Legal

Privacy Policy

Last updated: January 1, 2025  ·  Effective: January 1, 2025

Owapps AI is committed to protecting the privacy of our clients, website visitors, and the individuals whose data may pass through the machine learning systems we build. This policy explains what we collect, why we collect it, and the controls you have over it.

On This Page

1. Who We Are

Owapps AI ("Owapps AI", "we", "us", or "our") is a machine learning solutions company. We design, develop, and deploy predictive analytics systems, anomaly detection tools, computer vision applications, recommendation engines, and related data intelligence services for businesses across a range of industries.

This Privacy Policy applies to:

  • Our website at owapps.com and any associated subdomains
  • Prospective and current clients who engage us for professional services
  • Individuals whose personal data is processed through ML systems we build on behalf of our clients
  • Job applicants, partners, and vendors who interact with us

For questions about this policy or our data practices, contact us at privacy@owapps.com.

2. Information We Collect

2.1 Information You Provide Directly

When you fill out our contact form, request a consultation, sign a services agreement, or otherwise interact with us, we may collect:

  • Name, job title, and company name
  • Business email address and phone number
  • Company size and industry
  • Project description and business challenge details you choose to share
  • Billing and payment information (processed via PCI-DSS compliant third-party processors)
  • Communications content - emails, messages, meeting notes

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical data, including:

  • IP address (truncated for anonymization where possible)
  • Browser type and version, operating system
  • Pages visited, time on page, referral source
  • Device identifiers and screen resolution

This data is collected through cookies and similar technologies described in Section 9.

2.3 Client-Provided Project Data

During the course of delivering ML services, clients provide us with datasets necessary for model training, validation, and deployment. The nature of this data varies by project and may include transactional records, operational logs, sensor readings, customer behavioral data, or other business datasets. See Section 4 for how we handle this data specifically.

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose Legal Basis (GDPR)
Responding to inquiries and delivering requested services Contract / Legitimate Interest
Scoping, designing, and building ML models for clients Contract
Sending service updates, proposals, and project communications Contract / Legitimate Interest
Sending marketing content to opted-in contacts Consent
Improving our website and service quality Legitimate Interest
Complying with legal obligations Legal Obligation
Fraud prevention and security Legitimate Interest

We do not use your personal data to train, test, or validate any of our machine learning models without your explicit, written consent.

4. Client Data & ML Projects

This section addresses the unique privacy considerations that arise from our core business: building and deploying machine learning systems that process data on behalf of our clients.

4.1 Data Processor Role

When we process personal data contained in a client's dataset as part of delivering ML services, we act as a data processor under applicable privacy law. Our client is the data controller - they determine the purposes and means of processing. We act strictly on documented instructions from the client.

4.2 Data Processing Agreements

All clients whose project data may contain personal information are required to sign a Data Processing Agreement (DPA) before project commencement. Our DPA details sub-processors used, security commitments, data subject rights assistance, and breach notification procedures.

4.3 Anonymization and Minimization

Wherever technically feasible, we advocate for and implement data minimization: we work with the least personally identifiable dataset necessary to achieve the required model performance. Where clients consent, we apply anonymization, pseudonymization, or differential privacy techniques prior to model training.

4.4 Model Outputs

Predictions, scores, and classifications produced by models we build (such as churn risk scores, fraud flags, or customer segments) may be considered derived personal data under applicable law. We help clients implement appropriate governance around how these outputs are used and communicated to affected individuals.

Important: Owapps AI never uses client project data - including any personal data within it - to build, benchmark, or improve our own internal models, products, or services. Client data is used exclusively to fulfill the contracted engagement.

4.5 Model Explainability

For models that produce decisions materially affecting individuals (such as credit risk scores or insurance pricing), we implement explainability mechanisms that allow clients to provide affected individuals with meaningful information about the logic of automated decision-making, in accordance with GDPR Article 22 requirements.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share information only in the following limited circumstances:

5.1 Service Providers (Sub-processors)

We engage a small number of vetted third-party service providers to support our operations. These include cloud infrastructure providers (such as AWS, Google Cloud, or Microsoft Azure), project management tools, payment processors, and communication platforms. All sub-processors are bound by data protection agreements and may only process data for specified purposes.

