Legal

Privacy Policy

Last updated: July 2026

This policy describes how GovernAI handles data on behalf of your organization and its employees.

1. Company Data Never Leaves Your Infrastructure

Content indexed from your connected tools (Google Workspace, Microsoft 365, Slack, GitHub, Confluence, Notion, Jira, Salesforce, and others) is stored in your own database or cloud account. GovernAI does not retain a separate copy of your indexed company data.

2. Conversation Data

Conversation content is encrypted at rest. Enterprise customers may enable Customer-Managed Keys, after which GovernAI cannot decrypt conversation content without your key.

3. Audit Logging

Metadata about each interaction — who, when, which model, cost, and policy outcome — is retained for a minimum of six months to support compliance requirements, configurable to a longer period.

4. Sub-processors

Model providers (OpenAI, Anthropic, Google, Mistral, or your self-hosted models) process request content only to generate a response, under the data-handling terms of your organization's agreement with each provider.

5. Your Rights

Data subject access and erasure requests are supported. Where Customer-Managed Keys are enabled, key revocation renders data cryptographically unrecoverable, supporting right-to-erasure obligations under GDPR.

For privacy questions, contact our team.