Legal & Privacy

Your privacy and security are fundamental to everything we do

Last Updated: March 20, 2026

Privacy Policy

At Govaryx, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our governance, risk, and compliance platform.

Table of Contents

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when you:

  • Create an Account: Name, email address, company name, job title, phone number, and password
  • Use Our Services: Compliance data, policies, risk assessments, audit trails, documents, and other governance-related information
  • Contact Us: Information in support requests, feedback, or inquiries
  • Participate in Events: Registration information for webinars, training sessions, or conferences

1.2 Information Collected Automatically

When you use our platform, we automatically collect:

  • Usage Data: Features accessed, time spent, actions taken within the platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, links clicked, errors encountered
  • Location Data: General geographic location based on IP address

1.3 Information from Third Parties

We may receive information from:

  • Single Sign-On (SSO) providers when you authenticate through them
  • Integration partners when you connect third-party services
  • Publicly available sources for business contact information

2. How We Use Your Information

We use your information to:

2.1 Provide and Improve Services

  • Operate, maintain, and improve the Govaryx platform
  • Process and complete transactions
  • Provide customer support and respond to inquiries
  • Develop new features and functionality
  • Conduct research and analytics to improve user experience

2.2 Communication

  • Send service-related notifications and updates
  • Provide technical notices and security alerts
  • Send marketing communications (with your consent)
  • Respond to your requests and questions

2.3 Security and Compliance

  • Protect against fraud, abuse, and security threats
  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service and other policies
  • Conduct audits and maintain compliance records
Legal Basis for Processing (GDPR)

We process your personal data based on: (a) your consent, (b) performance of our contract with you, (c) our legitimate business interests, or (d) compliance with legal obligations.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

3.1 Service Providers

Third-party vendors who perform services on our behalf, including:

  • Cloud hosting providers (AWS, Azure, Google Cloud)
  • Payment processors
  • Customer support platforms
  • Email and communication services
  • Analytics providers

3.2 Business Transfers

In connection with mergers, acquisitions, or sale of assets, your information may be transferred to the acquiring entity.

3.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Protect the rights and safety of Govaryx, our users, or others
  • Prevent fraud or security threats
  • Enforce our Terms of Service

3.4 With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Security

We implement industry-leading security measures to protect your information:

  • Encryption: AES-256 encryption at rest and TLS 1.3 encryption in transit
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Infrastructure: SOC 2 Type II certified data centers with 24/7 monitoring
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Testing: Penetration testing, vulnerability scanning, and security audits
  • Employee Training: Regular security awareness training for all staff
  • Incident Response: Comprehensive breach response procedures and notifications
Certifications & Compliance

Govaryx maintains SOC 2 Type II, ISO 27001, GDPR, HIPAA, and other security certifications. We undergo regular third-party audits to ensure ongoing compliance.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and fulfill transactions
  • Comply with legal, tax, or regulatory requirements
  • Resolve disputes and enforce agreements
  • Support business operations and analytics

When you close your account, we will delete or anonymize your personal information within 90 days, except where we're required to retain it by law or for legitimate business purposes (e.g., audit trails, legal disputes).

6. Your Rights and Choices

Depending on your location, you may have the following rights:

6.1 Access and Portability

  • Request a copy of your personal information
  • Export your data in a machine-readable format

6.2 Correction and Update

  • Update or correct inaccurate information
  • Complete incomplete data

6.3 Deletion

  • Request deletion of your personal information (subject to legal retention requirements)

6.4 Restriction and Objection

  • Restrict processing of your information
  • Object to processing based on legitimate interests

6.5 Marketing Preferences

  • Opt out of marketing communications at any time
  • Manage email preferences in your account settings

To exercise these rights, contact us at privacy@govaryx.com or through your account settings.

7. International Data Transfers

Govaryx operates globally. Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
  • Adequacy decisions where applicable
  • Privacy Shield certification (where applicable)

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Enable core platform functionality
  • Analytics Cookies: Understand usage patterns and improve services
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Deliver relevant advertising (with consent)

You can manage cookie preferences through your browser settings or our cookie consent manager.

