Oviro is a self-hosted software platform designed to protect your privacy and data. Business data is stored and processed entirely within systems you control.
Table of contents
1. Self-hosted overview
What does self-hosted mean?
- The software is deployed and operated on infrastructure you control.
- Your business data does not leave your systems unless you explicitly configure integrations.
- You retain ownership and operational control over your data.
- No third party can access business data without your authorization.
Security commitment
With the self-hosted model, Oviro does not collect, store, or access your operational business data by default. Data remains inside the environment you manage.
2. Data collection
We do not collect
- Your customer data
- Order information
- Financial records
- Product and warehouse data
- Employee data
- Business reports
- Internal system configuration
- Any other operational data inside your deployed system
We only collect with your consent
- Basic contact information: name, email, and phone number when you request a consultation or purchase services.
- Optional technical details: version details, logs, or error information you voluntarily share for support.
- Website analytics: aggregated traffic analytics for our public website, not business data from your self-hosted system.
3. Data storage and processing
Business data
- Stored within your own systems
- Not synced to external servers by default
- Backups and recovery remain under your control
- Aligned with your internal security policies
Service data
- Account and contact information used for support
- Sensitive fields protected using appropriate safeguards
- Handled in line with applicable legal requirements
- Can be updated or deleted upon request where applicable
Data handling flow
4. Data security
Encryption
We recommend strong encryption for data at rest and in transit based on your compliance requirements.
Access control
Use role-based permissions, layered authentication, and access reviews to reduce risk.
Monitoring
We encourage logging, alerting, and incident response processes for ongoing security operations.
Recommended safeguards
System security
- Regular security updates
- Network firewall and access controls
- Encrypted backups
- Service and environment isolation
Application security
- OWASP-aligned practices
- Protection against SQL Injection, XSS, and CSRF
- Rate limiting and session control
- End-to-end logging and observability
5. User rights
Full rights over business data
- Own your data
- Control access permissions
- Back up and migrate freely
- Delete data at any time
- Customize security settings
- Maintain audit logs where configured
Rights over account information
Access
Review and download personal information we keep for service delivery and support.
Correction
Update or correct account information at any time.
Deletion
Request deletion of your account information where applicable.
Complaint
Contact us or the appropriate regulator if you believe data rights have been violated.
6. Compliance
Vietnamese law
- Law on Cyber Information Security No. 86/2015/QH13
- Decree 13/2023/ND-CP on personal data protection
International references
- Data governance and privacy principles relevant to enterprise software operations.
- Modern software security practices for deployment and maintenance.
Compliance commitments
Periodic review
Security configurations and operational procedures should be reviewed on a regular basis.
Process discipline
Clear support, access control, and incident handling processes should be maintained.
Policy updates
Policies may be updated as legal requirements or service practices evolve.
This policy was last updated on 10/01/2025.