Privacy Policy
We respect your privacy and aim to collect as little personal data as possible at the landing-page stage. This policy explains what we collect, why we collect it, and your rights.
1. Who is responsible for data processing?
The data controller is the operator of Onyx Agent listed in the Impressum. If you have privacy questions, contact hello@getonyxagent.com.
2. What data we collect
Depending on your interaction with the site and extension, we may process:
- Contact information you voluntarily submit (for example email address, name, company, message)
- Basic technical request data (IP address, timestamp, browser information, request logs)
- Security and abuse-prevention signals (rate limiting / failed requests where applicable)
- Recruiter-initiated candidate profile fields submitted through the extension (for example full name, email, profile URL, headline, company, location, summary/about snippets, selected skills, and selected experience entries)
- Extension configuration settings stored locally in browser extension storage (for example selected project/job IDs and configured API base URL)
We do not intentionally collect sensitive personal data through this landing page unless you choose to send it to us.
3. Why we process your data (purposes)
- Respond to access requests and inquiries
- Operate and secure the website
- Measure basic site performance and reliability
- Comply with legal obligations
- Enable recruiter-initiated sourcing workflows and candidate pipeline operations
4. Onyx Agent Chrome Extension Specific Notice
- The extension is designed for recruiter-initiated capture. Data capture is triggered by user action (for example clicking "Get Candidate Info" or "Send to Onyx").
- We do not provide unattended bulk crawling as a default behavior in this extension workflow.
- We do not collect recruiter passwords from third-party platforms through the extension.
- The extension does not execute remote code as part of its core operation.
- Captured profile data is sent to Onyx backend services only for recruitment workflow purposes under configured governance controls.
5. Legal bases (GDPR)
- Art. 6(1)(b) GDPR: pre-contractual steps (e.g. access request / product inquiry)
- Art. 6(1)(f) GDPR: legitimate interests (site security, fraud prevention, operational reliability)
- Art. 6(1)(c) GDPR: legal obligations (where applicable)
- Art. 6(1)(a) GDPR: consent (only when a consent-based feature is used)
6. Data location and international transfers
Your personal data is stored on servers located in Frankfurt, Germany (EU), protected under the General Data Protection Regulation (GDPR). All data remains within the European Union.
For users in Turkey: in compliance with KVKK (Kişisel Verilerin Korunması Kanunu), Article 9, cross-border data transfer to the EU is carried out with your explicit consent, obtained during account registration. You may withdraw this consent at any time by contacting us.
7. AI model improvement (optional consent)
During registration, you may optionally consent to your anonymized data being used to improve our AI models. This consent is entirely voluntary and does not affect your access to the platform.
- Only anonymized data is used — all personally identifiable information (name, email, phone, company names) is removed before any model training.
- You can withdraw this consent at any time by contacting hello@getonyxagent.com.
- If you do not consent, your data will only be used for the operational purposes described in this policy.
8. Hosting and service providers
We use hosting and infrastructure providers to deliver the website. These providers may process technical data (such as IP address and logs) on our behalf for hosting, CDN delivery, and security purposes.
Where processors are used, we seek appropriate contractual safeguards (including data processing agreements where required).
9. Cookies and analytics
At the landing-page stage, we prefer minimal tracking. If analytics or cookies are introduced later, this policy and any required consent controls will be updated before those features are enabled.
10. Data retention
We keep personal data only as long as necessary for the purposes listed above, including legal, operational, and security obligations. Inquiry and access-request records may be retained for follow-up and auditability, then deleted or anonymized when no longer needed.
Recruiter-initiated candidate records follow product governance retention and deletion controls in Onyx Network operational policy.
11. Your rights (GDPR & KVKK)
Depending on your jurisdiction (including the EU/EEA and Turkey), you may have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent at any time (where processing is based on consent)
Under KVKK (Turkey), you additionally have the right to learn whether your data is processed, request information about the purpose of processing, and request deletion or destruction of your data. To exercise any of these rights, contact hello@getonyxagent.com.
You may also lodge a complaint with a competent supervisory authority (in the EU) or with KVKK (Kişisel Verileri Koruma Kurumu) in Turkey.
12. Contact
For privacy requests or questions, contact hello@getonyxagent.com. We may need to verify your identity before processing certain requests.
13. Changes to this policy
We may update this policy as the product and website evolve. The latest version will be published on this page with an updated effective date.