9. Children's Privacy

Govaryx is not intended for children under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it immediately. Please contact us if you believe we have inadvertently collected such information.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our platform
  • Updating the "Last Updated" date

Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

For EU/UK residents, you also have the right to lodge a complaint with your local supervisory authority.

Last Updated: March 20, 2026

Terms of Service

These Terms of Service ("Terms") govern your access to and use of the Govaryx platform and services ("Services"). By accessing or using our Services, you agree to be bound by these Terms.

Table of Contents

1. Acceptance of Terms

1.1 Agreement to Terms

By creating an account, accessing, or using Govaryx, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy.

1.2 Eligibility

You must be at least 18 years old and have the authority to enter into these Terms on behalf of your organization. By using our Services, you represent that you meet these requirements.

1.3 Changes to Terms

We reserve the right to modify these Terms at any time. We will notify you of material changes via email or platform notification at least 30 days before they take effect. Your continued use after changes constitutes acceptance.

2. Account Registration

2.1 Account Creation

To use our Services, you must:

  • Provide accurate, current, and complete registration information
  • Maintain and update your information to keep it accurate
  • Keep your password secure and confidential
  • Notify us immediately of any unauthorized access

2.2 Account Responsibility

You are responsible for all activities that occur under your account. You agree to:

  • Use your account only for lawful purposes
  • Not share account credentials with unauthorized persons
  • Implement appropriate security measures
  • Comply with all applicable laws and regulations

2.3 Organization Accounts

If you register on behalf of an organization:

  • You represent that you have authority to bind the organization
  • The organization accepts these Terms
  • You can manage user access and permissions
  • The organization is responsible for all user activities

3. Services and Access

3.1 License Grant

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable license to access and use the Services for your internal business purposes.

3.2 Service Availability

We strive to provide 99.9% uptime but do not guarantee uninterrupted access. We may:

  • Perform scheduled maintenance (with advance notice)
  • Make emergency updates for security or stability
  • Modify or discontinue features with reasonable notice

3.3 Updates and Modifications

We continuously improve our Services and may:

  • Add new features and functionality
  • Update the user interface
  • Modify or remove existing features
  • Change pricing for new services
Service Level Agreement (SLA)

Enterprise customers receive a 99.9% uptime SLA with service credits for downtime. See your Enterprise Agreement for specific terms.

4. User Data and Content

4.1 Your Data

"Your Data" means all information, data, and content you upload, submit, or generate using our Services. You retain all ownership rights to Your Data.

4.2 Data License

You grant us a limited license to:

  • Host, store, and process Your Data to provide Services
  • Create backup copies for disaster recovery
  • Generate anonymized analytics and usage statistics
  • Use metadata to improve our Services

4.3 Data Responsibilities

You are responsible for:

  • The accuracy, quality, and legality of Your Data
  • Obtaining necessary rights and consents to upload data
  • Compliance with applicable data protection laws
  • Maintaining backup copies of critical data

4.4 Prohibited Content

You may not upload data that:

  • Infringes intellectual property rights
  • Contains malware, viruses, or harmful code
  • Violates laws or regulations
  • Includes personal information without proper consent
  • Is defamatory, obscene, or harassing

5. Fees and Payment

5.1 Subscription Plans

Govaryx offers multiple subscription tiers. Fees are based on:

  • Selected plan level (Starter, Professional, Enterprise)
  • Number of users
  • Features and modules enabled
  • Billing cycle (monthly or annual)

5.2 Payment Terms

  • Fees are billed in advance on a recurring basis
  • Payment is due upon receipt of invoice
  • All fees are non-refundable except as required by law
  • Late payments may incur interest charges

5.3 Price Changes

We may change pricing with 30 days' notice. Changes apply to:

  • New subscriptions immediately
  • Existing subscriptions at next renewal
  • Additional users or features when added

5.4 Taxes

Fees exclude all applicable taxes, which are your responsibility unless you provide a valid tax exemption certificate.

