Skip to content

Privacy

What we store, and what we deliberately do not.

ony.ai is open-core and self-hostable. When you self-host, your data lives entirely in your own database and never reaches us. This page describes the hosted service and the software's behavior in plain language.

Version 1, July 2026

Self-hosted versus hosted

The ony.ai software is open source under AGPL-3.0. If you run it yourself, every piece of data described below lives in infrastructure you control and never transits ony.ai. The hosted service runs the same software on our infrastructure; this policy describes both, and calls out any difference.

What is stored

The system of record is a Postgres database. It holds:

Organizations and usersEmail, name, hashed password (PBKDF2, never plaintext), role, and timezone.
Phone numberUsed to place calls and send SMS. Masked in logs and in the team view.
Linked chat IDsTelegram or Slack IDs, only to route escalation approvals to you.
Authenticator secretsTOTP secrets, encrypted at rest.
HandoffsThe action type, server-derived risk, a short title and summary, options, and your decision.
Attached payloadA diff, log, or command an agent attaches. Sensitive, shown only in the authenticated dashboard, and scrubbed by retention.
Audit chainWho decided what, and when. Append-only and tamper-evident.

Ephemeral coordination state (rate-limit windows, in-flight call state) lives in Redis or in memory and is not a system of record.

What is deliberately not stored or exposed

  • Call audio and transcripts. Inbound voice turns are processed to form a reply and never written to the audit chain.
  • Your code or secrets over voice, SMS, or chat. Those channels carry only the action, its risk, and a redacted gist.
  • Secrets in the audit chain. Audit metadata never contains the attached payload, the raw command, or tokens.
  • The agent's own risk claim. It is discarded; risk is re-derived on the server.
  • Analytics or telemetry. Nothing is sent to us or to any third party for tracking.

Where data flows

Ony talks only to the providers you configure. Nothing else receives your data.

  • Telephony (SignalWire, Twilio, Telnyx, or Plivo): receives the callee's phone number and the spoken action and risk text needed to place the call or SMS. No payload content.
  • Model (optional): the voice agent and the payload summarizer. The summarizer sends redacted input, with recognizable secrets stripped before egress. It can be disabled entirely, and the deterministic paths still work.
  • Email (optional SMTP relay): password reset, invite, and welcome mail.
  • Identity (optional OIDC provider): email, name, and group claims for single sign-on.

No analytics or telemetry is sent anywhere. The internal metrics endpoint carries closed-enum labels only and contains no personal data.

Retention and deletion

  • Payload retention. A daily sweep can scrub the large attached payload off handoffs older than a configured window, keeping the metadata and the audit chain. This minimizes how long sensitive content is retained.
  • Member deactivation. Removing a member is a soft delete: access is revoked and the seat freed, but the row is retained so the audit trail stays attributable and verifiable.
  • Right to erasure. An organization admin can permanently delete the entire organization and everything under it (users, devices, handoffs, calls, and the whole audit chain). This is irreversible.
  • Backups. If configured, encrypted database backups are retained per your backup policy. Factor them into an erasure request.

Tenant isolation

Every data path is scoped to your organization. Cross-tenant reads are impossible by construction and covered by tests. Roles (admin, member, viewer) gate what a member can do within their own organization.

Contact

Questions about this policy or a data request: [email protected]. Security issues: [email protected]. The full technical reference lives in thedata-handling documentation. This is a version 1 policy for a pre-release product and may change as the hosted service opens; we will date any revision here.