Effective date: September 20, 2025
Who we are: Obsidian Lab is a brand of Synergy Digital LLC (“Obsidian Lab,” “we,” “us,” “our”).
Address: 16192 Coastal Hwy, Lewes, DE 19958, United States
Email: help@obsidianlab.us | partners@obsidianlab.us
Phone: +1 (321) 321‑4750
Website: obsidianlab.us

This Privacy Policy describes how we collect, use, disclose, and protect information when you visit obsidianlab.us and related pages (the “Site”), interact with our social pages and ads, subscribe to updates, contact us, or otherwise engage with our business. It also explains your privacy choices and rights.

We are a B2B company. This policy covers website and marketing interactions. If you are an end user of a customer’s deployment of our PAM, Back Office, Route Management, or game technology (“Services”), we typically act as a processor/service provider on our customer’s instructions. In those cases, our customer’s privacy notice controls.

1) What we collect

A. Information you provide directly

• Business contact details (name, work email, phone, company, role)

• Account and preference information (if we enable accounts)

• Content of messages, demo requests, investor inquiries, event sign‑ups

• Newsletter subscriptions and marketing preferences

• Job applications and recruitment data (if you apply)

• Investor relations inquiries (accreditation status or similar, if you choose to provide it)

We do not seek to collect sensitive personal information through the Site (e.g., health, precise location, financial account numbers). Please do not include such data in free‑text fields.

B. Information collected automatically

• Device and browsing data: IP address, identifiers, user‑agent, language, referrer/UTM, pages viewed, time on page, links clicked

• Approximate location (derived from IP)

• Cookies, pixels, SDKs, beacons, local storage (see Cookie Policy below)

C. Information from third parties

• Lead sources and partners (e.g., event organizers, referral partners)

• Social platforms (when you engage with our company pages/ads)

• Public business data providers

2) How we use information

We use information to:

• Operate, secure, and improve the Site and our Services

• Provide demos, respond to inquiries, and manage relationships

• Send administrative messages and service updates

• Analyze Site performance and audience (aggregated/anonymous reporting where feasible)

• Personalize content and measure campaign performance

• Conduct B2B advertising, including retargeting/“cross‑context behavioral advertising” where allowed

• Support investor relations communications (informational only; any securities offering would be made through proper materials under applicable exemptions)

• Prevent fraud and abuse; comply with law; enforce terms

Legal bases (EEA/UK/Switzerland): consent (for non‑essential cookies/ads), contract necessity, legitimate interests (e.g., B2B marketing, security), and legal obligations.

3) Disclosures & recipients

We disclose personal information to:

• Service providers (hosting, cloud, security, email/CRM, analytics, ads/retargeting, cookie consent tools) under contract

• Business partners (co‑marketing or events, where you’ve engaged or consented)

• Compliance/legal recipients where required (law enforcement, regulators)

• Corporate transactions (merger, acquisition)

We do not sell personal information for money. We may “share” identifiers and usage data with advertising/analytics partners for cross‑context behavioral advertising (as defined by U.S. state laws). See Your Privacy Choices below.

4) Platform‑specific disclosures (Google, Meta, LinkedIn, and others)

Google (Analytics, Ads, Tag Manager, YouTube, Consent)

We may use Google Analytics 4 and Google Ads features (including remarketing and reporting). Where required, we obtain consent from EEA/UK/Swiss users for cookies and personalized ads under Google’s EU User Consent Policy. You can manage Google ad personalization and GA opt‑outs as described under Your Controls below. Google+1

If we embed YouTube videos or use Google Tag Manager, those services may set cookies or collect device data consistent with Google’s policies. Google

reCAPTCHA. We may use Google reCAPTCHA to protect forms from spam and abuse. If present, the feature collects device and interaction data for security purposes. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Google Cloud

Meta (Facebook & Instagram: Pixel and Conversions API)

We may use Meta Pixel and/or Conversions API to measure reach and performance, build audiences, and optimize ads. We provide required notices and obtain consent where applicable; we do not send prohibited/sensitive data and we hash required fields as specified by Meta’s Business Tools documentation. You can control ads via your Meta ad preferences and our Site tools described below. Facebook+2Facebook Business+2

