PIPEDA Compliant

Privacy Policy

Last updated: April 2026  |  Effective: April 2026

1. Who We Are

OwnOS is an AI-native ERP platform operated by OwnOS Inc. We build custom AI-operated business systems for small and medium businesses. Our services are delivered under the brand OwnOS and accessible at ownos.ai.

Contact: privacy@ownos.ai | team@ownos.ai

2. What Data We Collect

When you submit our lead form or become a client, we collect:

  • Name, email address, phone number
  • Business name, industry, team size, annual revenue
  • Business pain points, current tools, success goals
  • Business website URL (used to generate your proposal)
  • Payment information (processed by Stripe — we do not store card details)
  • Business operating procedures, policies, and data you upload during discovery
  • IP address and browser language (used for service localisation only)

3. Why We Collect It

  • To generate your custom AI business system proposal
  • To build and operate your dedicated OwnOS system
  • To deliver discovery questionnaires to your team
  • To generate Standard Operating Procedures for your business
  • To process payments and manage your subscription
  • To communicate service updates, deadlines, and delivery milestones
  • To improve our AI systems using aggregated operational patterns only — never your business content

4. How We Store Your Data

Every client receives a dedicated database instance hosted on Supabase in Canada (ca-central-1 region). Your business data is physically isolated — it is never shared with other clients or stored in a shared environment.

All data is encrypted at rest and in transit. Supabase maintains SOC 2 Type II compliance. Daily automated backups are maintained for the duration of your subscription plus 90 days.

5. Who We Share It With

We do not sell your data. Ever. We use the following service providers to deliver our service:

  • Anthropic (Claude API) — AI processing for proposal generation, SOP writing, and business intelligence. Data processed under Anthropic's data processing agreement.
  • Supabase — Database and storage infrastructure. Your dedicated instance in Canada.
  • Stripe — Payment processing. Card data never touches our servers.
  • Resend — Transactional email delivery (proposals, notifications, SOP alerts).
  • Replit — Application hosting for your client portal.

No advertising networks. No data brokers. No third-party analytics.

6. How Long We Keep It

  • Active clients: Duration of subscription plus 2 years after cancellation
  • Cancelled clients: Your database and all business content is returned to you on request and deleted from our systems within 30 days of cancellation
  • Leads (did not become clients): 12 months from submission or until deletion is requested
  • Payment records: 7 years as required by Canadian tax law

7. Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Withdraw consent and request deletion (subject to legal retention requirements)
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, email privacy@ownos.ai. We respond within 30 days.

8. Cookies

We use one session cookie for client dashboard authentication only. This cookie expires when you close your browser. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. See our Cookie Policy for full details.

9. Contact

Privacy enquiries: privacy@ownos.ai
General: team@ownos.ai
Last updated: April 2026