Who we are.
OwnAI is a product of Reyatech Systems Private Limited (CIN: U62013KA2025PTC212560), with registered office at HRBR, Bangalore, Karnataka – 560043, India. For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDPA") and the DPDP Rules 2025, Reyatech acts as Data Processor for customer-uploaded enterprise data, and as Data Fiduciary for personal data submitted directly to this website (e.g. discovery-call form, newsletter).
More background on the entity and its operators is on the About page.
What personal data we collect.
We collect the minimum data required to respond to enquiries and operate the website securely. The full inventory:
| Data class | Examples | Source |
|---|---|---|
| Form submissions | Name, work email, company, role, vertical, team size, free-text concern field. | Provided by you on the Contact form. |
| Newsletter | Email address. | Provided by you when you subscribe. |
| Server logs | Source IP, user-agent, request path, response code, timestamp. | Generated automatically per request. |
| Session cookie | Anti-CSRF token for the form. No tracking ID. | Set when you load the Contact page. |
We do not collect: device fingerprints, behavioural analytics, advertising IDs, location beyond country-level inferred from IP, or any data from third-party trackers.
Purpose of processing.
We process the data above only for these purposes:
- Respond to your enquiry. Form submissions are routed to the founder's inbox; we reply within 24h IST.
- Deliver the newsletter if you have subscribed. One-click unsubscribe in every issue.
- Operate and secure the website. Server logs are used for performance monitoring, abuse detection, and rate-limiting.
We do not use personal data submitted on this website to train any AI model. We never resell or share enquiry data with third parties.
Legal basis.
| Activity | Legal basis (DPDPA) |
|---|---|
| Responding to your form submission | Consent — implied by your submission. Inspection of clear notice on the form itself. |
| Newsletter delivery | Consent — opt-in, no consent default-on. |
| Security logs & abuse detection | Legitimate interest — operating a secure website. |
Retention period.
| Data class | Retained for |
|---|---|
| Form submissions | 24 months from last contact, then archived 12 months, then deleted. Earlier on request. |
| Newsletter list | Until you unsubscribe. One-click unsubscribe in every issue. |
| Server logs | 90 days, then aggregated to anonymous counts. |
Cross-border transfer.
Production (customer deployments): none. All inference and audit logs stay on customer hardware in India. Reyatech makes no outbound call from production.
Training phase (cloud fine-tuning): yes, with consent and contract. Customer training data is uploaded over TLS 1.3 to a Reyatech-managed cloud GPU (RunPod A100 80 GB, vendor-substitutable) for the duration of a fine-tuning run. The cloud volume is destroyed within 7 days of adapter delivery; a signed certificate of destruction is provided.
This website's data: hosted in India. No transfer to non-India jurisdictions for the personal data you provide on this site.
Your rights as a Data Principal.
Under DPDPA, you have the right to:
- Access — request a summary of personal data we hold on you.
- Correction — ask us to correct inaccuracies.
- Erasure — request deletion (subject to overriding legal obligations).
- Grievance redressal — escalate complaints to our Grievance Officer (below). Unresolved complaints can be escalated to the Data Protection Board of India.
- Withdraw consent — at any time. Withdrawal takes effect from the date received; it does not undo prior lawful processing.
- Nominate a successor under DPDPA §14.
To exercise any of these rights, email privacy@reyatech.com. We acknowledge within 72 hours and respond substantively within 30 days.
Grievance Officer / DPO.
Updates & effective date.
We publish material changes to this policy at this URL with the version number and effective date at the top. Subscribers and active enquiries are notified by email of material changes 14 days before they take effect.
This policy is published in good faith and reflects current practice. It is not a substitute for legal advice — for customer-specific obligations, refer to the executed Data Processing Agreement (DPA Template).