LinkedIn (Insight Tag / Conversions)

We may use the LinkedIn Insight Tag and/or conversions integrations for measurement and retargeting to professional audiences. Where required, we obtain consent before firing the tag. You can adjust LinkedIn ad preferences from your LinkedIn account and via the opt‑out tools listed below. LinkedIn Business Solutions+1

X (Twitter), Vimeo/YouTube embeds, and others

Pixels, SDKs, or embeds from these providers may set cookies or receive limited device/usage data when you visit pages where they load. Please refer to each provider’s privacy controls in addition to the Site tools below.

5) Your controls, choices & rights

A. Cookie & tracking controls

• Cookie Banner / Preferences. On your first visit (and thereafter via the “Cookie Settings” link in our footer), you can accept or reject non‑essential cookies by category.

• Browsers & devices. You can block, delete, or limit cookies via browser settings and mobile OS ad‑ID settings (may impact experience).

• Industry tools. Use the DAA WebChoices tool and YourAdChoices (for interest‑based ads) and NAI resources (note: NAI is evolving its tools). WebChoices+2YourAdChoices+2

B. “Do Not Sell or Share” / Cross‑context ads (U.S. state laws)

If you are in a U.S. state with such rights (e.g., California), you may opt out of sharing for cross‑context behavioral advertising using our Your Privacy Choices link in the footer or by emailing help@obsidianlab.us. We honor Global Privacy Control (GPC) signals for California residents where feasible. California DOJ

C. Email & SMS

• Email. Click “unsubscribe” in any marketing email or email help@obsidianlab.us.

• SMS/Calls (if used). By providing a phone number, you consent to receive informational and/or marketing texts/calls from us. You can opt out at any time (reply STOP to texts).

D. GDPR/UK & U.S. state privacy rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing, and to withdraw consent (without affecting prior processing).

• California (CPRA): access/know, correction, deletion, portability, and opt‑out of sale/sharing; limit use of sensitive data; no discrimination.

• Colorado/Connecticut/Virginia/Utah (and similar): rights as above, including opt‑out of targeted advertising and profiling; appeal a request decision by emailing help@obsidianlab.us with subject “Appeal.”
  We will verify your request, respond within the time required by law, and may deny requests where exceptions apply.

Authorized agents (CA): You may designate an agent; we will verify both agent authority and your identity.

6) Notice at collection (U.S. states)

Categories collected: Identifiers (e.g., name, email, IP, device IDs); commercial and interaction information (pages, features used, preferences); internet/network activity; approximate geolocation; professional information (title, employer); inferences (e.g., account or interest segments). Sources: you, your devices, and integrations/partners. Purposes: as described above. Sensitive data: we do not seek to collect via the Site. Retention: see below. Sharing: with service providers and advertising/analytics partners; you may opt out of cross‑context sharing as above.

7) Data retention

We retain personal information for as long as needed to provide the Site/Services, comply with legal obligations, resolve disputes, and enforce agreements, then delete or de‑identify it per our policies.

8) Security

We use reasonable technical and organizational safeguards (access controls, encryption in transit, network safeguards, and vendor due diligence). No method of transmission or storage is 100% secure.

9) International data transfers

If you are outside the U.S., your data may be processed in the U.S. and other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers.

10) Children’s privacy

Our Site and Services are intended for business professionals and are not directed to children. We do not knowingly collect personal information from children under 16 (or lower age as defined by local law). If you believe a child has provided personal information, contact help@obsidianlab.us.

11) Third‑party sites & social features

Our Site may link to third‑party websites, apps, and social features. Their practices are governed by their own policies, which we do not control. Review those policies before engaging.

12) Changes to this Policy

We will update this Policy from time to time. We will post the updated version and change the effective date above. Material changes will be highlighted on the Site.

13) Contact us

Obsidian Lab (Synergy Digital LLC)
16192 Coastal Hwy, Lewes, DE 19958, United States
help@obsidianlab.us | partners@obsidianlab.us | +1 (321) 321‑4750

Cookie Policy

This Cookie Policy explains how Obsidian Lab uses cookies and similar technologies on obsidianlab.us.

