Privacy Policy
Effective date: June 10, 2026 Onix AI LLC
This Privacy Policy explains what information FDA Intel collects, how it is used, and the choices available to you. FDA Intel is a litigation-intelligence service operated by Onix AI LLC ("Onix," "we," "us") at https://fda.onix.bot (the "Service"). The Service is a business-to-business tool offered to plaintiff-side law firms and their personnel.
This document describes our actual practices in plain terms. It is not legal advice. Onix intends to have this policy reviewed by a Florida-licensed attorney, and the practices described here may be supplemented by the agreement under which your firm accesses the Service.
1. Who this policy covers
The Service is a professional tool for law firms. It is intended only for users 18 and over and, consistent with the Terms of Service, is not directed to consumers, and it is not directed to children. We do not knowingly collect information from children under 13 (or under 16 where a higher age applies), and we do not knowingly collect information from anyone under 18. If you are an individual visiting the Service without an account through your firm, please understand the Service is designed for licensed legal professionals and their staff.
Your firm is generally the party that controls the data you put into the Service. Where your firm has a separate agreement with us, that agreement governs how we handle your firm's content.
2. Information we collect
We collect only what we need to operate the Service.
2.1 Account information. When an account is created, we collect information such as name, work email address, the firm or organization name, and login credentials (passwords are stored in hashed form, not in plain text).
2.2 Content you create. The Service lets you create and store content, including:
- chat messages and prompts you send to the AI;
- files and documents you upload;
- "watches," saved searches, watch lists, and other items you configure to track drugs, products, dockets, or feeds.
We refer to this collectively as your content. You and your firm own this content; we process it only to provide the Service (see Section 4).
2.3 Usage and billing telemetry. We collect basic operational data about how the Service is used — for example, which features are accessed, request counts, AI-usage metering, and similar information needed to run, secure, meter, and bill the Service.
2.4 Cookies and server logs. We use one essential session cookie to keep you logged in. Our servers also generate standard logs (such as IP address, timestamp, browser/user-agent, and requested pages) for security, debugging, and abuse-prevention. See Section 7 for more on cookies.
We do not use advertising cookies or third-party ad/marketing trackers, and we do not sell your information.
3. Third-party public data in the Service
The Service aggregates information from third-party public sources (for example, FDA databases, federal court dockets via CourtListener/PACER, recall feeds, SEC filings, clinical-trial registries, and news). That source data is about drugs, products, companies, and litigation — it is not personal information that you provide about yourself. We do not control those upstream sources, and that data may be incomplete, delayed, or inaccurate. This policy is about the information you and your firm provide to us; it does not change the public nature of the underlying source data.
4. How we use information
We use the information described above to:
- provide, operate, maintain, and secure the Service;
- authenticate users and protect accounts;
- generate AI responses, dossiers, scores, draft document shells, and other outputs you request;
- run the features you configure, such as watches and alerts;
- meter usage, calculate fees, and issue invoices;
- send transactional and service-related email (for example, account, security, billing, and alert notifications);
- diagnose problems, prevent abuse, and improve reliability; and
- comply with legal obligations.
We do not use your content for behavioral advertising, and we do not sell it.
5. AI processing
The Service uses Anthropic's Claude API to generate responses. When you use AI features, the relevant content — such as your prompts, chat messages, and the contents of files you provide for a given request — is sent to Anthropic's API so that a response can be generated and returned to you.
Your content is processed only to provide the Service. Your content is not used to train, fine-tune, or improve any AI model, whether ours or any third party's.
6. Sub-processors
We rely on a small number of third-party service providers ("sub-processors") to run the Service. Each is used only for the purpose listed:
| Sub-processor | Purpose |
|---|---|
| Render | Application hosting and infrastructure |
| Amazon Web Services (S3) | Off-site encrypted backups |
| Anthropic | AI processing to generate responses |
| Resend | Delivery of transactional and service email |
These providers process data on our behalf and under their own security and confidentiality commitments. We may add or change sub-processors as the Service evolves; where your firm has a separate agreement with us, any notice terms in that agreement apply.
7. Cookies
We use only an essential session cookie that keeps you signed in while you use the Service. Without it, the Service cannot maintain your login.
We do not use third-party advertising cookies, marketing trackers, analytics tracking pixels, or cross-site tracking technologies. Because the cookie we use is strictly necessary to operate the Service, it cannot be turned off without breaking core functionality.
8. Security
We take reasonable measures to protect the information in the Service, including:
- Encryption of stored data and encryption of data in transit (HTTPS/TLS);
- Nightly off-site backups so that data can be recovered;
- access controls and other reasonable administrative, technical, and physical safeguards appropriate to the nature of the data.
No system is perfectly secure, and we cannot guarantee absolute security. We do not promise that the Service will be free from every unauthorized access, loss, or breach. If we become aware of a security incident affecting your information, we will take reasonable steps to investigate and remediate and will notify affected users and our customers consistent with applicable law and any agreement with your firm.
You are responsible for keeping your login credentials confidential and for activity that occurs under your account.
9. Data retention
We retain account information, content, and operational data for as long as your account is active and as needed to provide the Service, meet our legal and recordkeeping obligations, resolve disputes, and enforce our agreements. Backups are retained on a rolling basis as part of our normal backup cycle and are overwritten or expired over time. When data is deleted from the active Service, residual copies may persist in backups until those backups age out.
10. Your rights: export and deletion
You can export your data from the Service in a commercially reasonable format, and you can request deletion of your data. To make a request, contact us at the address in Section 13 (some actions may also be available directly within the Service).
We will honor verified export and deletion requests within a reasonable time, subject to information we are required to retain by law, for legitimate business records, or to resolve a pending dispute. As described in Section 9, residual copies may remain in backups until they expire in the ordinary course; deletion from the active Service does not require immediate deletion from backups. Where your firm administers your account, we may direct certain requests to your firm or act on your firm's instructions, since your firm controls the content it places in the Service.
11. International note
Onix is based in the United States, and the Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your location. By using the Service, you understand that your information will be handled as described in this policy.
12. Relationship to the Terms of Service and any MSA
This Privacy Policy describes our practices. It does not create any warranty, representation, or guarantee beyond those, if any, expressly stated in the Terms of Service or any Master Services Agreement between Onix and your firm. The disclaimers, limitations of liability, damages caps, and exclusions of consequential damages set out in the Terms of Service and any Master Services Agreement apply to any claim relating to this Privacy Policy or to the practices it describes, including any claim relating to security or data handling.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the Effective date above and post the updated policy at the Service. Material changes may also be communicated by email or through the Service. Your continued use of the Service after an update takes effect means you have reviewed the current policy.
14. Contact
Questions, export requests, or deletion requests can be sent to:
Onix AI LLC 7901 4th Street North, STE 300, St. Petersburg, FL 33702 Email: p@s.cr
This Privacy Policy is a protective template provided by Onix AI LLC and is not legal advice. It should be reviewed by a licensed Florida attorney before publication.