Skip to content
Ownazents
Back to home
Legal

Privacy Policy

Effective date: April 1, 2026Jurisdiction: India (Hyderabad)Compliant with: GDPR · India DPDP Act 2023

At Ownazents we believe privacy is a right, not a checkbox. This policy explains plainly what data we collect, why we collect it, who sees it, and how you can control it. We will never sell your data. If you have questions, email us.

1. Who We Are

Ownazents ("Ownazents," "we," "us," or "our") operates ownazents.ai and the Ownazents AI agent platform. We are based in Hyderabad, India and act as the data controller for all personal data collected through our services.

For privacy-related enquiries, contact us at support@ownazents.ai.

2. What We Collect

2.1 Account Data

When you sign up or update your profile, we collect:

  • Full name and email address
  • Password (stored as a bcrypt hash — we never store or see your plain-text password)
  • Use case selected during onboarding (e.g., personal, business, agency)
  • Google or GitHub account details if you use social sign-in (name, email, avatar)

2.2 Agent & Conversation Data

When you create and use an AI agent, we store:

  • Your agent's name, description, and configuration (Standard Operating Procedure / SOP)
  • Conversation history between you and your agent
  • Files, instructions, or knowledge base content you provide to your agent
  • Channel connections (Telegram bot token, WhatsApp number — encrypted at rest)

2.3 Usage & Technical Data

  • Credit consumption logs and transaction history
  • Pages visited, features used, and time spent (via Vercel Analytics — anonymised)
  • IP address, browser type, operating system, and device type
  • Error logs and crash reports (no personal content included)

2.4 Payment Data

Payments are processed by Stripe. We never store your card number, expiry, or CVV. Stripe provides us with a tokenised reference and the last 4 digits of your card for display purposes only. See stripe.com/privacy.

3. How We Use Your Data

PurposeLegal basis
Provide the ServiceContract
Transactional emailsContract
Payment processingContract
Product improvementLegitimate interest
Security & fraud preventionLegitimate interest
Legal obligationsLegal obligation

We do not sell your personal data to any third party. We do not use your conversation content to train AI models.

4. Storage & Security

Your data is stored in the European Union (Supabase — West EU / Ireland region, AWS eu-west-1) and served globally via Cloudflare's edge network. All data is:

  • Encrypted in transit using TLS 1.3
  • Encrypted at rest using AES-256
  • Protected by Row Level Security (RLS) — each user can only access their own data
  • Accessible only to authorised team members under strict need-to-know controls

Our servers are hosted on Hetzner dedicated hardware in Germany. Application infrastructure is deployed via Vercel. Domain and DDoS protection is handled by Cloudflare.

While we take security seriously, no system is 100% immune. If you discover a security vulnerability, please disclose it responsibly to support@ownazents.ai.

5. Third-Party Services

We use the following sub-processors. Each is bound by data processing agreements (DPAs) and has their own privacy policy:

ProviderPurpose
SupabaseDatabase & authentication
AnthropicAI model (Claude) — processes your prompts
ResendTransactional email delivery
HetznerServer infrastructure
CloudflareCDN, DNS, DDoS protection, edge network
VercelApplication hosting & analytics
StripePayment processing

When data is transferred outside India or the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

6. Cookie Usage

We use a minimal set of cookies — only what is necessary:

Authentication cookiesNecessary

Session tokens that keep you signed in. Deleted when your browser closes (session cookie).

Preference cookiesFunctional

Remember your UI preferences (e.g., sidebar collapsed state). No personal data.

Analytics cookiesAnalytics

Vercel Analytics — anonymous, no cross-site tracking, no fingerprinting, no personal identifiers.

We do not use advertising cookies, retargeting pixels, or any third-party tracking technology. We will never sell your browsing data.

7. Data Retention

  • Active accounts — data retained for the duration of your active subscription
  • Deleted accounts — all personal data deleted within 30 days of your deletion request
  • Conversation history — retained for 12 months, then automatically purged
  • Usage logs — retained for 90 days for security and debugging purposes
  • Payment records — retained for 7 years to comply with Indian financial regulations
  • Backup snapshots — overwritten within 30 days

8. GDPR — Rights of EU/EEA Users

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your account and all associated personal data.

Right to Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

Right to Object

Object to processing for direct marketing or legitimate interest purposes.

Right to Withdraw Consent

Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, email support@ownazents.ai with subject line "GDPR Request." We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

9. India DPDP Act 2023

We comply with the Digital Personal Data Protection (DPDP) Act, 2023 of India. As a Data Fiduciary, we:

  • Collect only data that is necessary for the stated purpose (data minimisation)
  • Obtain your consent clearly and in plain language before processing personal data
  • Provide notice of all purposes for which data is processed
  • Implement appropriate technical and organisational security safeguards
  • Notify the Data Protection Board of India in the event of a data breach as required

As a Data Principal (user) under the DPDP Act, you have the right to:

  • Access a summary of your personal data being processed
  • Correction and erasure of your personal data
  • Grievance redressal — raise concerns with our grievance officer
  • Nominate another individual to exercise your rights in case of death or incapacity

To raise a grievance under the DPDP Act, contact: support@ownazents.ai — we will respond within 48 hours.

10. Children

Ownazents is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a child has provided us personal data without parental consent, please contact support@ownazents.ai and we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Notify you by email at least 14 days before the change takes effect
  • Update the effective date at the top of this page
  • For significant changes, request fresh consent where legally required

Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

If you have any questions, concerns, or requests regarding your privacy, please reach out:

CompanyOwnazents
LocationHyderabad, India
Emailsupport@ownazents.ai
Websiteownazents.ai