Security

Security at Own360

Last updated: 1 April 2026

Our Commitment

Security is foundational to Own360. Our entire architecture is built on the principle that customer data should never leave the customer's perimeter. PanScience Innovations LLP operates Own360 with the understanding that we are stewards of critical enterprise infrastructure.

Architecture & Data Sovereignty

  • Self-hosted by design: Own360 deploys on your infrastructure — on-premise, private cloud, or air-gapped environments. Your data never transits our servers.
  • Customer-controlled encryption keys: You own and manage your encryption keys. We cannot access your data even if we wanted to.
  • Per-module schema isolation: Each OwnApp operates in an isolated PostgreSQL schema, preventing cross-module data leakage.
  • No data sharing: We do not access, aggregate, or share customer data with any third party.

Encryption

  • At rest: AES-256-GCM encryption for all stored data.
  • In transit: TLS 1.3 for all network communication. No fallback to older protocols.
  • Key management: Customer-managed keys via HSM, AWS KMS, GCP Cloud KMS, or Azure Key Vault.

Authentication & Access Control

  • Protocol: OAuth 2.0 with PKCE. WebAuthn passkey support.
  • SSO: SAML 2.0 and OIDC federation.
  • MFA: TOTP, WebAuthn, and SMS OTP.
  • RBAC: Cascading role-based access control for both human users and AI agents.
  • Agent authentication: Scope-limited service tokens with RS256 signing. Permission evaluation under 5ms p99.

Audit & Observability

  • Immutable audit log: Every action by every user and agent is logged with a tamper-evident, append-only audit trail.
  • Full-stack observability: Distributed tracing, metrics, and logging across all 19 modules and the control plane.
  • Agent governance: Every AI agent action is auditable, with complete input/output logging and decision provenance.

Compliance

FrameworkStatus
SOC 2 Type IIAudit in process
ISO 27001Certification in process
GDPRCompliant by design
DPDP Act (India)Compliant by design
HIPAAArchitecture supports BAA

Infrastructure Security

  • Deployment options: On-premise (bare metal, VMware, k3s), private cloud (AWS EKS, GCP GKE, Azure AKS), or Own360-managed with 99.9% SLA.
  • Air-gapped support: Full offline deployment for highly regulated environments.
  • Network isolation: All inter-module communication routes through OwnCentral. No direct module-to-module communication.
  • Container security: Minimal base images, no root processes, read-only file systems where possible.

Vulnerability Management

  • Penetration testing: Annual third-party penetration testing.
  • Dependency scanning: Automated vulnerability scanning on every build.
  • Patch management: Critical vulnerabilities patched within 24 hours. High-severity within 7 days.
  • Responsible disclosure: Report vulnerabilities to security@own360.ai. We acknowledge within 48 hours.

Business Continuity

  • Backup: Automated daily backups with point-in-time recovery. Customer controls backup storage location.
  • Disaster recovery: Documented DR procedures with tested failover. RTO and RPO defined per deployment tier.
  • Uptime SLA: 99.9% for managed deployments.

Personnel Security

  • Background checks for all employees with access to customer environments.
  • Mandatory security awareness training.
  • Principle of least privilege for all internal access.
  • Access reviews conducted quarterly.

Questions

For security questions, DPA requests, or to report a vulnerability:

PanScience Innovations LLP
Security: security@own360.ai
Legal/DPA: legal@own360.ai
General: Contact us