Privacy Policy

This Privacy Policy explains how Onyx Labs (“we”, “us”) handles personal data in connection with Pulse. For account and billing data we act as a controller. For the data your organization enters into Pulse about its people and equipment, we act as a processor on your organization’s behalf.

Information we collect

• Account data — names, email addresses, hashed passwords, and roles.
• Organization content — the assets, licenses, people, and records you enter.
• Billing data — handled by Stripe; we store identifiers and subscription status, not full card numbers.
• Usage and logs — basic technical logs and an in-app activity trail.

How we use it

We use personal data to provide and secure the service, process payments, send transactional email (such as verification and password resets), respond to support requests, and meet legal obligations. We do not sell personal data, and we do not use your organization’s content to advertise.

Legal bases

Where applicable law (such as the GDPR) requires it, we rely on performance of our contract with you, our legitimate interests in operating and securing the service, your consent where requested, and compliance with legal obligations.

Sharing & subprocessors

We share data only with providers that help us run the service:

• Vercel — application hosting.
• Neon — database hosting.
• Stripe — payment processing.
• Resend — transactional email delivery.

We may also disclose data where required by law.

Retention

We keep account and organization data for as long as your account is active and for a reasonable period afterward, then delete or anonymize it unless we must keep it to meet legal obligations.

Security

We protect data with measures including encryption in transit, hashed passwords and tokens, and per-organization access controls. No system is perfectly secure, but we work to protect your information.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. For data your employer manages in Pulse, contact your organization’s administrator; we will assist them as the processor. To exercise rights regarding account data, email privacy@onyx-labs.io.

International transfers

Our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards for those transfers.

Cookies

We use strictly necessary cookies to keep you signed in and to operate the service. We do not use advertising cookies.

Children

Pulse is intended for businesses and is not directed to children under 16.

Changes

We may update this policy and will note the effective date above. Material changes will be communicated.

Contact

Questions about privacy? Email privacy@onyx-labs.io.