Privacy policy

OwnOS Ltd ("OwnOS", "we", "our") takes data protection seriously. This policy explains what personal data we collect through ownos.co.uk, why, on what legal basis, and what rights you have.

Draft policy. Reviewed by counsel before the site goes live. If anything here looks wrong to you, write to privacy@ownos.co.uk and we'll fix it.

1. Who we are

OwnOS Ltd is a UK company. The relevant data protection authority is the Information Commissioner's Office (ICO). Applicable law: UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

2. What we collect on this website

• Form submissions (book an install, contact). Name, email, company, role, revenue band, exit horizon, and the free-text bottleneck description you provide. Submitted to an EU-resident managed database; a backup notification is sent via a transactional email service.
• Hashed IP address. We hash submission IPs (no reverse mapping) for rate-limiting and abuse prevention. Cannot identify an individual on its own.
• Aggregated analytics via Vercel Analytics (no cookies, no cross-site tracking) and Vercel Speed Insights. Page views, page-load metrics, anonymised country signal.
• Server logs. Hosting provider (Vercel) keeps request logs for a short retention window for security and availability.

3. What we do not collect

• No third-party advertising cookies. No retargeting pixels.
• No cross-site tracking. No data sold or shared with brokers.
• We do not use your form submission to train any AI model, ours or anyone else's.

4. Legal basis

• Legitimate interest (Art 6(1)(f) UK GDPR) for responding to your enquiry, abuse prevention, and aggregated traffic measurement.
• Consent (Art 6(1)(a)) where we ask for it, such as optional analytics cookies if we ever introduce them. None are in use today.
• Legal obligation (Art 6(1)(c)) where retention or disclosure is required by UK law.

5. Retention

• Install applications: retained for 24 months after the last contact so we can follow up, then deleted or anonymised.
• General contact emails: retained as long as the conversation is commercially relevant, deleted on request.
• Analytics: aggregated, no personal data retained, no individual session tied to identity.

6. Sub-processors used for this website

We use a small set of vetted, EU-resident sub-processors to operate ownos.co.uk. Each one only sees the data needed for its task; none train models on it.

• A cloud hosting and edge-runtime provider.
• An EU-resident managed database for form submissions.
• A transactional email service for form notifications.
• A source-code hosting service for the website repository.
• A web-font service whose fonts are bundled into the build (no runtime calls).

Client-install sub-processors are listed inside each client's signed DPA annex, not on this page. If you want the specific identity of any party that handles your personal data, write to privacy@ownos.co.uk and we'll tell you.

7. International transfers

Where personal data may transit outside the UK / EU, we rely on UK IDTA (International Data Transfer Agreement) plus the EU SCCs as a fallback, and (where applicable) supplementary measures. Our default posture for residency-sensitive client engagements routes AI through AWS Bedrock eu-west-2 or GCP Vertex AI EU. See residency options.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, object to processing, and port your personal data. To exercise any right, write to privacy@ownos.co.uk. We respond within statutory windows.

You also have the right to complain to the ICO (ico.org.uk/make-a-complaint) although we would appreciate a chance to address concerns first.

9. Security

Encryption in transit (HTTPS / TLS) by default. Encryption at rest for stored submissions. Service-role credentials kept in environment variables, not in code. Access to the production environment is restricted to the founders. No client install data sits on this marketing site; this domain serves only the website.

10. Changes

Material changes will be announced on this page with an updated date stamp. The previous version is archived in our public git history.

11. Contact

Privacy queries: privacy@ownos.co.uk. Postal address: OwnOS Ltd, Liverpool, United Kingdom.