Privacy Policy

Introduction

Quantum Automation Pty Ltd ("Onyx," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect information in several ways depending on how you interact with our Service.

1.1 Information You Provide to Us

Account Information:

• Full name
• Email address
• Phone number
• Business name
• Business address
• Payment information (processed by our payment provider)
• Login credentials

Profile Information:

• Insurance verticals you serve
• Business preferences and settings
• Communication preferences

Customer Data:

When you use our CRM features, you may input data about your contacts and leads, including:

• Names and contact information
• Policy information
• Communication history
• Appointment records
• Notes and custom fields
• Any other data you choose to input

Communications:

• Support requests and correspondence
• Feedback and survey responses
• Information provided during onboarding calls

1.2 Information Collected Automatically

Usage Data:

• Pages and features accessed
• Time spent on the Service
• Click patterns and navigation paths
• Search queries within the Service
• Feature usage statistics

Device Information:

• Device type and model
• Operating system and version
• Browser type and version
• Screen resolution
• Language preferences

Log Data:

• IP address
• Access times and dates
• Referring URLs
• Error logs and crash reports

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar technologies to collect information. See Section 6 for details.

1.3 Information from Third Parties

Integrations:

When you connect third-party services (e.g., Google Calendar, Outlook, lead providers), we may receive information from those services as authorized by you.

Payment Processors:

Our payment processor may share transaction status and billing address verification information with us.

Analytics Providers:

We receive aggregated analytics data from third-party analytics services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

• Creating and managing your Account
• Processing transactions and sending billing information
• Providing customer support
• Delivering the features and functionality of the Service
• Personalizing your experience
• Analyzing usage patterns to improve the Service
• Developing new features and services

2.2 Communications

• Sending transactional emails (confirmations, receipts, security alerts)
• Sending service-related announcements and updates
• Responding to your inquiries and requests
• Sending marketing communications (with your consent)
• Providing onboarding assistance and training

2.3 Security and Compliance

• Protecting against unauthorized access and fraud
• Enforcing our Terms of Service
• Complying with legal obligations
• Responding to legal requests and preventing harm

2.4 Analytics and Research

• Understanding how users interact with the Service
• Measuring the effectiveness of features
• Conducting research and analysis to improve our offerings
• Generating aggregated, anonymized insights

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform
• Payment Processing: Stripe
• Email Services: SendGrid, Mailgun
• SMS Services: Twilio
• Analytics: Google Analytics, Mixpanel
• Customer Support: Intercom, Zendesk
• Calendar Integration: Google, Microsoft

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.2 Business Transfers

If Onyx is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders or legal process
• Government or regulatory requests
• Protecting our legal rights
• Preventing fraud or illegal activity
• Protecting the safety of users or the public

3.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

3.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you. For example, we may publish reports on industry trends based on anonymized user data.

4. Customer Data

4.1 Your Responsibilities

You are the data controller for the Customer Data you input into the Service. You are responsible for:

• Ensuring you have the legal right to collect and process the data
• Obtaining necessary consents from your contacts
• Complying with applicable privacy and data protection laws
• Honoring data subject requests from your contacts

4.2 Our Role

We act as a data processor for your Customer Data. We will:

• Process Customer Data only according to your instructions
• Implement appropriate security measures
• Assist you in responding to data subject requests
• Delete or return Customer Data upon termination of your Account

4.3 No Sale of Customer Data

We will never sell your Customer Data to third parties. We will not use your Customer Data for our own marketing purposes.

4.4 SMS and Communication Data

Important: No mobile information collected through our SMS features will be shared with third parties or affiliates for marketing or promotional purposes. Information may be shared with service providers (such as Twilio) solely for the purpose of delivering messages.

