Skip to main content

Data Handling

Who this is for

Security teams and auditors evaluating data protection practices.

Goal

Understand how Owlie stores, processes, and protects customer data.

Prereqs

/fundamentals/audits-evidence

Success criteria

You can explain the data Owlie stores and how it is protected.

Data types

Identity profiles and attributes
Accounts and entitlements from connected systems
Requests, tickets, and audit evidence

How Owlie handles data

Data is stored per tenant and accessed with role‑based permissions.
API access is authenticated with API keys.

What’s different vs typical IGA

Owlie uses a request and ticket model as the primary evidence trail rather than separate audit systems.

What Owlie does not do

Customer‑managed encryption keys are not documented yet.

Example

An auditor needs to review access requests for a quarter. You export only the relevant tenant data for that date range.

Troubleshooting

If data retention requirements are unclear, confirm expectations with your compliance policy.

Assumptions & Questions

What are the exact retention defaults and encryption details?

Next steps

/security/audit-logging
/implement/reporting/audit-evidence-export

Who this is for
Goal
Prereqs
Success criteria
Data types
How Owlie handles data
What’s different vs typical IGA
What Owlie does not do
Example
Troubleshooting
Assumptions & Questions
Next steps