Privacy Policy

Last updated: 2026-04-29

GovReady ("we", "us") operates the AI Governance Companion at companion.governanceready.com. We designed Companion to collect as little personal data as possible. This page explains what we do collect and why.

What we collect

• Anonymous usage telemetry: a hashed IP address (one-way HMAC, no raw IP is stored), a coarse country code, the locale you used, the tool you called, latency, success/error code, and a hashed fingerprint of your query (no query text is stored).
• Optional lead data — only when you explicitly request something: your email and name (e.g. to receive an audit PDF), and the consent flags you ticked at the time.
• Optional language waitlist email — only when you explicitly join the waitlist for a non-supported language.

What we do not collect

We do not store the content of your conversations. We do not store the text of your queries. We do not log raw IP addresses. We do not use cookies for analytics.

Where the data is stored

Telemetry and lead data are stored in Supabase (EU region). Rate-limit counters are stored in Upstash Redis (EU region). Outbound transactional email is sent via Resend. Hosting is on Vercel.

Lawful basis (GDPR)

Telemetry is processed under legitimate interest (Article 6(1)(f) GDPR) — service improvement, abuse prevention. Lead data is processed under consent (Article 6(1)(a) GDPR), which you give explicitly inside the conversation.

Retention

Anonymous telemetry: up to 24 months. Lead data: until you ask us to delete it, or up to 36 months from last contact.

Your rights

You have the right to access, correct, or delete your personal data, and to withdraw consent at any time. Email us at privacy@governanceready.com.

Contact

GovReady (Sarnecky & Co., s. r. o.), Slovakia. Data protection contact: privacy@governanceready.com.