DPO & compliance

The file that helps the DPO say yes.

OwnLLM clarifies where data flows, who can access the service, how keys are revoked, which metadata is audited, and what stays under customer control.

Join the waitlist

Access control

SSO

SAML/OIDC on Pro, SCIM, and admin 2FA required on Enterprise.

Logs

90j+

Audit metadata on Pro, 12 months and export on Enterprise.

Inference

Local

Models run on the customer's paired machine.

Compliance objections handled before the call

Employee offboarding

SCIM deprovisioning and centralized API key revocation limit post-departure risk.

AI responsibility

OwnLLM provides the infrastructure. The customer remains responsible for the use cases and models it enables.

DPA and subprocessors

EU subprocessors for the control plane, standard DPA, and customizable Enterprise version.

DPO questions and short answers

Where is the data?

Control plane metadata in Europe.

The OwnLLM web app is not air-gapped in v1.

Local inference and configurable retention.

Who can access it?

SSO, admin/member roles, API scopes.

Magic link only on Starter.

SSO Pro, SCIM Enterprise.

What do you log?

Usage, model, tokens, timestamp, channel.

No prompt content in audit by default.

Useful logs without exposing prompts.

What about Cloudflare risk?

Outbound tunnel, TLS, shared secret.

Relay dependency in v1.

Self-hosted relay path once scale justifies it.

Compliance is not a blocker. It is the sales lever.

For regulated SMBs, OwnLLM turns 'can we use AI?' into 'which machine and which policies do we enable?'.

Request beta access