Docs.

For buyers evaluating the build, IT teams on your side, and integrators who'll be involved. This is the technical reference for what an Ownly agent connects to, what we keep private, and what your team will see. For the "what can it actually do for me" view, head to the Hub.

Gmail · Outlook · IMAP

Your agent needs read and send access to do email triage and follow-ups. We connect in one of four ways, depending on what you use. All four keep credentials on your dedicated server — nothing transits a shared pool.

1. Authorize Gmail

From the onboarding link we send you, click Connect Gmail. Google shows a consent screen listing the scopes we request. You approve, your agent now has the access it needs and nothing more.

2. Choose scopes

An Ownly agent requests the minimum scopes for its job. For an inbox-triage agent, that's typically gmail.readonly, gmail.send, and gmail.modify. We never ask for full account access.

3. Test the connection

The agent's first action is read-only: it lists the last 10 labels on your inbox and posts them back to you in Telegram or Slack. If you see the list, you're connected. If you don't, we walk you through it in a 10-minute call.

Revoking access

Two paths: (1) From your Google account, revoke Ownly's access at myaccount.google.com/permissions. (2) Email admin@ownlyagent.com and we revoke server-side, then send you a confirmation when keys are wiped.

Troubleshooting

Most connection issues are scope mismatches (the agent needs gmail.modify to label or archive). Less commonly, it's MFA-blocked IMAP. Either way, the agent retries with backoff and Telegrams you if it can't recover on its own.

QuickBooks · Xero · Wave

The bookkeeper agent connects to your books via OAuth (QuickBooks Online, Xero) or scoped API key (Wave). Read access for reconciliation + categorization; write access for posting transactions and creating invoices, gated by your approval rules.

We never touch payroll. We never bulk-edit historical entries without your explicit go-ahead. Cancel any time and we revoke OAuth + wipe cached transaction data within 24 hours.

HubSpot · Pipedrive · Follow Up Boss

The pipeline agent reads contacts, deals, and activity. It can create + update records (lead enrichment, deal stage moves, notes) and trigger workflows you've configured. We respect your existing pipeline shape — we don't restructure your CRM, we live inside it.

Connector status:

• HubSpot · OAuth, all hubs supported (Marketing, Sales, Service, Ops)
• Pipedrive · API token, full activity + deals + persons read/write
• Follow Up Boss · API key, real-estate-specific event hooks
• Other CRMs · we build the connector in week one of your build. Salesforce, Zoho, Copper, kvCORE confirmed working.

Twilio · OpenPhone · CallRail

The dispatcher agent answers calls, qualifies the request, and books a slot in your calendar — all via a phone number we provision (or port your existing one). Voice is handled through Twilio's programmable voice; texting through Twilio Messaging or OpenPhone API; call tracking via CallRail.

All calls are recorded to your private storage with caller consent prompted at pickup. Transcripts post to Slack or Telegram the moment a call ends.

Where your data lives

Every Ownly client gets a dedicated VPS provisioned on Hetzner (EU) or Vultr (US-East), your choice. Tenant ID = ownly-<your-org-slug>. No shared compute, no shared storage. Database is Postgres with row-level isolation — even within your VPS, agent processes can only see the rows they're authorized to.

Your data is never used to train any model. Inference calls go to Anthropic / OpenAI as needed (the model itself runs on their infra), but we strip identifiers before the call and contractually exclude your data from training (see Anthropic and OpenAI's enterprise terms). For high-sensitivity workloads — CPAs handling client tax data, for example — we can deploy a fully local model (Llama, Mistral) on your VPS at the cost of slightly lower quality on edge cases.

Revoking access

Two paths:

1. From the source tool. Revoke Ownly's OAuth grant or delete the API key at myaccount.google.com/permissions (Gmail), app.quickbooks.com/app/connections (QB), HubSpot Settings → Integrations, etc. Effective immediately on the source side.
2. Email admin@ownlyagent.com. We revoke server-side, kill the agent processes, and send you a confirmation when the keys are wiped. Typically within an hour.

At full cancellation, we tear down your VPS within 24 hours and confirm with a signed deletion report. You also get a final export (see below) before teardown.

Backup & export

We back up your agent's state nightly to a separate region (Hetzner Falkenstein ↔ Hetzner Helsinki, or Vultr Atlanta ↔ Vultr Seattle). Retention: 30 days rolling.

You can request an export at any time — full SQL dump + raw documents + agent state — delivered as an encrypted tar.gz over Signed S3 URL or shipped via WeTransfer if you prefer. No additional cost.

At cancellation, you automatically receive a final export before VPS teardown, even if you don't ask. Keeping your data hostage is not a business we want to be in.