Privacy Policy

1. Information We Collect

Account Information: When you register, we collect your email address, name, and billing information. Payment processing is handled by Paymob; we do not store full credit card numbers.

Agent Data: OnyxWork collects agent execution logs, task inputs, outputs, and system prompts necessary for agent operation. This includes data your agents process on your behalf through integrations (Slack, GitHub, Jira, etc.).

Usage Data: We collect usage metrics including task counts, API calls, error rates, and feature adoption patterns to improve the Platform. This data is aggregated and anonymized where possible.

Communication Data: If you contact support, use our live chat, or subscribe to marketing emails, we collect your communication preferences and correspondence history.

Live Chat Data: When you initiate a live chat conversation, we collect the name and email address you provide, your message content, IP address, browser user agent, and referral source. This data is stored in our database and used to respond to your inquiry and, with your explicit consent, to send you relevant product updates and marketing communications.

Visitor Session Data: We collect anonymous session-level data including pages visited, referral source, UTM campaign parameters, and IP address. This data is not linked to your identity unless you subsequently identify yourself through live chat, account registration, or form submission.

2. How We Use Your Information

We use your information to: (a) operate, maintain, and improve the Platform; (b) process transactions and manage subscriptions; (c) provide customer support; (d) send service-related communications (billing, security, product updates); (e) enforce our Terms of Service; (f) comply with legal obligations.

We do not train AI models on your data. Agent execution data is used exclusively to provide the service to you and is not shared with third parties for model training.

3. Data Storage and Security

Customer data is stored in Supabase (PostgreSQL) with encryption at rest. All data in transit is encrypted via TLS 1.2+. Data is organized in tenant-isolated schemas with Row-Level Security enforcement, ensuring your data cannot be accessed by other customers. OnyxWork undergoes regular security assessments to maintain the integrity of our systems.

4. Data Retention

We retain your account data for the duration of your subscription plus 30 days. Agent execution logs are retained for 90 days for operational purposes, after which they may be aggregated or anonymized. Deletion of your account and associated data is a manual process to prevent accidental data loss. To request deletion, contact enterprise@onyxwork.dev. We will verify ownership, confirm the intent to delete, and complete the request within 30 days. Account deletion is irreversible and will remove all agents, logs, and configuration data.

5. Third-Party Services

OnyxWork integrates with third-party services you authorize (Slack, GitHub, Jira, HubSpot, etc.). Data shared with these integrations is governed by their respective privacy policies. Our subprocessors include database, hosting, caching, payment processing, and AI infrastructure providers. Each subprocessor is contractually obligated to maintain data protection standards.

6. Data Processing Agreement

OnyxWork acts as a data processor for customer data. Customers retain ownership and control of their data. OnyxWork processes data only in accordance with customer instructions as defined by the service configuration and integrations. If you require a Data Processing Agreement (DPA), contact enterprise@onyxwork.dev.

7. Your Rights

Depending on your jurisdiction, you may have rights including: access to your data, correction of inaccurate data, restriction of processing, data portability, and withdrawal of consent. Account deletion is handled through a manual verification process to prevent accidental data loss. To exercise these rights, contact enterprise@onyxwork.dev. We will respond within 30 days.

8. Legal Basis for Processing (Article 6 GDPR)

We process personal data under the following legal bases: (a) contract performance for service delivery, including agent provisioning, task execution, support, and account administration; (b) legitimate interest for security monitoring, abuse prevention, product analytics, and service improvement; (c) consent for marketing emails and optional lifecycle communications; and (d) legal obligation for billing records, tax records, fraud prevention, and regulatory compliance.

9. Automated Decision-Making (Article 22 GDPR)

OnyxWork AI agents perform automated processing on behalf of clients inside customer-configured workflows. Agents may recommend, draft, classify, route, or execute workflow steps according to the customer's instructions and approval rules. OnyxWork does not intentionally make decisions with legal or similarly significant effects about individuals without human oversight. Clients and affected individuals can request human review, contest an automated output, or ask for a manual escalation by contacting enterprise@onyxwork.dev.

10. Cookies and Local Storage

OnyxWork uses essential cookies for authentication and session management. We use a session identifier cookie to associate anonymous visitor activity with your account if you later identify yourself. We do not use third-party advertising or profiling cookies. Session cookies are strictly necessary for Platform operation.

11. Marketing Communications

We will only send you marketing emails if you have given explicit, affirmative consent (e.g., by checking the consent box in our live chat or opting in during registration). You may withdraw consent at any time by clicking the unsubscribe link in any marketing email, or by contacting enterprise@onyxwork.dev. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

12. Children's Privacy

OnyxWork is not intended for users under 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

13. International Data Transfers

Data may be processed in the United States and other jurisdictions where our infrastructure providers operate. By using the Platform, you consent to such transfers. Standard Contractual Clauses or equivalent safeguards are in place with our subprocessors where required by applicable law.

14. Breach Notification

In the event of a data breach affecting customer data, OnyxWork will notify affected customers within 72 hours of confirmation. Notification will include the nature of the breach, data affected, and remediation steps taken.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or platform notification at least 14 days before taking effect.

16. Contact

For privacy-related inquiries, data requests, or complaints, contact: OnyxWork Inc., enterprise@onyxwork.dev. We will respond to all inquiries within 30 days.

17. California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale or sharing of your personal information (we do not sell personal information); and (d) non-discrimination for exercising these rights. To exercise your rights, contact enterprise@onyxwork.dev.