Legal

Privacy Policy

Last updated: March 2026 · Effective: March 1, 2026

Your privacy matters to us. This Privacy Policy explains what personal information Onyx AI collects, why we collect it, how we use it, and your rights in relation to it. We are committed to handling your data responsibly and transparently.

1. Who We Are

Onyx AI is an AI automation agency that builds custom AI voice agent systems and related automation services for businesses. References to "Onyx AI", "we", "us", or "our" in this policy refer to the company operating under the domain onyxautoai.com, with operations in Dubai, UAE and Chicago, USA.

For privacy-related inquiries, contact us at: [email protected]

2. What Information We Collect

We collect the following categories of personal data:

Category	What We Collect	How It's Collected
Contact Information	Name, email address, phone number, company name, city/country	Contact form, booking widget, direct email
Business Information	Industry, business size, current challenges, service requirements	Discovery call booking form, discovery calls
Voice Data	Voice recordings from calls handled by AI agents we deploy on behalf of clients	AI voice agent interactions
Usage Data	IP address, browser type, pages visited, time on site, referral source	Automatically via website analytics
Communications	Email correspondence, notes from calls, project-related messages	Direct communications with our team

3. How We Use Your Information

We use your personal data for the following purposes:

To deliver our services: Building, deploying, and maintaining AI voice agents and automation systems for clients
To respond to enquiries: Replying to messages, questions, and booking requests
To conduct discovery and sales calls: Understanding your business needs and determining how we can help
To send service communications: Booking confirmations, reminders, project updates, and invoices
To improve our services: Analysing how our AI agents perform and refining them based on real interactions
To comply with legal obligations: Maintaining records as required by applicable law

We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your consent.

4. Voice Call Recording & AI Processing

Our AI voice agents may record and transcribe telephone calls for the purposes of:

Booking appointments and logging call outcomes in CRM systems
Quality assurance and agent performance improvement
Generating call summaries for client business owners

Callers are informed that they are speaking with an AI system. Where required by local law (including UAE and US telecommunications laws), appropriate disclosures and consent mechanisms are implemented by the client operating the AI system. As a service provider, Onyx AI processes voice data on behalf of our business clients (as a data processor), and clients are responsible for ensuring their end-users are appropriately notified.

5. Legal Basis for Processing (GDPR & UAE PDPL)

Where applicable, we rely on the following legal bases for processing personal data:

Contract performance: Processing necessary to deliver our services to clients
Legitimate interests: Responding to enquiries, improving our services, and managing our business operations
Consent: For marketing communications, where we have obtained your explicit consent
Legal obligation: Compliance with applicable laws and regulations

6. Who We Share Data With

We may share your data with trusted third-party service providers who help us operate our business. These include:

Vapi — AI voice infrastructure and telephony
ElevenLabs — AI voice synthesis
Deepgram — Speech-to-text transcription
Anthropic / Google — Large language model processing
GoHighLevel — CRM and booking system
Supabase — Database infrastructure
n8n — Workflow automation orchestration
Stripe / Tap Payments — Payment processing

All third-party providers are contractually required to process data only as instructed and in accordance with applicable data protection laws. We do not share your personal data with any other third parties except as required by law or with your explicit consent.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law:

Client data: Retained for the duration of the service engagement and for 3 years after termination for legal and accounting purposes
Prospect & enquiry data: Retained for up to 2 years from last contact
Voice recordings: Retained for up to 90 days unless a longer period is required for service delivery or legal reasons
Website analytics: Retained in anonymised or aggregated form

8. Cookies & Analytics

Our website uses cookies and similar tracking technologies to understand how visitors use our site. This includes:

Essential cookies: Required for the website to function (e.g., session management)
Analytics cookies: Help us understand visitor behaviour in aggregate (e.g., pages visited, time on site)

You can control cookie settings through your browser. Note that disabling certain cookies may affect website functionality. We do not currently use advertising or retargeting cookies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you
Right of rectification: Request correction of inaccurate or incomplete data
Right of erasure: Request deletion of your data (subject to legal obligations)
Right to restrict processing: Request that we limit how we use your data
Right to data portability: Request your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. International Data Transfers

Onyx AI operates across the UAE and USA, and our third-party service providers may process data in various countries. Where personal data is transferred outside the UAE or EEA, we take steps to ensure appropriate safeguards are in place, including relying on adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include:

Encrypted data transmission (HTTPS/TLS)
Access controls and authentication for internal systems
Separate client data schemas in our database infrastructure
Regular security reviews of our third-party providers

No method of electronic transmission or storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

12. Children's Privacy

Our services are not directed at or intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. For significant changes, we will provide notice via email to active clients.

14. Contact & Complaints

If you have any questions, concerns, or complaints about how we handle your personal data, please contact us:

Email: [email protected]
Location: Dubai, UAE · Chicago, USA
Website: onyxautoai.com

If you are located in the UAE and believe your data protection rights have been violated, you may file a complaint with the UAE Data Office (uaedataoffice.ae). If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.