6. Intellectual Property

6.1 Govaryx IP

We own all rights to:

  • The Govaryx platform, software, and services
  • Our trademarks, logos, and branding
  • Documentation, training materials, and content
  • Algorithms, methodologies, and know-how

6.2 Feedback

If you provide suggestions, ideas, or feedback, you grant us a perpetual, worldwide, royalty-free license to use and incorporate such feedback without compensation or attribution.

6.3 Third-Party Components

Our Services may include third-party software subject to separate license terms, which are incorporated by reference.

7. Prohibited Activities

You agree not to:

  • Reverse engineer, decompile, or disassemble our software
  • Remove or modify copyright or proprietary notices
  • Use our Services to compete with us or build similar products
  • Access the Services through automated means (bots, scrapers)
  • Attempt to gain unauthorized access to systems or data
  • Interfere with or disrupt the Services or servers
  • Use the Services for illegal purposes or to violate laws
  • Resell, sublicense, or transfer your access rights
  • Upload malicious code or conduct security testing without permission
  • Impersonate others or misrepresent your affiliation

8. Warranties and Disclaimers

8.1 Our Warranties

We warrant that:

  • Services will perform substantially as described in documentation
  • We will use commercially reasonable efforts to maintain security
  • We have the right to provide the Services

8.2 Disclaimer

Except as expressly stated, services are provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

We do not warrant that:

  • Services will be uninterrupted or error-free
  • Defects will be corrected
  • Services are free from viruses or harmful components
  • Results obtained will be accurate or reliable

9. Limitation of Liability

9.1 Limitation

To the maximum extent permitted by law, Govaryx shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, data loss, or business interruption, arising from or relating to these terms or the services.

9.2 Cap on Liability

Our total liability for all claims under these Terms is limited to the amount you paid us in the 12 months preceding the claim.

9.3 Exceptions

These limitations do not apply to:

  • Our indemnification obligations
  • Violations of intellectual property rights
  • Gross negligence or willful misconduct
  • Matters that cannot be limited by law

10. Termination

10.1 Termination by You

You may terminate your subscription at any time by:

  • Canceling through your account settings
  • Contacting support at support@govaryx.com

Termination is effective at the end of your current billing period. No refunds for partial months.

10.2 Termination by Us

We may suspend or terminate your access if you:

  • Violate these Terms
  • Fail to pay fees when due
  • Engage in fraudulent or illegal activity
  • Pose a security risk to our Services or users

10.3 Effect of Termination

Upon termination:

  • Your access to Services will cease
  • Outstanding fees become immediately due
  • You may export Your Data for 30 days
  • We may delete Your Data after 90 days

11. Dispute Resolution

11.1 Informal Resolution

Before filing a claim, you agree to contact us at legal@govaryx.com to seek informal resolution. We'll attempt to resolve disputes within 60 days.

11.2 Arbitration

Any disputes will be resolved through binding arbitration under the rules of the American Arbitration Association, conducted in San Francisco, California. You waive the right to participate in class actions.

11.3 Exceptions

Either party may seek injunctive relief in court for intellectual property violations or confidentiality breaches.

12. General Provisions

12.1 Governing Law

These Terms are governed by California law, excluding conflict of law principles.

12.2 Entire Agreement

These Terms, along with the Privacy Policy and any executed agreements, constitute the entire agreement between you and Govaryx.

12.3 Severability

If any provision is unenforceable, it will be modified to the minimum extent necessary, and other provisions remain in effect.

12.4 No Waiver

Our failure to enforce any right or provision does not constitute a waiver of that right.

12.5 Assignment

You may not assign these Terms without our consent. We may assign our rights and obligations without restriction.

12.6 Force Majeure

We are not liable for failures caused by events beyond our reasonable control, including natural disasters, wars, or infrastructure failures.

12.7 Export Compliance

You must comply with all export and import laws. You represent that you are not on any prohibited party lists.