5.2 Legal Requirements

We may disclose personal data if required to do so by law, court order, regulatory authority, or to protect the rights, property, or safety of Owapps AI, our clients, or others. We will notify affected parties of such requests where legally permitted.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business assets, personal data may be transferred as part of that transaction. We will provide notice and, where required, seek consent prior to any such transfer.

5.4 With Your Consent

We may share your information in other ways if you have explicitly consented to it, such as featuring your company as a named case study on our website.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected or as required by law.

  • Prospective client data (contact form submissions, consultation notes): retained for 24 months from last interaction, then deleted or anonymized.
  • Active client data (contracts, project files, communications): retained for the duration of the engagement plus 7 years to meet financial and legal record-keeping obligations.
  • Client project datasets: returned to the client or securely destroyed within 30 days of project completion or contract termination, per the DPA.
  • Website analytics data: retained in aggregated, anonymized form for up to 26 months.
  • Marketing contact data: retained until you unsubscribe or withdraw consent.

You may request early deletion of your personal data at any time (see Section 8).

7. Security Practices

Owapps AI takes data security seriously. Given the sensitivity of the client data we handle, we maintain a comprehensive information security program that includes:

  • Encryption at rest and in transit - all project data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
  • Access controls - role-based access ensures only personnel who need project data can access it. Access is logged and reviewed quarterly.
  • SOC 2 Type II controls - our security program is aligned with SOC 2 Trust Service Criteria covering Security, Availability, and Confidentiality.
  • Isolated project environments - each client engagement operates in a dedicated, isolated cloud environment. Data from different clients is never co-mingled.
  • Penetration testing - we conduct annual third-party penetration tests on our infrastructure.
  • Incident response - we maintain a documented incident response plan and will notify affected clients and relevant authorities within 72 hours of confirming a personal data breach, in line with GDPR Article 33.
  • Employee training - all staff complete mandatory data protection and security awareness training annually.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 Rights Under GDPR (EEA & UK Residents)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations.
  • Right to Restriction: Request that we limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce significant effects, without human review.

8.2 Rights Under CCPA (California Residents)

California residents have the right to know what personal information we collect, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

8.3 Exercising Your Rights

To exercise any of the above rights, email privacy@owapps.com with the subject line "Privacy Rights Request". We will respond within 30 days. We may need to verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Tracking

Our website uses cookies and similar tracking technologies. We use:

  • Strictly necessary cookies - required for the website to function (e.g., session state). These cannot be disabled.
  • Analytics cookies - help us understand how visitors use our site (e.g., Google Analytics with IP anonymization enabled). Activated only with your consent.
  • Marketing cookies - used to deliver relevant content and measure campaign effectiveness. Activated only with your consent.

You can manage your cookie preferences at any time via the cookie consent banner on our website or your browser settings. Note that disabling certain cookies may affect website functionality.

10. International Data Transfers

Owapps AI is headquartered in the United States. If you are located in the European Economic Area, United Kingdom, or another region with data transfer restrictions, please be aware that your data may be transferred to and processed in the United States.

We ensure that any such international transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • Adequacy decisions where available

For client project data, transfers are governed by the Data Processing Agreement entered into at the start of the engagement, which specifies permitted transfer mechanisms.

11. Children's Privacy

Owapps AI's services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that personal data from a child has been collected without appropriate parental consent, we will take immediate steps to delete it.

If you believe we have inadvertently collected data from a minor, please contact us at privacy@owapps.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify active clients via email
  • Display a prominent notice on our website for 30 days following the change

We encourage you to review this policy periodically. Your continued use of our services after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact our Data Protection team:

Owapps AI - Privacy Team
Email: privacy@owapps.com
Phone: +1 (555) 400-7200

For EU/EEA residents, if you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner's Office (ICO) at ico.org.uk.