Privacy
Policy
Your privacy is fundamental to everything we do. Learn how we protect, process, and respect your data across our cloud governance platform.
Our Privacy Principles
Minimal Collection
We only collect data essential for providing our services
Full Transparency
Clear visibility into what data we collect and why
Your Control
You decide how your data is used and can modify preferences
Information We Collect
We collect information necessary to provide our cloud governance services, including: account information (name, email, organisation details), usage data (how you interact with our platform), system logs (for security and performance monitoring), and cloud environment metadata (configuration data from your connected platforms). We only collect data essential for service delivery and security.
How We Use Your Information
Your information is used exclusively for: providing and improving our cloud governance services, ensuring platform security and compliance, generating anonymised analytics for service enhancement, and communicating important service updates. We never use your data for advertising purposes or sell it to third parties.
Data Protection & Security
We implement enterprise-grade security measures including end-to-end encryption, SSO-only authentication, regular security audits, and comprehensive data protection frameworks. Each plan operates on dedicated compute resources that are immediately destroyed after data processing, ensuring complete data isolation. Your data is processed in secure, geographically distributed data centres with 24/7 monitoring and incident response capabilities.
Your Rights & Controls
You have the right to access, correct, delete, or export your personal data at any time. Data processing capabilities are determined by your selected GovernSafe plan. You can request data deletion through your dashboard or by contacting our privacy team. We respect your choices and provide transparent controls over your information within the scope of your plan features.
International Transfers
Organisations can choose their preferred data processing region from Australia, United States, or Germany to meet legal and compliance requirements. Your data is processed exclusively in your selected region with appropriate legal safeguards. We ensure all data transfers comply with applicable data protection laws, including GDPR, through appropriate safeguards such as Standard Contractual Clauses and adequacy decisions.
Cookies & Tracking
We use essential cookies for platform functionality, security cookies for fraud prevention, and analytics cookies to understand usage patterns (with your consent). You can control cookie preferences through your browser settings. We do not use third-party advertising or tracking cookies.
Data Categories & Retention
Account Information
Name, email address, organisation details, role information
Purpose
Account management, authentication, billing
Retention Period
Duration of account + 7 years for audit purposes
Usage Analytics
Platform interactions, feature usage, performance metrics
Purpose
Service improvement, security monitoring
Retention Period
No retention - deleted immediately upon plan deactivation
Cloud Metadata
Configuration data, security settings, compliance status
Purpose
Governance monitoring, compliance reporting
Retention Period
No retention - deleted immediately upon service termination
Security Logs
Access logs via GovernSafe, authentication events, security incidents
Purpose
Security monitoring, incident response, compliance
Retention Period
No retention - deleted immediately upon service termination
Compliance & Certifications
As a fast-growing startup, GovernSafe is building comprehensive compliance frameworks and is on the path to achieving major certifications including SOC 2 and ISO 27001. We implement enterprise-grade security measures that meet these standards and are currently preparing for formal audits. Our platform is designed to be technically compliant with GDPR and CCPA requirements, ensuring robust data protection from day one.
Questions about our privacy practices? Contact our Data Protection Officer.