GoodvernanceBe aware. Stay ready.← Back to goodvernance.com

Legal

Privacy Policy

Effective date: May 1, 2026 · GDPR and CCPA compliant

1. Introduction

Goodvernance ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use the Goodvernance platform. It applies to all users, including those in the European Union (GDPR) and California (CCPA).

2. Data We Collect

Account information

When you create an account, we collect your name and email address. This is necessary to provide the Service and communicate with you.

Shareholder agreement (document)

You upload your SHA as a PDF file. We process this document solely to generate your analysis. Your document is deleted immediately after the analysis is complete. We do not retain, store, or use your SHA for any other purpose.

Analysis results

We store the extracted clauses, your governance score, and your analysis results in your account. This allows you to access your results at any time. You can request deletion of this data at any time (see Section 7).

Payment information

Payment is processed by Stripe. We do not store your credit card number, CVV, or full payment details. We store a payment record (Stripe session ID, amount, status) to confirm your purchase. Stripe's privacy practices are governed by Stripe's Privacy Policy.

Usage data

We may collect basic usage data (pages visited, features used) to improve the Service. This data is not sold or shared with third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data on the following legal bases:

  • Contractual necessity: Processing your account information and document to provide the Service you purchased.
  • Legitimate interest: Improving the Service and maintaining security.
  • Legal obligation: Complying with applicable laws, including financial record-keeping requirements.

4. Data Sharing

We do not sell your personal data. We share your data only in the following limited circumstances:

  • Stripe: For payment processing. Stripe receives your email address and payment details.
  • Supabase: Our database provider. Your data is stored on Supabase's secure infrastructure.
  • AI providers: Your document content is processed by AI systems to generate your analysis. Document content is not retained by these providers after processing.
  • Legal requirements: If required by law or valid legal process.

5. Data Retention

We retain your data as follows:

  • Uploaded documents: Deleted immediately after analysis. Not retained.
  • Analysis results: Retained for the lifetime of your account. You can request deletion at any time.
  • Payment records: Retained for 7 years to comply with financial regulations.
  • Account information: Retained until you delete your account.

6. California Privacy Rights (CCPA)

California residents have the following rights under the CCPA:

  • Right to know what personal information we collect and how we use it.
  • Right to delete your personal information (subject to certain exceptions).
  • Right to opt out of the sale of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise your CCPA rights, use our contact form.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data (subject to legal retention obligations).
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.

To exercise these rights, use our contact form. We will respond within 30 days.

8. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. Access to your data is restricted to authorized personnel only. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use essential cookies to maintain your session and authenticate your account. We do not use tracking cookies or third-party advertising cookies. You may disable cookies in your browser settings, but this may affect your ability to use the Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related inquiries, contact us at: our contact form