Privacy Policy

1. Who We Are

Onyx is provided by [legal company name] ("Onyx," "we," "us," or "our"). Onyx helps professional firms ingest documents, read and classify workpapers, reconcile accounting records, prepare draft work product, and package review-ready outputs for authorized users.

2. Scope

This policy applies to the Onyx application, related websites, support channels, integrations, and services. It does not apply to services operated by third parties, including Intuit, QuickBooks, or other systems that a customer chooses to connect to Onyx. Those third-party services are governed by their own terms and privacy policies.

3. Information We Collect

We collect information that customers provide, information generated through use of Onyx, and information received from connected services that a customer authorizes.

• Account and contact information: names, business names, job titles, email addresses, phone numbers, billing contacts, support communications, and user roles.
• Customer content: documents, spreadsheets, PDFs, scans, email exports, accounting workpapers, notes, rules, classifications, reconciliation decisions, and other files or data submitted to Onyx.
• QuickBooks and Intuit data: when authorized by the customer, Onyx may access QuickBooks company information, chart of accounts, transactions, invoices, bills, customers, vendors, items, reports, attachments, metadata, and other data within the specific scopes approved by the customer through Intuit's authorization flow.
• Usage and diagnostic data: log data, workflow events, feature use, error reports, device and browser information, IP address, timestamps, and integration status.
• Payment information: if applicable, billing details and payment status. Payment card data is processed by our payment processor and is not stored directly by Onyx unless expressly stated in a separate agreement.

4. How We Use Information

We use information to provide, secure, improve, and support Onyx. This includes:

• importing, parsing, classifying, reconciling, and preparing customer-authorized work product;
• connecting to QuickBooks and other approved systems at the customer's direction;
• maintaining audit trails, review queues, approval history, and source-document traceability;
• providing support, troubleshooting, security monitoring, and service communications;
• administering subscriptions, billing, contracts, and compliance obligations;
• improving Onyx features, accuracy, reliability, and performance; and
• complying with law, enforcing agreements, and protecting customers, Onyx, and third parties.

5. QuickBooks Data and Customer Authorization

Onyx accesses QuickBooks data only after an authorized user grants access through Intuit's authorization process. Customers control which QuickBooks companies are connected and may revoke access through Intuit, QuickBooks, or Onyx settings where available. Onyx uses QuickBooks data only to provide customer-requested accounting, reconciliation, reporting, workflow, and review functions.

6. AI and Model Use

Onyx may use automated processing, retrieval, OCR, classification, and AI-assisted drafting to produce suggested outputs. Customer content and QuickBooks data are used to provide and improve the customer's own Onyx workflows. We do not sell customer content or QuickBooks data. We do not use customer content or QuickBooks data to train third-party foundation models unless the customer has expressly authorized that use in writing.

7. How We Share Information

We share information only as needed to operate Onyx, comply with obligations, or follow customer instructions. We may share information with:

• Customer-authorized users: administrators, reviewers, staff, or other users within the customer's organization.
• Service providers: vendors that help us host, secure, support, monitor, or process the service under confidentiality and data-protection obligations.
• Connected services: Intuit, QuickBooks, and other systems when the customer directs Onyx to exchange data with those services.
• Legal and safety recipients: courts, regulators, law enforcement, or other parties when required by law or necessary to protect rights, security, and service integrity.
• Business transfers: parties involved in a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

We do not sell personal information or QuickBooks data.

8. Security

We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, and alteration. These safeguards may include access controls, encryption in transit, least-privilege permissions, logging, backup controls, and separation of customer environments where applicable. No system is perfectly secure, and customers are responsible for maintaining strong credentials, user permissions, endpoint security, and secure configuration of connected services.

9. Data Location and Deployment Model

Onyx may be deployed on customer-controlled infrastructure, cloud infrastructure, or a hybrid environment depending on the customer's agreement and configuration. The specific deployment model may affect where customer content is processed and stored. Customer-specific deployment commitments, if any, are stated in the applicable order form, statement of work, or written agreement.

10. Retention

We retain information for as long as needed to provide Onyx, comply with legal obligations, resolve disputes, maintain security, and enforce agreements. Customers may request deletion or export of customer content as described in their agreement or by contacting us. Some information may remain in backups, audit logs, or legal records for a limited period where deletion is not immediately practicable or legally required.

11. Customer Controls and Choices

Customers can manage users, roles, connected companies, and certain retention or workflow settings through Onyx or connected-service settings where available. Customers may revoke Intuit or QuickBooks access through the applicable Intuit or QuickBooks account controls. Individuals may contact us to request access, correction, deletion, or other privacy rights where required by applicable law.

12. Confidentiality

We treat customer content, QuickBooks data, and non-public business information as confidential. We use those materials only to provide Onyx, comply with customer instructions, or fulfill legal and contractual obligations.

13. Children

Onyx is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from children under 13 or any higher age threshold required by applicable law.

14. International Users

Information may be processed in the United States or other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date above indicates when this policy was last updated. Material changes will be communicated by reasonable means, such as posting an updated policy or providing notice through Onyx.

16. Contact

Questions or requests about this Privacy Policy may be sent to:

[legal company name]
[mailing address]
Privacy: [privacy email]
Support: [support email]