Onyx Labs

Privacy Policy

Last updated June 3, 2026

This Privacy Policy explains how Onyx Labs (“we”, “us”, “our”) collects, uses, and discloses personal information in connection with our products, Pulse and Vibe (the “Service”). Onyx Labs operates from California, United States. For account and billing information we act as a business/controller. For the information your organization enters into the Service about its people and equipment, we act as a service provider/processor on your organization’s behalf, and that organization’s own privacy policy governs.

Information we collect

  • Identifiers & account data — names, email addresses, hashed passwords, roles, and organization details.
  • Organization content — the assets, licenses, people records, monitored services, and related data you enter.
  • Commercial & billing data — subscription plan, status, and billing identifiers. Card details are handled by Stripe; we do not store full card numbers.
  • Internet/usage & device data — technical logs, IP address, browser/device information, and an in-app activity trail.
  • Communications — messages you send us for support or other inquiries.

We collect this information directly from you and your Authorized Users, automatically as you use the Service, and from service providers such as our payment processor.

How we use information

We use personal information to provide, secure, and improve the Service; authenticate users and prevent fraud or abuse; process payments and manage subscriptions; send transactional messages (such as verification, password resets, and billing receipts); respond to support requests; and comply with legal obligations. We do not use your organization’s content to advertise.

We do not sell or share your personal information

We do not sell personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under California law. We have not done so in the preceding 12 months. We do not use or disclose sensitive personal information beyond the purposes permitted by law.

Disclosure & subprocessors

We disclose personal information only to service providers that help us operate the Service, under contracts that limit their use of it:

  • Vercel — application hosting.
  • Neon — database hosting.
  • Stripe — payment processing.
  • Resend — transactional email delivery.

We may also disclose information to comply with law, enforce our agreements, or in connection with a merger, acquisition, or sale of assets (with notice where required).

Your California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know & access — the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of recipients.
  • Delete — request deletion of personal information we collected, subject to legal exceptions.
  • Correct — request correction of inaccurate personal information.
  • Opt out — of the sale or sharing of personal information. (We do not sell or share, so there is nothing to opt out of.)
  • Limit — the use of sensitive personal information. (We do not use it beyond permitted purposes.)
  • Non-discrimination — we will not discriminate against you for exercising these rights.

To exercise these rights, email privacy@onyx-labs.io. We will verify your request using the information associated with your account and respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf with proof of authorization. If your information is managed by your employer in the Service, please contact your organization’s administrator; we will assist them as the service provider. We also honor recognized browser opt-out preference signals such as Global Privacy Control (GPC) where applicable.

Shine the Light. California Civil Code §1798.83 permits California residents to request information about disclosures of personal information to third parties for their direct-marketing purposes. We do not make such disclosures.

Rights for other regions (GDPR/UK)

Where laws such as the EU/UK GDPR apply, you may have rights to access, correct, export, delete, object to, or restrict processing of your personal data, and to withdraw consent. Where required, we rely on performance of our contract with you, our legitimate interests in operating and securing the Service, your consent where requested, and compliance with legal obligations as our legal bases. To exercise these rights, email privacy@onyx-labs.io.

Retention

We keep account and organization data for as long as your account is active and for a reasonable period afterward, then delete or anonymize it unless we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Security

We protect personal information with measures including encryption in transit, hashed passwords and tokens, per-organization access controls, and least-privilege database access. No system is perfectly secure, but we work to protect your information and will notify you of breaches as required by law.

International transfers

Our service providers may process data in countries other than yours. Where required, we rely on appropriate safeguards, such as standard contractual clauses, for those transfers.

Cookies & tracking

We use strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising cookies and do not track you across third-party websites.

Children

The Service is intended for businesses and is not directed to children under 16, and we do not knowingly collect personal information from them.

Changes

We may update this policy and will revise the “Last updated” date above. We will provide additional notice of material changes as required by law.

Contact

Questions or privacy requests? Email privacy@onyx-labs.io. Shahoian Company, LLC, doing business as Onyx Labs, is the entity responsible for personal information processed through the Service.