Privacy Policy

Personal data, or personal information, means any information about an individual from which that person can be identified.

• Identity Data — Includes first name, last name, username or similar identifier.
• Contact Data — Includes corporate email address and telephone numbers.
• Technical Data — Includes internet protocol (IP) address, login data, browser type.
• Integration Data — Metadata from connected toolchains (e.g. Jira issue IDs, Github PRs).

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with your organization.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation (e.g. SOC2 auditing requirements).

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. OwnershipFlow undergoes continuous automated vulnerability scanning and annual third-party penetration testing.

Under certain circumstances, you have rights under data protection laws (including GDPR and CCPA) in relation to your personal data, including the right to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.