Privacy Policy

Fine Entertainment | 凡音文化有限公司 (“Onyx,” “we,” “us”) respects your privacy. This policy explains how we handle your information in compliance with the Personal Data Protection Act (PDPA) of Taiwan.

Global Compliance: For users located in the European Union, we also comply with the General Data Protection Regulation (GDPR). For users located in California, USA, we comply with the California Consumer Privacy Act (CCPA). Our legal basis for processing personal data is primarily Contractual Necessity — the processing is required to fulfill the AI audio services you have requested. Where Contractual Necessity does not apply, we rely on Legitimate Interest or your explicit Consent.

This Privacy Policy forms part of the broader legal framework governing your use of our services. It should be read in conjunction with our Terms of Service and Acceptable Use Policy.

Your specific rights under GDPR and CCPA are detailed in Section 19 (Your Rights) below.

We adhere to the principle of Data Minimization. We only collect:

• Personal Identity Information: Email address (via Magic Link authentication). No passwords required.
• Transaction Data: Purchase history, invoice numbers, and payment timestamps.
• Input Data: Text scripts (for Voiceover), MIDI files, and Musical Scores (PDF, MusicXML) provided by you for audio generation or live recording services.
• Technical Data: IP address, browser type, and operating system for security and fraud prevention.

• Processor: All payments are processed by TapPay (Cherri Tech, Inc.) and Cathay United Bank.
• Security: Payment data is encrypted and tokenized using PCI-DSS compliant standards. Onyx only receives a transaction status and the last 4 digits of the card for identification purposes.

We use the collected data for the following specific purposes:

• Service Fulfillment: To generate audio files (Voiceover/Music) or coordinate live recording sessions (Live Strings) via our studio teams.
• No AI Training: Onyx does not use your provided scripts, lyrics, or musical scores to train or fine-tune our public AI models. Your creative inputs remain your confidential property.
• Legal Compliance: To maintain financial records for tax authorities (retained for 5 years).
• Communication: To send order confirmations, invoices, and critical project updates.

Onyx Studios prioritizes the protection of vocal identity. As an AI audio production company, we recognize that voice data may be classified as biometric information under certain jurisdictions (including the EU GDPR and the Illinois Biometric Information Privacy Act). While Onyx does not perform biometric analysis, extraction, or comparison on voice files, we store and handle all voice recordings with the same level of care required for biometric data.

• Talent Voice Data: All voice samples from our Global Talent Network are collected with explicit, informed consent under formal Talent Engagement Agreements. These samples are stored in encrypted environments and are used exclusively for Onyx’s proprietary model training.
• Client-Uploaded Audio: Any voice samples or reference audio uploaded by Clients for custom projects are treated as highly confidential. These files are encrypted at rest and in transit. We never share raw voice samples with third parties without explicit, project-specific consent.
• No Unauthorized Cloning: Onyx does not use Client-uploaded voice data to create voice clones or derivative models for use outside the scope of the contracted project.

We strictly share data only with the following infrastructure partners necessary to operate the service:

• Vercel Inc. (USA): Web hosting and edge deployment.
• Supabase Inc. (USA/Singapore): Database management, authentication, and secure storage.
• TapPay (Taiwan): Payment gateway services.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

As we utilize global infrastructure providers (Vercel, Supabase), your data may be transferred to and processed in the United States or Singapore. We ensure that such transfers are protected by appropriate legal safeguards:

• Standard Contractual Clauses (SCCs): For data transfers from the EU/EEA, we rely on European Commission-approved Standard Contractual Clauses to ensure an equivalent level of data protection.
• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent standards.
• Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with all infrastructure partners, ensuring they are contractually bound to protect your data in accordance with GDPR and applicable privacy laws.

Access to user-provided scripts, MIDI files, voice samples, and other creative materials is strictly limited to authorized Onyx personnel who require access for the following purposes only:

• Sound Engineers & Directors: For audio production, quality assurance, and artistic direction of the contracted project.
• Technical Support: For troubleshooting file delivery or format conversion issues.

All authorized personnel are bound by strict non-disclosure agreements (NDAs). No employee, contractor, or partner may access, copy, or distribute Client materials for any purpose outside the scope of the contracted project.

We employ industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS/SSL encryption (TLS 1.2 or higher).
• Encryption at Rest: Stored data is encrypted using AES-256 or equivalent standards.
• Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive data, as described in Section 8.
• Monitoring: We continuously monitor our infrastructure for vulnerabilities and conduct regular security assessments.

Breach Notification: In the unlikely event of a confirmed data breach affecting your personal data, Onyx Studios commits to notifying affected users within seventy-two (72) hours of discovery, in accordance with GDPR Article 33 and applicable data protection laws. For further details, please refer to Section 43 of our Terms of Service.

