Introduction
GovernAPI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API security and governance platform.
1. Information We Collect
Account Information
- Name, email address, and company information
- Billing information (processed securely through Stripe)
- Account credentials (passwords are encrypted)
Usage Data
- API endpoints and request patterns
- Security scan results and vulnerability data
- Performance metrics and analytics
- Log data (IP addresses, browser type, timestamps)
Technical Information
- Device and browser information
- Cookies and similar tracking technologies
- API keys and authentication tokens
2. How We Use Your Information
- Provide, maintain, and improve our services
- Process transactions and send billing notifications
- Detect and prevent security threats
- Communicate with you about updates and features
- Comply with legal obligations
- Analyze usage patterns to improve performance
3. Data Sharing and Disclosure
We do not sell your personal information. We may share your information with:
- Service Providers: Stripe for payment processing, AWS for hosting
- Legal Requirements: When required by law or to protect rights and safety
- Business Transfers: In connection with a merger or acquisition
4. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security audits and penetration testing
- Access controls and authentication requirements
- SOC 2 Type II compliance (in progress)
- Regular backups and disaster recovery plans
5. Data Retention
We retain your information for as long as your account is active or as needed to provide services. You can request deletion of your data at any time. We may retain certain information for legal compliance (7 years for financial records).
6. Your Rights (GDPR & CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Receive your data in a structured format
- Opt-Out: Unsubscribe from marketing communications
- Object: Object to certain data processing
7. Cookies and Tracking
We use cookies for authentication, preferences, and analytics. You can control cookies through your browser settings.
- Essential: Required for login and security
- Analytics: Help us understand usage patterns (anonymized)
- Preferences: Remember your settings
8. International Data Transfers
Your data may be transferred to and processed in the United States. We comply with EU-US Privacy Shield principles and use Standard Contractual Clauses for GDPR compliance.
9. Children's Privacy
Our service is not intended for children under 18. We do not knowingly collect information from children.
10. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or dashboard notification. Continued use of the service constitutes acceptance of changes.
11. Contact Us
For privacy-related questions or to exercise your rights, contact us: