Your data never leaves your environment. That's not a feature - it's our architecture.
Govantic deploys entirely inside your own cloud account. AI reasoning, agent signals, and compliance data stay within your environment. No data ever transits our infrastructure.
The AI reasoning engine and all Supervision Agents run inside your own cloud account. Customer data is never stored on or routed through Govantic-managed servers.
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are cryptographically hashed and never stored in plaintext.
Each customer operates in a completely isolated Workspace. Cross-tenant access is architecturally impossible - enforced at every layer of the application.
Three granular roles (Admin, Manager, Viewer) with permissions enforced at the API layer. Email domain restrictions control who can join your Workspace.
Token-based authentication with automatic refresh mechanisms. Session tokens stored in browser local storage with secure defaults.
All administrative actions are logged with timestamps, user identity, and action details. Full audit trail for compliance reporting.
All sensitive values (database credentials, API keys, JWT secrets) are stored in AWS Secrets Manager. Never hardcoded, never in environment variables.
Application services run in private subnets with no direct internet access. All inbound traffic routes through a load balancer with TLS termination.
We believe compliance tools should practice what they preach. Here's how we handle your data.
You own your data. Period. We never acquire ownership rights in Customer Data. Your policies, SOPs, frameworks, and evidence belong to you.
Export your data at any time during your subscription. After termination, data remains available for export for 30 days.
We do not sell, rent, or trade personal information to third parties. Ever. We may use aggregated, anonymized data to improve the platform.
Full support for data subject rights including access, rectification, erasure, and portability. Standard Contractual Clauses for international transfers.
Configure retention policies appropriate for your compliance requirements. Free tier retains evidence for 7 days; paid plans offer full control.
Our Privacy Policy and Terms of Service are written in plain language. No surprises. Read them at the links below.
We take security seriously. If you've discovered a security vulnerability, please report it responsibly.
Questions about our security practices? We're happy to talk.