loss. Honesty requires a note about what this means for deletion. When data is removed from a live system, copies can persist in backups and replicas until those rotate out on their normal schedule, which may take days or weeks. A deletion request is honoured in the live environment promptly, and the residual copies expire after that according to the backup retention we have set with the client. We do not restore deleted data from backups except to recover from an incident.
Encryption and Key Management
We encrypt data in transit and at rest as a standard part of how we build. Who holds the encryption keys is its own decision, and we make it deliberately with each client: keys may be managed by the cloud provider’s key service or held by the client directly, depending on the control they need. Where a client holds its own keys, there is data we cannot read at all, which is by design.
How We Use Data and Our Lawful Bases
Each kind of data has a defined use. Contact and enquiry data lets us respond and run engagements, and, with opt-in, send occasional updates that one click ends. Site data keeps the website working and secure. Infrastructure and operational data is used to run, monitor, secure, and improve the environments we manage. Where European law applies, our lawful bases include the performance of our contract with you, our legitimate interest in keeping infrastructure secure and efficient, a legal obligation where one applies, and consent where we rely on it. A new purpose not covered here gets a fresh basis or your agreement first.
AI and Automated Operations
We use AI to run cloud environments more efficiently: analysing usage to recommend cost reductions, predicting traffic to adjust capacity ahead of demand, spotting anomalies in performance baselines before they cause outages, and scanning configurations for security gaps and policy drift. These tools work on operational and metadata signals rather than the content of your applications, and they raise recommendations and alerts that our engineers act on. A consequential change is made or approved by a person. We do not use one client’s data to build models for another.
Security and Incident Response
Security is the core of cloud work, so we describe ours plainly rather than dress it up. We apply encryption, network segmentation, identity controls, and continuous monitoring, and we review and patch the environments we manage. Our own access is controlled and logged as described above. If a security incident affects data we are responsible for, we investigate and contain it without delay and support the client, as controller, in any duty to notify regulators or affected people within the required timeframes. No system is beyond compromise, and we will not claim ours is. Keep your own credentials strong and private, and tell us at once if you suspect a problem in an environment we run with you.
Cookies on Our Website
Our site uses a small set of cookies: necessary ones that run security and forms, analytics cookies that show in anonymised form how the pages perform, and preference cookies that remember simple settings. Your browser can block or delete them, and where consent is legally required for non-essential cookies, we ask first.
Data Retention
Contact and enquiry records stay with us for up to two years after your last interaction, then we remove them, unless a legal need extends that. Operational logs and telemetry are kept for the period set with the client and any applicable rule, often weeks to months, because investigating an incident depends on history. Infrastructure data and any working copies follow the engagement contract and are returned or deleted at its end, subject to the backup expiry described earlier. De-identified statistics that point to no individual may be kept without a fixed end date.
Your Rights
You can ask to access the data we hold on you, get a copy, correct it, delete it, restrict or object to its use, or withdraw a consent. Email [email protected] to begin, and we verify identity before acting. Two reminders that fit cloud work: if your data sits inside an environment we manage for your employer, that company is the controller and the request runs through it, with our support; and as explained above, deletion is immediate in live systems but residual backup copies expire on their normal schedule rather than instantly.
EEA, UK, and Switzerland
We process personal data on a lawful basis: a contract, our legitimate interest in secure and efficient operations, a legal obligation, or consent. Where we rely on consent, you can withdraw it at any time without affecting earlier processing. You may also complain to your national data protection authority.
California
Under the CCPA and CPRA you can request the categories and pieces of personal information we collected, ask for access, deletion, or correction, and opt out of any sale or sharing. We do not sell personal data, and using your rights will not get you treated differently.
International Transfers
Because cloud infrastructure and our providers operate worldwide, the United States included, personal data may be processed in a country other than your own, where the law may differ. This connects directly to the residency choices described earlier. For transfers that do occur, we apply recognised safeguards such as Standard Contractual Clauses or rely on an adequacy decision.
Children
This is a business service not directed to anyone under 16. We do not knowingly collect children’s data and will delete it if we find we have. A parent or guardian with a concern can write to [email protected].
Links to Other Sites
Our pages may link to platforms, documentation, or resources we do not operate. This policy ends at our boundary. Once you follow a link, that site’s own policy applies, so review it before sharing anything.
Changes to This Policy
We revise this policy as our services and the law change. The current version sits on this page with its date, and we make a reasonable effort to flag significant changes. Continuing to use the site after an update means the new version applies to you.
Contact
For any privacy question, request, or complaint, reach us directly.
Email: [email protected]
Website: dynexiscloud.com