Privacy Policy

Last updated: March 6, 2026

Who We Are

OwndUp ("we", "our", or "us") provides asset custody and tracking software for businesses. Our registered contact email is hello@owndup.com. This Privacy Policy explains how we collect, use, and protect information when you use our website at owndup.com and our application (collectively, the "Service").

What Data We Collect

Account Data

When you create an account we collect your name, email address, and organisation name. If you were invited by a colleague, we store that relationship.

Usage Data

We log actions taken inside the application (audit trail) to provide accountability features. Logs include the action type, the affected resource, the user who performed it, and a timestamp. Server access logs (IP address, browser, request path) are retained for up to 90 days for security purposes.

Payment Data

Payments are processed by Stripe, Inc. We do not store card numbers or banking details on our servers. Stripe may collect billing name, card details, and billing address. Please review Stripe's Privacy Policy for details.

Analytics Data

We use Google Analytics 4 (GA4) on our marketing website to understand visitor behaviour. GA4 is only loaded after you explicitly consent via our cookie banner. If you decline, no analytics cookies are set and no data is sent to Google.

How We Use Your Data

  • To provide and operate the Service (account management, asset tracking, transfer workflows).
  • To send transactional emails such as invitations, renewal reminders, and billing notifications.
  • To process payments and manage subscriptions via Stripe.
  • To improve the Service using aggregated, anonymised analytics.
  • To comply with legal obligations and enforce our Terms of Service.

We do not use your data for advertising and we do not sell personal data to third parties.

Cookies & Analytics

We use the following categories of cookies:

  • Strictly necessary — authentication session cookies required to log you in. These cannot be disabled.
  • Analytics (optional) — Google Analytics 4 cookies (_ga, _ga_*) that help us measure page traffic. Only set after you consent.

You can withdraw analytics consent at any time by clearing cookies or revisiting the cookie banner.

Data Sharing

We share data only with the sub-processors required to operate the Service:

  • Stripe, Inc. — payment processing (USA; Standard Contractual Clauses apply).
  • Google LLC — analytics (USA; consent-based; Standard Contractual Clauses apply).
  • Microsoft Azure — cloud hosting and database infrastructure (EU region).

We do not sell, rent, or trade your personal data to any other third parties.

Data Retention

Account data is retained for as long as your organisation has an active or trial subscription. After a subscription is cancelled, data is retained for 60 days before being permanently deleted. You may request earlier deletion by contacting us at hello@owndup.com. Server access logs are deleted after 90 days.

Your Rights

GDPR (EEA & UK residents)

Under the General Data Protection Regulation you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — request that we limit how we use your data while a dispute is resolved.

CCPA (California residents)

California residents have the right to:

  • Know — what personal information we collect, use, disclose, or sell.
  • Delete — request deletion of personal information we have collected.
  • Opt-out — we do not sell personal information, so no opt-out is needed.
  • Non-discrimination — we will not discriminate against you for exercising these rights.

Contact

To exercise any of your rights, or if you have questions about this policy, please contact us at hello@owndup.com. We will respond within 30 days.

If you are in the EEA and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority.

Back to homepage