Privacy Policy

Last updated: September 2, 2025

Introduction

Govara ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our governance and compliance platform.

As a platform handling sensitive governance and compliance data, we adhere to the highest standards of data protection, including compliance with GDPR, CCPA, and relevant international data protection regulations.

Information We Collect

Personal Information

  • Name and contact information (email address, phone number)
  • Company affiliation and job title
  • Account credentials and authentication data
  • Payment information (processed securely through Stripe)
  • Communication preferences

Governance Data

  • Audit responses and compliance documentation
  • Framework assessments and certification records
  • Risk assessments and governance metrics
  • Company governance structure information
  • AI-powered analysis results and recommendations

Technical Information

  • IP address and device information
  • Browser type and operating system
  • Usage data and platform interaction logs
  • Cookies and similar tracking technologies

How We Use Your Information

  • Provide and maintain our governance platform services
  • Process audit assessments and generate compliance reports
  • Enable AI-powered governance insights and recommendations
  • Facilitate certification processes with authorized auditors
  • Send important updates about your compliance status
  • Process payments and manage subscriptions
  • Improve our services through analytics and feedback
  • Comply with legal obligations and regulatory requirements
  • Protect against fraudulent or illegal activities

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Authorized Auditors: With certified auditors you explicitly engage for certification purposes
  • Service Providers: With trusted third-party services (Stripe for payments, Cloudinary for document storage) under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes

Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection best practices
  • Incident response and breach notification procedures
  • Compliance with ISO 27001 security standards

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active account data: Retained while your account is active
  • Compliance records: Retained for 7 years per regulatory requirements
  • Certification records: Permanently retained for verification purposes
  • Marketing data: Retained until you opt-out

Your Rights

Under applicable data protection laws, you have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit processing of your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

International Data Transfers

If we transfer your data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your information in accordance with this Privacy Policy.

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

Contact Information

For questions about this Privacy Policy or our data practices, please contact:

Govara Privacy Team
Email: privacy@govara.io
Data Protection Officer: dpo@govara.io