Privacy Policy

The controller for the processing of personal data on this website is:

When you create an account, we store your name, email address, language, currency, hashed password (if you sign up with email and password), and your verification status. If you sign in with GitHub or Google, we receive your name, email address, and a provider account identifier from the respective provider. We use this data to authenticate you, to associate your activity with your account, and to send you transactional emails such as verification or password reset messages.

Legal basis: performance of a contract (Art. 6 (1) (b) GDPR).

We use strictly necessary cookies to keep you signed in and to protect your session. These cookies store a session token, your IP address, and your user agent for security purposes. We do not use advertising or third-party tracking cookies.

Legal basis: legitimate interest in operating a secure service (Art. 6 (1) (f) GDPR) and performance of a contract (Art. 6 (1) (b) GDPR).

Credit purchases are processed by Stripe Payments Europe, Ltd. (Stripe). When you make a payment, Stripe receives the data required to process the transaction (such as name, email address, billing address, and payment method details). We receive a Stripe customer ID, payment status, and the amount of the purchase, but we never see your full payment card details. Stripe acts as an independent controller for the payment data it processes.

You can also use ownAI without Stripe: contact us at support@ownai.com to request manual account activation and to top up your balance by invoice or advance bank transfer. In that case no data is transmitted to Stripe — we only process the contact and billing details required to issue an invoice and process the transfer.

Legal basis: performance of a contract (Art. 6 (1) (b) GDPR).

More information: https://stripe.com/privacy

If you use ownAI Credits, requests from the ownAI desktop app are routed through our LLM proxy (LiteLLM) to the AI provider you select. For each request, we store usage and cost data (such as model, token counts, and spend) to bill your credit balance and show you your usage. The content of your prompts and responses is forwarded to the selected AI provider, which processes it under its own privacy policy. If you bring your own API key or run a local model, your prompts and responses are not routed through our infrastructure.

Legal basis: performance of a contract (Art. 6 (1) (b) GDPR).

When you download the ownAI desktop application or when the application checks for updates, our servers process standard request data (such as your IP address, the requested file, and the time of the request) in log files. Release artefacts are hosted at Codeberg; following a download link may transmit your IP address to Codeberg.

Legal basis: legitimate interest in operating and securing the service (Art. 6 (1) (f) GDPR).

Our servers automatically record technical information about every request (such as IP address, timestamp, requested URL, HTTP status, and user agent). These logs are used to operate the service, to identify and resolve errors, and to detect abuse. They are stored for a limited period and then deleted or anonymized.

We use the following service providers to operate the platform:

• Hosting and operation of the platform infrastructure: Hetzner Online GmbH, Gunzenhausen, Germany
• Payment processing: Stripe Payments Europe, Ltd., Dublin, Ireland
• Hosting of release artifacts and source code: Codeberg e.V., Berlin, Germany
• Operators of large language models (LLMs): We offer you a choice between the following providers:
  • Scaleway SAS, Paris, France
  • Infomaniak Network AG, Geneva, Switzerland
  • Anthropic PBC, San Francisco, USA
  • OpenAI OpCo, LLC, San Francisco, USA
  When using a local model, no data is forwarded to these providers.
• Delivery of transactional emails: Scaleway SAS, Paris, France

We keep account data for as long as your account exists. Credit transactions and invoices are retained for as long as required by applicable accounting and tax law. Server logs are deleted or anonymized after a short retention period.

Under the GDPR you have the right to access, rectify, erase, and restrict processing of your personal data, the right to data portability, and the right to object to processing. To exercise these rights, please contact us at info@ownai.com. You also have the right to lodge a complaint with a data protection supervisory authority.

We may update this Privacy Policy as the service evolves. The latest version is always available on this page.