Privacy Policy
Last updated: April 21, 2026
ownMDM is designed with privacy at its core. All device management data lives on your infrastructure — we never see it.
1. What We Collect
- –Account: email, company name, password (hashed)
- –Usage: login timestamps, feature usage metrics
- –Devices: serial numbers, OS versions, compliance data (stored on YOUR server)
- –Technical: IP addresses, browser type (for security)
2. What We DON'T Collect
- ✕Device content or files
- ✕User browsing history
- ✕Biometric data
- ✕Data from managed Macs (this stays on your server)
3. How We Use Data
- –Account management and authentication
- –Service delivery and support
- –Security monitoring and abuse prevention
- –Product improvement (aggregated, anonymized)
4. Data Storage
- –Self-hosted: ALL device and management data stays on YOUR infrastructure
- –Account data: stored in our systems (EU-hosted)
- –Passwords: bcrypt hashed, never stored in plaintext
5. Data Sharing
- –We do NOT sell your data
- –We do NOT share data with third parties
- –Exception: law enforcement with valid legal process
6. Your Rights (GDPR)
- –Access: request a copy of your data
- –Rectification: correct inaccurate data
- –Erasure: request deletion of your data
- –Portability: export your data in standard formats
- –Objection: opt out of non-essential processing
7. Cookies
- –Essential: authentication, session management
- –Optional: analytics (with consent)
- –See Cookie Preferences in the consent banner
8. Data Retention
- –Active accounts: retained while account is active
- –Cancelled accounts: data retained 60 days, then purged
- –Audit logs: retained per plan (7–90 days)
9. Security
- –TLS 1.3 in transit
- –AES-256 at rest
- –bcrypt password hashing
- –Regular security audits
Privacy inquiries: privacy@ownmdm.com · Data Protection Officer: dpo@ownmdm.com