Privacy Policy

This Privacy Policy describes how we collect, use, and protect information in connection with the Atlas platform and related services. Atlas is a product under OnyxLabs, a brand operated by Onyx Management, LLC (“we”, “us”, or “our”). Atlas is a structured AI assessment platform for private equity.

1. Information Collection

We collect information in the following categories:

• Engagement documents: Strategy documents, operational materials, financial data, and other files provided by the client for assessment purposes.
• Interview transcripts: Audio recordings and transcriptions of stakeholder interviews conducted during assessments, processed via secure transcription services.
• AI-generated content: Analysis outputs, findings, and deliverables produced by the Atlas platform during an engagement.
• Metadata: Document metadata, timestamps, user activity logs, and system telemetry necessary for platform operation and security.
• Contact and lead information: Name, email address, company, job title, and phone number submitted through our contact form or during engagement onboarding.

2. Cookies

We use three categories of cookies:

• Strictly necessary cookies: Required for basic site functionality, authentication, and security. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with the website. These are only set with your consent.
• Functional cookies: Remember your preferences and settings across visits. These are only set with your consent.

You can customize your cookie preferences at any time using the cookie settings available in the site footer.

3. How We Use Information

Information collected during an engagement is used solely for producing strategy assessment deliverables for the client that commissioned the engagement. Specifically:

• Engagement data is processed exclusively within the scope of that engagement.
• Client data is never used across engagements, shared between clients, or used for purposes other than the commissioned assessment.
• Contact information is used to communicate with you regarding your inquiry or engagement.
• Metadata and telemetry are used for platform security, performance monitoring, and error resolution.

4. AI Processing Disclosure

Atlas uses artificial intelligence to process engagement data and produce analysis outputs. The following AI services are used:

• Anthropic Claude API: Used for structured analysis, synthesis, and generating assessment deliverables from engagement documents and transcripts.
• Deepgram: Used for transcribing audio recordings of stakeholder interviews.

Your data is not used to train, fine-tune, or improve any AI models. All AI processing is performed via API calls governed by data processing agreements with each provider. Outputs are reviewed by a forward-deployed engineer before delivery.

5. Information Sharing

We do not sell, rent, or trade your information. We share information only with service providers who are necessary for platform operation, and only under data processing agreements that restrict their use of the data to the services they provide to us.

We may disclose information if required by law, regulation, legal process, or governmental request.

6. Third-Party Services

Atlas relies on the following third-party services for platform operation:

• Anthropic: AI analysis and content generation via the Claude API.
• Deepgram: Audio transcription for interview recordings.
• Sentry: Error monitoring and application performance tracking.
• Supabase: Database hosting, authentication, and file storage.

Each provider operates under a data processing agreement. We evaluate the security practices of our providers and select services that meet our standards for data protection.

7. Data Security

We implement the following security measures to protect your information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS.
• Encryption at rest: Engagement data and documents are encrypted at rest in our database and storage systems.
• Password security: User passwords are hashed using bcrypt and are never stored in plaintext.
• Role-based access control: Access to engagement data is restricted by role, ensuring only authorized personnel can view or modify specific materials.
• Audit logging: All access to engagement data is logged for security review and compliance purposes.

8. International Data Transfers

Atlas infrastructure is hosted on cloud services located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

For transfers of personal data from the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as applicable.

9. Data Retention

Engagement data is retained for the duration of the engagement. Upon completion:

• All engagement data is exportable by the client in standard formats.
• Engagement data is purged from Atlas systems after the engagement concludes, unless the client requests an extension.
• Contact information submitted through our website is retained for the purpose of responding to inquiries and is deleted upon request.

10. User Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Under GDPR (EEA residents)

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object to processing

Under CCPA (California residents)

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@onyxlabs.ai.

11. Children's Privacy

Atlas is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information.

12. Data Processing Addendum

Scope: Atlas processes Client Data as a data processor on behalf of the client (data controller). Processing is performed solely to produce engagement deliverables as defined in the service agreement.

Sub-processors:

• Anthropic (Claude API) — AI analysis of engagement data
• Deepgram — Audio transcription of interview recordings
• Supabase — Database hosting and document storage (US-West)
• Sentry — Error monitoring (anonymized metadata only)

Data location: All engagement data is stored in the United States (Supabase US-West region).

Security measures: See our Security page (§1–7) for details on encryption, access controls, and infrastructure security.

Breach notification: In the event of a personal data breach, Atlas will notify the affected client within 72 hours in accordance with GDPR Article 33.

Data return & deletion: All engagement data is exportable via the platform and purged post-engagement in accordance with the configured retention policy.

Audit rights:Clients may request documentation of Atlas's security practices and sub-processor arrangements.

A standalone Data Processing Agreement is available upon request. Contact privacy@onyxlabs.ai for execution.

13. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

• General inquiries: hello@onyxlabs.ai
• Privacy-specific inquiries: privacy@onyxlabs.ai