Privacy Policy
Last updated: January 15, 2026 · Effective: January 15, 2026
Onyx Media ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.
Information We Collect
1.1 Information You Provide
When you contact us, request a quote, or submit a form on our website, we collect personal information such as your name, email address, phone number, company name, and details about your project. This information is used solely to respond to your inquiries and deliver our services.
1.2 Automatically Collected Information
When you visit our website, we automatically collect certain technical information including your IP address, browser type and version, pages visited, time spent on pages, referring URLs, and device information. This data helps us understand how visitors interact with our site and improve user experience.
1.3 Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience. These include essential cookies (required for site functionality), analytics cookies (to understand usage patterns), and preference cookies (to remember your settings). You can control cookie preferences through your browser settings or our Cookie Preference Center.
How We Use Your Information
2.1 Service Delivery
We use your information to provide, operate, and improve our services — including responding to inquiries, delivering project work, sending project updates, and processing payments. Your data enables us to deliver the high-quality digital experiences our clients expect.
2.2 Communication
With your consent, we may send you newsletters, case studies, service updates, and promotional content. You can unsubscribe at any time via the link in any email or by contacting us directly. We never send unsolicited bulk emails.
2.3 Analytics & Improvement
We analyze aggregated, anonymized usage data to understand how our website performs, which content resonates with visitors, and where we can improve. This analysis never involves sharing individual user data with third parties.
Data Sharing & Third Parties
3.1 No Data Selling
We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their marketing purposes. Your data is not a product — it is a responsibility we take seriously.
3.2 Service Providers
We work with carefully vetted third-party service providers who assist in operating our website and delivering services (e.g., cloud hosting, payment processing, email delivery). These providers are contractually obligated to handle your data securely and only for the specific purpose we engage them.
3.3 Legal Requirements
We may disclose your information when required by law, court order, or governmental authority. In such cases, we will notify you to the extent permitted by law before disclosing any information.
Data Security
4.1 Technical Safeguards
We implement industry-standard security measures including HTTPS/TLS encryption for all data transmission, AES-256 encryption for data at rest, secure API authentication via OAuth 2.0 and JWT tokens, and regular security audits. Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance.
4.2 Access Controls
Access to personal data is restricted on a need-to-know basis. All team members with data access undergo security training and are bound by confidentiality agreements. We conduct regular reviews of access permissions and revoke them immediately upon role changes.
4.3 Incident Response
In the event of a data breach, we commit to notifying affected individuals within 72 hours of discovery, in accordance with GDPR requirements. We maintain a documented incident response plan and conduct regular breach simulation exercises.
Your Rights
5.1 Access & Portability
You have the right to request a copy of all personal data we hold about you, in a structured, machine-readable format. Submit a Subject Access Request via email and we will respond within 30 days.
5.2 Correction & Deletion
You may request that we correct inaccurate data or delete your personal information entirely. Upon verified deletion requests, we will remove your data from all active systems within 30 days and from backup systems within 90 days.
5.3 Objection & Restriction
You may object to specific processing activities or request that we restrict how we use your data while a complaint is under review. We will acknowledge all such requests within 5 business days.
Data Retention
6.1 Retention Periods
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected. Client project data is retained for 3 years post-project completion. Contact and inquiry data is retained for 2 years. Financial records are retained for 7 years in compliance with accounting regulations.
6.2 Anonymization
Where data must be retained beyond the above periods for analytical or legal reasons, we anonymize it so that it can no longer be linked to any individual. Anonymized data may be retained indefinitely for statistical analysis.
Questions about this policy?
Our team is happy to clarify anything. Reach out anytime.