Privacy Policy
Effective Date: February 28, 2026
TL;DR — ONYX is built on a zero-knowledge architecture. Your data is encrypted end-to-end on your device before it ever leaves. We cannot read your notes, passwords, files, or any content — even if compelled to. We collect the bare minimum needed to operate the service.
1. Who We Are
ONYX is developed and operated by Onyx Void Labs ("we", "us", "our"). Our website is onyxvoid.com and you can reach us at contact@onyxvoid.com.
ONYX is open-source software licensed under the GNU General Public License v3.0 (GPL-3.0). The full source code is publicly available for audit on GitHub.
2. Our Core Privacy Principle: Zero-Knowledge Architecture
ONYX is designed so that we never have access to your plaintext data. All encryption and decryption happens exclusively on your device using:
- AES-256-GCM authenticated encryption for all content
- PBKDF2 with SHA-256 and 100,000 iterations for key derivation
- Cryptographically random 16-byte salts and 12-byte IVs per operation
- Browser-native Web Crypto API (no third-party cryptography libraries)
Your master key is generated on your device, wrapped (encrypted) with your password, and never transmitted in plaintext. Even if our servers are compromised, your data remains unreadable.
3. What Data We Collect
3.1 Account Information
| Data | How It's Handled | Purpose |
|---|---|---|
| Email address | SHA-256 hashed with a secret pepper on your device before transmission. The server only receives and stores a pseudonymous hashed identifier — never your real email. | Authentication (identity blinding) |
| Display name & avatar | Encrypted with AES-256-GCM on your device before upload. The server stores only ciphertext. | Profile display (client-side only) |
| Passkey credentials | WebAuthn public keys and credential IDs are stored server-side. Passkey labels are encrypted client-side. | Passwordless authentication (FIDO2/WebAuthn) |
| Authentication tokens | Magic link and OTP tokens are hashed before storage. Time-limited and marked as used after verification. | Passwordless sign-in (magic link, OTP) |
3.2 Device Information
| Data | How It's Handled | Purpose |
|---|---|---|
| Device fingerprint | A probabilistic browser-derived hash generated by the open-source FingerprintJS library. Runs entirely on your device — no data is sent to FingerprintJS servers. This is not a unique identifier and cannot be used to track you across sites. | Anti-abuse during account creation (rate limiting) |
3.3 Your Content
All user-created content — including notes, password vault entries, files, calendar events, flashcards, and photos — is:
- Stored primarily on your device in IndexedDB (local browser/app storage)
- Encrypted end-to-end with AES-256-GCM before any cloud sync
- Never readable by us — the server stores only opaque ciphertext blobs
Cloud sync is optional. ONYX works fully offline without any server connection.
3.4 What We Do NOT Collect
- No analytics or telemetry (telemetry is disabled by default; no analytics SDKs are integrated)
- No tracking pixels, cookies for advertising, or ad networks
- No IP address logging on our sync relay servers
- No usage behavior tracking
- No selling or sharing of any data with third parties for advertising
4. How We Use Your Data
The limited data we collect is used exclusively to:
- Authenticate you and maintain your session
- Sync your encrypted data between your devices (when you opt in to cloud sync)
- Process subscription payments via Stripe
- Prevent abuse (e.g., mass account creation)
- Provide account recovery via encrypted recovery keys
5. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing for subscriptions | Your pseudonymous account identifier and payment details. Stripe handles all payment data in accordance with PCI DSS. ONYX never stores or processes raw payment card data. |
| Google OAuth | Optional sign-in method | Standard OAuth2 flow — only the profile information you consent to share with Google is received. |
| Microsoft Outlook (embedded) | Optional email client feature | Your Microsoft credentials are entered directly into Microsoft's embedded web interface. ONYX does not intercept, store, or have access to your Microsoft credentials. |
| Cloudflare DNS | Email provider detection (MX lookups) | Domain names only — no personal data. |
We do not use any analytics services (no Google Analytics, no Mixpanel, no Sentry, no PostHog, or similar).
6. Data Storage and Security
6.1 On Your Device (Primary)
- IndexedDB: Notes (as Yjs CRDT documents), calendar events, version history, password vault cache
- localStorage: Settings, preferences, workspace state (never sent to any server)
- sessionStorage: Temporary session keys (cleared when you close the tab/app)
- Local filesystem (desktop app): Optional Markdown mirror of your notes
6.2 On Our Servers (Optional, Encrypted)
- PocketBase (self-hosted): Encrypted user records, encrypted vault entries, hashed auth tokens, passkey credentials
- Hocuspocus (self-hosted): Encrypted Yjs document blobs for real-time sync — a stateless relay that stores only ciphertext
All server infrastructure is self-hosted and operated by Onyx Void Labs. We do not use shared cloud hosting providers for your encrypted data.
6.3 Peer-to-Peer Sync
ONYX supports optional LAN-based peer-to-peer sync between your devices on the same local network. P2P sync transmits encrypted payloads directly between your devices without passing through any server.
7. Data Retention and Deletion
- Your local data remains on your device until you choose to delete it.
- You can delete your account at any time, which will remove all server-side data associated with your account.
- Version history snapshots (up to 50 per note) are stored locally in IndexedDB and can be cleared by you at any time.
- Since we cannot read your data, we cannot selectively retain any content — deletion is complete and irreversible.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: You can access all your data directly in the app — it's stored on your device.
- Portability: You can export your notes as Markdown files at any time.
- Deletion: You can delete your account and all associated server-side data.
- Rectification: You can update your profile information at any time within the app.
Because of our zero-knowledge design, we cannot access your data to fulfill data access requests — you already have direct access to everything on your device.
9. Children's Privacy
ONYX is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at contact@onyxvoid.com and we will delete the account.
10. Open Source Transparency
ONYX is fully open-source under the GPL-3.0 license. You can audit the entire codebase to verify every claim in this privacy policy. Our encryption implementation, data handling, and network requests are all publicly reviewable.
11. Changes to This Policy
If we make material changes to this Privacy Policy, we will update the "Effective Date" at the top and notify users through the app or our website. Continued use of ONYX after changes constitutes acceptance of the revised policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: contact@onyxvoid.com
- GitHub: Open an issue