Security & Privacy
We build for Philippine SMBs. We take the Data Privacy Act, NPC guidance, and your customers' trust seriously.
Encrypted in transit & at rest
All traffic uses HTTPS. Data is stored in a managed PostgreSQL database with encryption at rest.
Row-level security
Every record is scoped to its owner. We use database policies so accounts can never see each other's data.
AI keys never leave the server
AI calls are made server-side. The model provider key is never exposed to the browser.
Privacy disclosures by default
Every published assistant shows visitors that they are chatting with AI and that answers may be wrong.
Aligned with NPC AI Advisory 2024-04
We follow privacy-by-design, allow human intervention, and avoid AI washing in product copy.
Abuse controls
Rate limits per IP, per assistant, and per account. Block list for unsafe content categories.
This page is maintained by OwnAI PH. It is not an independent certification. We are not SOC 2 or ISO 27001 certified yet. For data deletion requests, see Data deletion.