Privacy Policy

Govalta is an early-stage enterprise platform. We are currently working with a limited number of design partners and authorized users. This Privacy Policy describes how we collect, use, and protect information in connection with your use of the Govalta platform.

If you have questions about this policy or how your data is handled, contact us at contact@govalta.com.

We collect the following categories of information:

• Account information. When you are provisioned on Govalta, we collect your name, work email address, and organizational affiliation. This information is provided through enterprise SSO or by your Govalta administrator.
• Usage data. We collect information about how you interact with the platform — including pages visited, features used, and actions taken — to operate and improve the service.
• Uploaded content. When you upload remediation evidence, documents, or other files, that content is stored in association with your account and organizational workspace. See the section below for how uploaded content is handled.
• Communication. If you contact us by email, we retain that correspondence to respond to your inquiry and improve support.

We use collected information to:

• Provide, operate, and maintain the Govalta platform
• Authenticate users and enforce access controls
• Process uploaded evidence through AI-powered analysis workflows to generate validation decisions, gap assessments, and closure recommendations
• Diagnose technical issues and monitor platform health
• Communicate with users about the platform, access, and updates
• Improve Govalta’s features and AI reasoning workflows based on aggregate usage patterns

We do not sell your information. We do not use your data to train third-party AI models beyond what is disclosed in the third-party services section below.

Govalta is designed for enterprise risk, audit, and compliance teams. We understand that uploaded remediation evidence, closure documentation, and governance artifacts may be sensitive or confidential.

Uploaded content is:

• Stored in your organizational workspace and access-controlled by user role
• Processed by our AI evidence analysis workflows solely to provide the validation service you requested
• Transmitted to Anthropic’s API for AI processing (see Third-Party Services below)
• Not shared with other organizations or third parties for any other purpose
• Not used to train AI models without explicit agreement

We treat all uploaded content as confidential to your organization. If you have specific confidentiality or data handling requirements, contact us before uploading sensitive information.

We take reasonable measures to protect the information on our platform, including:

• Encryption of data in transit (TLS)
• Encryption of files at rest via Supabase Storage
• Role-based access controls within organizational workspaces
• Enterprise SSO authentication (SAML 2.0)

Govalta is an early-stage platform. We do not currently hold SOC 2, ISO 27001, or equivalent certifications. We are committed to building toward enterprise security standards as the platform matures. If your organization has specific security requirements, please discuss them with us before onboarding.

Govalta uses encrypted session cookies to maintain your authenticated session. These cookies are necessary for the platform to function and do not track you across other websites.

We use Vercel’s infrastructure, which may collect anonymized request metadata (IP addresses, request timing, and similar technical data) for performance and reliability purposes. We do not use behavioral advertising trackers or third-party marketing cookies.

Govalta uses the following third-party infrastructure providers. Each operates under its own privacy practices.

• Vercel — cloud hosting and edge delivery. Vercel may process request metadata as part of serving the application.
• Supabase — database and file storage. Uploaded evidence files and application data are stored in Supabase infrastructure.
• Anthropic — AI reasoning API. Extracted text from uploaded documents is transmitted to Anthropic’s Claude API for evidence analysis. Anthropic processes this content subject to their API usage policies. We use Anthropic’s API in a non-training mode where permitted.
• WorkOS — enterprise authentication and SSO. Authentication flows are handled through WorkOS infrastructure.

We select service providers that meet enterprise infrastructure standards and do not authorize these providers to use your data for purposes beyond service delivery.

We retain account information, uploaded content, and validation records for as long as your organizational access is active on the platform. Upon termination of access, we will retain data for a reasonable period to support administrative continuity, after which it may be deleted.

If you need data deleted prior to natural expiration, contact us at contact@govalta.com.

We may update this Privacy Policy as the platform evolves. If we make material changes, we will notify users through the platform or by email. Continued use of Govalta after changes are posted constitutes acceptance of the updated policy.

For questions about this policy or your data, contact:

Govalta
contact@govalta.com