Legal
Security
Ownstack uses a security-first architecture. This page describes the control-plane posture reflected in the product; it is not a certification statement.
Last updated: May 30, 2026
Architecture principles
- Role-based access control (RBAC) for operator surfaces
- Tenant isolation and entitlement boundaries
- Audit trails for lifecycle-changing actions
- Server-owned writes for sensitive public intake and Demo Studio mutations
Identity and payments
Firebase Authentication secures user identity. Stripe handles payment card data; Ownstack does not store raw card numbers in tenant runtime flows.
Public marketing intake
Demo booking, inquiries, investor forms, and newsletter signup use rate limiting, consent checks, honeypot protection where applicable, and reCAPTCHA v3 when configured.
Contact
Security questions: support@ownstack.co