While no method of electronic transmission or storage is 100% secure, we are committed to maintaining the highest practical level of data protection.

You are strictly prohibited from using any automated systems (bots, spiders, or scrapers) to extract data or audio assets from the Onyx Studios Platform. Any attempt to reverse engineer, decompile, or derive the source code of our proprietary AI models constitutes a material violation of this policy.

Violations of this section will be pursued to the fullest extent of the law, including under the Computer Fraud and Abuse Act (CFAA) and equivalent legislation in applicable jurisdictions.

• Standard Files: Generated audio files are stored for 90 days. Users are encouraged to download their files immediately.
• Masterpiece/Live Session Assets: For premium projects, we may offer extended archival storage as part of your project coordination to ensure the safety of your master stems.
• Account Deletion: You have the right to request deletion of your personal data at support@onyxstudios.ai.
• Legal Retention: Certain financial and transaction records may be retained for up to 5 years as required by Taiwan tax law, even after account deletion.
• Talent Application Audio: Audio files submitted during the talent application process are retained for internal evaluation and archival purposes, as consented to during the application. This data is used solely for talent assessment and platform security, and is not used for commercial AI model training unless the applicant is accepted and signs a separate formal engagement agreement.
• AI Model Archival (Post-Departure): When a Talent departs the Onyx Talent Network, their AI Twin model is placed in permanent Archive Status. Archived models are not used for new commercial generation. They are retained solely for: (a) validating the legitimacy of License Certificates previously issued to Clients; (b) responding to copyright inquiries or legal disputes; and (c) regulatory compliance. The legal basis for this retention is Legitimate Interest under GDPR Article 6(1)(f) — specifically, the necessity to verify and defend existing commercial licenses. This archival is permanent, as License Certificates issued to Clients are perpetual. Talent consent for this retention is obtained through the formal Talent Engagement Agreement. For the full archival framework, please refer to Section 58 of our Terms of Service.

We use essential cookies strictly necessary for the operation of the website (e.g., login sessions). We do not use third-party advertising tracking cookies. No personal data is shared with advertising networks or social media platforms through our website.

Our Services are not intended for individuals under the age of 16 (or 13 in jurisdictions where COPPA applies). We do not knowingly collect personal data from children. If we become aware that a minor has provided us with personal information without verifiable parental consent, we will take immediate steps to delete such data from our systems.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@onyxstudios.ai so we can take appropriate action.

Onyx Studios prohibits the use of our services to generate content that is illegal, defamatory, or promotes hate speech. For full details on prohibited conduct, ethical use obligations, and the AI Training Ban, please refer to Section 9 of our Terms of Service and our Acceptable Use Policy.

Onyx Studios is committed to ethical AI practices. We acknowledge that our Assets are machine-generated under human direction. To ensure transparency and assist Clients in meeting their own AI disclosure obligations (including under the EU AI Act), we may include metadata or digital identifiers within the Assets to certify their origin from the Onyx Studios Platform.

Clients who are subject to AI labeling or disclosure requirements in their jurisdiction are encouraged to reference the License Certificate and embedded metadata as evidence of the Asset’s origin and production methodology. For details on our digital watermarking and fingerprinting practices, please refer to Section 46 of our Terms of Service.

We do not use automated decision-making or profiling algorithms to determine pricing, service eligibility, or to analyze sensitive personal characteristics. Every transaction and project is handled with a focus on objective service fulfillment and creative excellence. In accordance with GDPR Article 22, users have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Onyx Studios will not disclose user data to government or law enforcement agencies unless required by a valid legal order (e.g., a subpoena or court order issued by a court of competent jurisdiction). In such events:

• Prior Notice: We will attempt to notify the affected user in advance, unless legally prohibited from doing so.
• Minimum Disclosure: We will only provide the minimum data necessary to comply with the legal obligation.
• Transparency Report: We may publish periodic transparency reports summarizing the number and nature of government requests received, consistent with applicable law.

We maintain regular backups and disaster recovery procedures to minimize the impact of service disruptions on your data. For the full scope of our force majeure protections, please refer to Section 13 (Force Majeure) of our Terms of Service.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of the above rights, please contact us at support@onyxstudios.ai. We will respond to all verifiable requests within 30 days (or 45 days for complex requests, with prior notice).

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or evolving AI regulations. We will notify you of any material changes by posting the revised policy on this page and updating the “Last Updated” date. Your continued use of the Service after such updates constitutes acceptance of the revised policy.

• Entity Name: Fine Entertainment | 凡音文化有限公司
• Tax ID: 24312593
• Address: 2F., No. 79, Anping Rd., Zhonghe Dist., New Taipei City, Taiwan
• Email: support@onyxstudios.ai

For GDPR-related inquiries, EU users may also contact us at the email above. We do not currently appoint a formal Data Protection Officer (DPO) but will do so if required by the scale of our data processing activities.