Owentra ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use and share it, how we protect it, and the rights you have over it when you use the Owentra platform, website, and associated services (collectively, the "Service").
We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.
localStorage on your visitors' devices to resume chat sessions across page loads. This is not a tracking cookie and does not leave the visitor's browser.We use the information we collect for the following purposes:
| Purpose | Categories of data used |
|---|---|
| Provide, operate, and maintain the Service | Account data, bot config, conversation data |
| Process payments and manage subscriptions | Billing data, Razorpay events |
| Send transactional emails (password reset, payment confirmation, trial notices) | Email address |
| Deliver OTP verification emails on behalf of your bots | Visitor email address (your data) |
| Detect, investigate, and prevent fraud or abuse | Log data, IP address, usage data |
| Enforce our Terms of Service | Account data, usage data |
| Improve the platform (aggregate, anonymised analytics) | Anonymised usage data |
| Respond to your support requests | Account data, support communications |
| Comply with legal obligations | All applicable categories |
We do not sell your personal data. We do not use your data for behavioural advertising. We do not share your data with third-party advertisers.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
We share personal data only in the following circumstances:
We use the following third-party services to operate the platform. Each is bound by a data processing agreement:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Razorpay | Payment processing and subscription management | India |
| Google (OAuth2) | Optional social sign-in | USA |
| Transactional email provider | System email delivery (configured per deployment) | Per deployment |
| Hosting / cloud infrastructure provider | Server infrastructure and data storage | Per deployment |
| Redis / message broker | Real-time WebSocket routing | Per deployment |
We may disclose your information where required to comply with a legal obligation, court order, or valid government request, or where necessary to protect the rights, property, or safety of Owentra, our users, or the public.
If Owentra is acquired, merges with another company, or sells substantially all of its assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your data is subject to a different privacy policy.
We may share data for any other purpose with your explicit prior consent.
We use a minimal set of technologies to make the Service work:
| Name / Type | Purpose | Duration |
|---|---|---|
sessionid (session cookie) | Keeps you authenticated across requests | Session / browser close |
csrftoken (security cookie) | Protects forms against CSRF attacks (required) | 1 year |
| Widget localStorage key | Resumes visitor chat sessions on your embedded widget. Not a cookie; never sent to our servers. | Browser local storage |
We do not use third-party advertising cookies, cross-site tracking pixels, or analytics tools that fingerprint individual users.
We implement industry-standard technical and organisational measures to protect your data:
Despite our efforts, no system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable supervisory authority within 72 hours of becoming aware of it, as required by GDPR Article 33.
Owentra is operated from India. If you access the Service from the EEA, UK, or other regions with data protection laws, your information may be transferred to and processed in India or the jurisdiction where our infrastructure providers operate.
Where we transfer personal data from the EEA or UK to countries not recognised as providing an adequate level of protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we ensure that the recipient is certified under an equivalent framework.
You may request details of the specific safeguards we use by contacting us at teams.owentra@gmail.com.
The Service is not directed at children under the age of 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without parental consent, please contact us immediately and we will delete that information.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, email teams.owentra@gmail.com. We will respond within 30 days. We may need to verify your identity before processing requests. Requests are free of charge unless manifestly unfounded or excessive.
If you are unhappy with how we handle your request, you have the right to lodge a complaint with your local data protection supervisory authority.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you additional rights:
To exercise California rights, email teams.owentra@gmail.com with the subject line "California Privacy Rights Request".
If you use Owentra to collect and process personal data from your end-users (e.g., via chat widgets), you are the data controller and Owentra is your data processor. By accepting these terms and using the Service, you also accept our Data Processing Agreement (DPA), which sets out the terms under which we process personal data on your behalf.
Enterprise customers may request a signed DPA by emailing teams.owentra@gmail.com.
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or applicable law. When we make material changes, we will:
Your continued use of the Service after the effective date constitutes acceptance of the revised Policy. If you do not agree to the changes, you should stop using the Service and delete your account before the effective date.
For privacy questions, rights requests, or complaints:
If you are in the EEA or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with the data protection supervisory authority in your member state or country.