Last updated: 2026-05-02
Owldit ERP is currently in active development and closed beta testing. Features, data structures, and this policy may change as the product evolves. Data created during the beta period is for testing purposes and should not be relied upon as a production system. We will notify all users before any material changes to this policy.
Owldit ERP ("Owldit", "we", "us") is a multi-region ERP platform for retail and service businesses, developed by Owldit Ltd. This policy explains how we collect, use, and protect your information when you use our application and related services.
Account data: name, email address, and password (stored as a bcrypt hash — we never store plaintext passwords).
Business data: products, customers, sales, invoices, financial transactions, appointments, and other operational data you enter into the system. This data belongs to you.
Usage data: we collect anonymised usage analytics (page views, feature usage, error rates) to improve the product. This can be disabled in Settings → Privacy.
Authentication data: session tokens, refresh tokens (stored as SHA-256 hashes), and optional TOTP 2FA secrets (encrypted with AES-256-GCM).
• Credit card or payment card data — we do not process payments.
• Third-party tracking cookies — we do not use Google Analytics, Facebook Pixel, or similar services.
• Biometric data.
• Data from your device beyond what is necessary to operate the application (browser type, screen size for responsive layout).
• To provide the service: your business data is used exclusively to power the ERP features you use (sales, inventory, finance, etc.).
• To improve the product: anonymised usage data helps us understand which features are used and where errors occur.
• To communicate with you: transactional emails (password reset, invoice notifications) sent only when triggered by your actions.
We do not sell, rent, or share your data with third parties for marketing purposes.
Owldit is a multi-tenant system. Each business ("tenant") has its data completely isolated. Every database query is scoped to your business identity. Users from one business can never access data from another business. Cross-tenant access attempts are blocked and logged.
All data is stored on AWS infrastructure in the eu-west-2 (London, United Kingdom) region. Data is encrypted at rest (AES-256 on EBS volumes and S3 backups) and in transit (TLS 1.2/1.3).
• Business data: retained for as long as your account is active. You can request deletion at any time.
• Usage analytics: retained for 7 to 90 days depending on your chosen retention profile (configurable in Settings).
• Backups: daily backups retained for 30 days, then automatically deleted.
• Deleted accounts: all data is permanently removed within 30 days of account deletion.
We use the following third-party services:
• Amazon Web Services (AWS): infrastructure hosting (EC2, RDS, S3). Data stays within the EU-West-2 region.
• Google APIs: optional calendar integration (Google Calendar Sync). When enabled, we request read/write access to your calendar events. We only access calendar data necessary for appointment synchronisation and do not store your Google credentials — authentication uses OAuth 2.0 tokens managed by Google.
We do not share your business data with any other third-party service unless you explicitly enable an integration.
Owldit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Under GDPR (UK/EU) and LGPD (Brazil), you have the right to:
• Access your data — request a copy of all data we hold about you.
• Rectify your data — correct any inaccurate information.
• Delete your data — request permanent deletion of your account and all associated data.
• Export your data — download your business data in standard formats.
• Withdraw consent — disable usage analytics at any time in Settings.
To exercise any of these rights, contact us at the email below.
We implement industry-standard security measures including encrypted storage, bcrypt password hashing, JWT token rotation with theft detection, optional TOTP two-factor authentication, rate limiting, and daily encrypted backups. For full details, see our Security page.
Owldit is a business tool and is not intended for use by individuals under 16 years of age. We do not knowingly collect data from children.
We may update this policy as the product evolves. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. Continued use of the service after changes constitutes acceptance.
For privacy questions, data requests, or concerns:
rnbronzeli@gmail.com
Owldit Ltd · London, United Kingdom