Privacy Policy

Account information

When you create an Ownich account, we collect your name, email address, and a hashed password. If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.

Item and certificate data

When you register an item, we collect the details you provide: item name, brand, model, serial number, condition, photographs, and any supporting documentation. This data forms the basis of your digital ownership certificate.

Usage data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This helps us diagnose issues and improve the platform.

Payment information

We do not store payment card details. Payments are processed by our third-party payment provider and are subject to their privacy policy.

Providing the service

We use your data to create and manage your account, issue digital ownership certificates, generate market valuations, and enable certificate verification by third parties.

Communications

We may send you transactional emails (certificate issuance, account security alerts) and, with your consent, product updates and marketing communications. You can unsubscribe at any time.

Security and fraud prevention

We use account and usage data to detect suspicious activity, prevent fraud, and protect the integrity of the certificate registry.

Service improvement

Aggregated, anonymised usage data helps us understand how the platform is used and where we can improve. We do not sell individual-level data.

What is publicly visible

When a certificate is verified via the /verify page or API, the following information is disclosed to the verifier: item name, category, brand, model, condition, certificate ID, registration date, and current owner name (first initial and surname only). Serial numbers are shown only to the registered owner.

Ownership transfers

Transfer history (dates and anonymised owner identifiers) is recorded on the blockchain and is permanently visible to anyone who verifies the certificate. Consider this before registering items.

Opting out of public verification

Pro and Business subscribers may set a certificate to "private" — it will not appear in public verification searches. The certificate remains valid and can be shared via a private link.

We do not sell your data

Ownich does not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service providers

We share data with trusted third-party providers who help us operate the platform — including cloud hosting, payment processing, and email delivery. These providers are contractually bound to process data only on our instructions.

Legal obligations

We may disclose data if required by law, court order, or to protect the rights, property, or safety of Ownich, our users, or the public.

Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Account data

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

Certificate data

Ownership certificate records are retained indefinitely to maintain the integrity of the registry. If you delete your account, your name is replaced with an anonymised identifier on existing certificates.

Blockchain records

Data written to the blockchain (certificate hashes and transfer records) is permanent and cannot be deleted. We do not write personal information directly to the blockchain — only cryptographic hashes.

Access and portability

You may request a copy of the personal data we hold about you at any time. We will provide it in a machine-readable format within 30 days.

Correction

You may update your account information at any time from your profile settings. If you believe we hold inaccurate data, contact us and we will correct it promptly.

Deletion

You may request deletion of your account and personal data. See the Data Retention section above for limitations relating to certificate records.

Objection and restriction

You may object to or request restriction of certain processing activities, including direct marketing. Contact us at [email protected] to exercise these rights.

Complaints

If you are in the UK or EEA, you have the right to lodge a complaint with your local data protection authority (in the UK: the ICO at ico.org.uk).

Essential cookies

We use session cookies to keep you logged in and to protect against cross-site request forgery. These are strictly necessary and cannot be disabled.

Analytics

With your consent, we use privacy-respecting analytics to understand how the platform is used. No data is shared with advertising networks.

Managing cookies

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

Technical measures

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed using bcrypt. We conduct regular security reviews and penetration tests.

Access controls

Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

Breach notification

In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by applicable law.

Notification of changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on the platform at least 14 days before the changes take effect.

Continued use

Your continued use of Ownich after the effective date of any changes constitutes your acceptance of the updated policy.

Data controller

Ownich Ltd is the data controller for personal data processed through this platform.

Privacy enquiries

For any privacy-related questions, requests, or complaints, please contact our Data Protection Officer at [email protected] or write to: Ownich Ltd, Data Protection Officer, [Registered Address].