Privacy Policy
This Privacy Policy explains how Onyx Agent ("Onyx Agent", "we", "us") collects, uses, stores, and shares personal data when you use Onyx Network and related services. We respect your privacy and aim to collect only the data necessary to provide and improve our services.
1. Who is responsible for data processing?
The data controller is the operator of Onyx Agent listed in the Impressum. If you have privacy questions, contact hello@getonyxagent.com.
2. What data we collect
Depending on your interaction with our services, we may process:
- Account details (name, email, username, company name, LinkedIn URL)
- Recruiter and candidate data submitted through the platform (CVs, job descriptions, evaluations, interview notes)
- Contact information you voluntarily submit (for example email address, name, company, message)
- Basic technical request data (IP address, timestamp, browser information, request logs)
- Communication data, usage logs, device/browser metadata, and support interactions
- Security and abuse-prevention signals (rate limiting / failed requests where applicable)
- Recruiter-initiated candidate profile fields submitted through the Chrome Extension (for example full name, email, profile URL, headline, company, location, summary/about snippets, selected skills, and selected experience entries)
- Extension configuration settings stored locally in browser extension storage
We do not intentionally collect sensitive personal data unless you choose to provide it. AI-assisted screening does not use sensitive attributes such as age, gender, ethnicity, disability, or religion.
3. Why we process your data (purposes)
- Provide and secure the service, enable recruiting workflows and candidate pipeline operations
- Improve product performance and user experience
- Respond to access requests, inquiries, and provide support
- Prevent abuse and ensure platform security
- Comply with legal obligations
4. Customer data ownership
You retain ownership of data you submit. You grant Onyx Agent a limited license to process that data solely to provide, secure, and improve the service, and to satisfy legal obligations.
5. AI features
AI outputs are assistive and may contain errors. You are responsible for human review and final hiring decisions. You must not rely on AI output alone for legally significant decisions where law requires additional safeguards. AI-assisted screening does not use sensitive attributes such as age, gender, ethnicity, disability, or religion.
6. Data sharing
We may share data with trusted service providers (hosting, analytics, email, security, payments), legal authorities when required, and successors in corporate transactions. We do not sell personal data for monetary consideration.
7. Onyx Agent Chrome Extension Specific Notice
- The extension is designed for recruiter-initiated capture. Data capture is triggered by user action (for example clicking "Get Candidate Info" or "Send to Onyx").
- We do not provide unattended bulk crawling as a default behavior in this extension workflow.
- We do not collect recruiter passwords from third-party platforms through the extension.
- The extension does not execute remote code as part of its core operation.
- Captured profile data is sent to Onyx backend services only for recruitment workflow purposes under configured governance controls.
8. Legal bases (GDPR)
- Art. 6(1)(b) GDPR: pre-contractual steps (e.g. access request / product inquiry)
- Art. 6(1)(f) GDPR: legitimate interests (site security, fraud prevention, operational reliability)
- Art. 6(1)(c) GDPR: legal obligations (where applicable)
- Art. 6(1)(a) GDPR: consent (only when a consent-based feature is used)
9. Data location and international transfers
Your personal data is stored on servers located in Frankfurt, Germany (EU), protected under the General Data Protection Regulation (GDPR). All data remains within the European Union.
For users in Turkey: in compliance with KVKK (Kişisel Verilerin Korunması Kanunu), Article 9, cross-border data transfer to the EU is carried out with your explicit consent, obtained during account registration. You may withdraw this consent at any time by contacting us.
10. AI model improvement (optional consent)
During registration, you may optionally consent to your anonymized data being used to improve our AI models. This consent is entirely voluntary and does not affect your access to the platform.
- Only anonymized data is used — all personally identifiable information (name, email, phone, company names) is removed before any model training.
- You can withdraw this consent at any time by contacting hello@getonyxagent.com.
- If you do not consent, your data will only be used for the operational purposes described in this policy.
11. Hosting and service providers
We use hosting and infrastructure providers to deliver the website. These providers may process technical data (such as IP address and logs) on our behalf for hosting, CDN delivery, and security purposes.
Where processors are used, we seek appropriate contractual safeguards (including data processing agreements where required).
12. Cookies and analytics
At the landing-page stage, we prefer minimal tracking. If analytics or cookies are introduced later, this policy and any required consent controls will be updated before those features are enabled.
13. Data retention
We keep personal data only as long as necessary for the purposes listed above, including legal, operational, and security obligations. Inquiry and access-request records may be retained for follow-up and auditability, then deleted or anonymized when no longer needed.
Recruiter-initiated candidate records follow product governance retention and deletion controls in Onyx Network operational policy.
14. Security
We use technical and organizational safeguards such as access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure.
15. Your rights (GDPR & KVKK)
Depending on your jurisdiction (including the EU/EEA and Turkey), you may have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent at any time (where processing is based on consent)
Under KVKK (Turkey), you additionally have the right to learn whether your data is processed, request information about the purpose of processing, and request deletion or destruction of your data. To exercise any of these rights, contact hello@getonyxagent.com.
You may also lodge a complaint with a competent supervisory authority (in the EU) or with KVKK (Kişisel Verileri Koruma Kurumu) in Turkey.
16. Contact
For privacy requests or questions, contact hello@getonyxagent.com. We may need to verify your identity before processing certain requests.
17. Changes to this policy
We may update this policy as the product and website evolve. The latest version will be published on this page with an updated effective date.