Privacy Policy

Effective 2026-06-12 · Ownly (Divine Life Enterprises) · DRAFT — pending legal review

1. Overview

This policy explains what Ownly collects, why, and your choices. It will be finalized with counsel before public launch.

2. What we collect

Account: your email and profile. Content: files you upload and their derivatives. Usage & audit: access events, IP address, and user-agent — captured for signer attribution and the tamper-evident ledger. Payment: handled by Stripe; we store only customer and subscription identifiers, never card numbers.

3. How we use it

To operate the Service: authenticate you, store and deliver content, embed markers, run the e-signature flow, send transactional email, process payments, and secure the platform.

4. Processors we share with

Supabase (authentication, database, storage), Stripe (payments), Resend (transactional email), and Cloudflare (storage/CDN). Each processes data only to provide its function. We do not sell your data.

5. The append-only ledger

Access events, signature events, and completion certificates are immutable by design — they cannot be altered or individually deleted, which is what makes the audit trail trustworthy. This limits certain deletion requests for those specific records; see §7.

6. Retention

We keep account and content data while your account is active. Audit/ledger records are retained as evidence of who-did-what-when, consistent with their tamper-evident purpose.

7. Your rights

You may access, correct, or request deletion of your account and content. Immutable ledger entries (§5) are retained where deletion would defeat their evidentiary purpose or where law requires retention; counsel will define the exact scope.

8. Cookies & sessions

We use cookies/local storage only for authentication and session management — not third-party advertising.

9. Security

We use row-level security, scoped access tokens, and transport encryption. No method is perfectly secure; we cannot guarantee absolute security.

10. Children

The Service is not directed to anyone under 18, and we do not knowingly collect their data.

11. International transfers

Data may be processed in regions where our processors operate; safeguards to be confirmed with counsel.

12. Changes

We may update this policy; material changes will be notified.

13. Contact

Privacy questions: legal@ownly.app.