All opt-in data and consent records are:

• Stored securely
• Never sold
• Used only for the purposes for which consent was given

5. Data Retention

5.1 Account Data

We retain your Account information for as long as your Account is active. After Account termination:

• You have 30 days to export your Customer Data
• We may retain certain data as required by law or for legitimate business purposes
• Backup copies may persist for up to 90 days

5.2 Customer Data

We retain Customer Data for the duration of your Subscription plus:

• 30 days after termination for data export
• Additional time as required by applicable laws

5.3 Usage and Log Data

• Usage data: Retained for up to 24 months
• Log data: Retained for up to 12 months
• Security logs: Retained as required for compliance

5.4 Marketing Data

If you unsubscribe from marketing communications, we will retain only the information necessary to honor your opt-out preference.

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences and understand how you use the site.

6.2 Types of Cookies We Use

Essential Cookies:

Required for the Service to function. These enable core functionality such as:

• User authentication
• Security features
• Session management
• Load balancing

You cannot opt out of essential cookies.

Functionality Cookies:

Remember your preferences and settings:

• Language preferences
• Display settings
• Previously entered information

Analytics Cookies:

Help us understand how users interact with the Service:

• Pages visited
• Time on site
• Navigation patterns
• Error tracking

We use Google Analytics and similar tools to collect this data.

Marketing Cookies:

Used to deliver relevant advertisements and track campaign effectiveness:

• Ad targeting
• Conversion tracking
• Retargeting

6.3 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Cookie Consent Banner: Use our cookie preferences tool on the website
• Opt-Out Links:
  • Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Facebook: https://www.facebook.com/settings/?tab=ads

Note: Blocking certain cookies may affect the functionality of the Service.

6.4 Do Not Track

Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals, but we honor your cookie preferences as set through our consent tools.

7. Data Security

7.1 Security Measures

We implement technical and organizational measures to protect your information, including:

Technical Safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest (AES-256)
• Secure data centers with physical security controls
• Regular security assessments and penetration testing
• Intrusion detection and monitoring
• Firewalls and access controls

Organizational Safeguards:

• Employee background checks
• Security awareness training
• Access limited to authorized personnel on a need-to-know basis
• Incident response procedures
• Vendor security assessments

7.2 Your Role in Security

You can help protect your information by:

• Using a strong, unique password
• Enabling two-factor authentication (if available)
• Keeping your login credentials confidential
• Logging out of shared devices
• Reporting suspicious activity immediately

7.3 Security Incidents

If we discover a security breach affecting your personal information, we will:

• Notify you as required by applicable law
• Take steps to mitigate the impact
• Cooperate with relevant authorities

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

8.1 Rights for All Users

All users can:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Export: Export your data in a portable format
• Opt-Out: Unsubscribe from marketing communications

8.2 Additional Rights (California Residents - CCPA)

California residents have the right to:

• Know what personal information is collected and how it's used
• Request deletion of personal information
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@onyx-crm.com or call 737-325-8808.

8.3 Additional Rights (EU/UK Residents - GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with a supervisory authority

Legal Basis for Processing:

We process your data based on:

• Performance of a contract (providing the Service)
• Legitimate interests (improving the Service, security)
• Consent (marketing communications)
• Legal obligations (compliance)

8.4 Exercising Your Rights

To exercise any of these rights:

• Email: privacy@onyx-crm.com
• Phone: 737-325-8808

We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.

9. International Data Transfers

9.1 Data Location

Our primary servers are located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

9.2 Transfer Safeguards

For transfers from the EU/UK, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Other legally recognized transfer mechanisms

9.3 Australian Privacy Act

As an Australian company, we also comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us at privacy@onyx-crm.com.

11. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.

We are not responsible for the privacy practices of third parties.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you by email (for significant changes)
• Post a notice on the Service

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

14. Additional Disclosures

14.1 California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

14.2 Nevada Residents

Nevada residents may opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law. To submit a request, contact privacy@onyx-crm.com.

14.3 Virginia, Colorado, Connecticut, and Utah Residents

Residents of these states have similar rights to California residents under their respective state privacy laws. Contact us to exercise your rights.