Privacy Policy
Last updated: July 2026
This policy describes how GovernAI handles data on behalf of your organization and its employees.
1. Company Data Never Leaves Your Infrastructure
Content indexed from your connected tools (Google Workspace, Microsoft 365, Slack, GitHub, Confluence, Notion, Jira, Salesforce, and others) is stored in your own database or cloud account. GovernAI does not retain a separate copy of your indexed company data.
2. Conversation Data
Conversation content is encrypted at rest. Enterprise customers may enable Customer-Managed Keys, after which GovernAI cannot decrypt conversation content without your key.
3. Audit Logging
Metadata about each interaction — who, when, which model, cost, and policy outcome — is retained for a minimum of six months to support compliance requirements, configurable to a longer period.
4. Sub-processors
Model providers (OpenAI, Anthropic, Google, Mistral, or your self-hosted models) process request content only to generate a response, under the data-handling terms of your organization's agreement with each provider.
5. Your Rights
Data subject access and erasure requests are supported. Where Customer-Managed Keys are enabled, key revocation renders data cryptographically unrecoverable, supporting right-to-erasure obligations under GDPR.
For privacy questions, contact our team.