A. What are cookies and similar technologies?

• Cookies are small files placed on your device that store settings and identifiers.

• Pixels/Tags/SDKs are code used to recognize devices, load features, and measure activity.

• Local storage stores data in your browser/app.

• Device IDs (e.g., mobile ad IDs) may be used for ad personalization and analytics.

B. How we use them (categories)

1. Strictly Necessary – Enable core functions such as security, network management, and consent storage.

2. Functional – Remember choices (e.g., language).

3. Analytics/Performance – Help us understand usage to improve the Site (e.g., GA4).

4. Advertising/Retargeting – Measure and optimize campaigns; build audiences (e.g., Meta Pixel, LinkedIn Insight Tag, Google Ads).

5. Media & Integrations – Provide embedded content (e.g., YouTube/Vimeo) and protect forms (reCAPTCHA).

Where required (e.g., EEA/UK/Switzerland), we obtain consent before setting non‑essential cookies or using identifiers, consistent with Google’s EU User Consent Policy. Google

C. Partners and platforms we may use on the Site

• Google: Analytics 4, Ads/Remarketing, Tag Manager, YouTube embeds, Consent Mode; opt‑outs available via Ads Settings and the Google Analytics Opt‑out add‑on. Google Help

• Meta (Facebook & Instagram): Meta Pixel and/or Conversions API for measurement and ads; we follow Meta Business Tools terms (including hashing and prohibited data). Facebook+1

• LinkedIn: Insight Tag for conversion tracking and retargeting. LinkedIn Business Solutions

• X (Twitter): Website tag for measurement/retargeting (if implemented).

• reCAPTCHA: Spam and abuse prevention for forms (Google Privacy Policy and Terms apply). Google Cloud

This list is representative and may change over time. Your Cookie Settings panel reflects the current vendors in use.

D. Your choices

• Cookie banner & preferences: Use our Cookie Settings control to accept/reject non‑essential cookies by category.

• Browser/device settings: Adjust cookie, privacy, and mobile ad ID settings.

• Industry opt‑outs:

  • DAA WebChoices / YourAdChoices for interest‑based advertising on participating companies, and AppChoices for mobile. WebChoices+2YourAdChoices+2

  • NAI resources (note: NAI has updated some opt‑out tools; see NAI site for current options). NAI: Network Advertising Initiative+1

• Global Privacy Control (GPC): We treat a valid GPC signal as a California opt‑out of sale/sharing where applicable. California DOJ

E. Do Not Track

Some browsers send a “Do Not Track” (DNT) signal. We currently respond to GPC as described above; other signals may not be recognized.

Role clarifications for customers of our Services

• For our enterprise PAM, Back Office, Route Management, and game technology, we generally act as a processor/service provider to our customer (the “controller/business”). We process Service Data under contract and only on the customer’s instructions. Customers are responsible for providing privacy notices to their players/users and for honoring end‑user rights. We support them through our DPA and built‑in privacy controls.

Short cookie banner (you can use this text)

We use cookies and similar technologies to run our site, measure performance, and (with your consent) personalize content and ads across platforms like Google, Meta, and LinkedIn. Click Accept All to consent, Reject Non‑Essential to decline, or Cookie Settings to manage preferences. [Privacy Policy] [Cookie Settings]

California “Your Privacy Choices” language (for your footer page)

Your Privacy Choices (California) — You can opt out of our sale or sharing of personal information for cross‑context behavioral advertising by using the toggles below or by enabling a Global Privacy Control (GPC) signal in your browser. We’ll honor your GPC preference when detected. To submit other privacy requests (access, correction, deletion), email help@obsidianlab.us.

Change log

• 2025‑09‑27: Initial publication for obsidianlab.us

© 2025 Obsidian Lab — Synergy Digital LLC | 16192 Coastal Hwy, Lewes, DE 19958 | help@obsidianlab.us | partners@obsidianlab.us | +1 (321) 321‑4750