start 14-day free trial

Privacy Policy

1. Introduction

Welcome to Govern365.ai (“we,” “our,” or “us”). This Privacy Policy explains how Global AI Certification Council (GAICC), operating as Govern365.ai, collects, uses, discloses, and protects your personal information when you use our AI governance platform and related services.

Govern365.ai provides an AI governance platform designed to help organizations manage compliance with global AI regulations including EU AI Act, ISO 42001, NIST AI RMF, and other frameworks. Our platform enables organizations to register, assess, monitor, and prove compliance for their AI systems.

2. Company Information

Govern365.ai is operated by Global AI Certification Council (GAICC) with offices in:

• Australia: Level 2, 697 Collins Street, Melbourne VIC 3008, Australia
• New Zealand: Level 3, 21 Putney Way Manukau, Auckland 2104, New Zealand
• USA: 3900 Westerre Pkwy, Richmond, VA 23233, USA

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you directly provide when using our platform:

• Account Information: Name, email address, organization name, job title, phone number, and login credentials
• AI System Data: Information about your AI systems including system names, descriptions, risk classifications, compliance assessments, documentation, and governance workflows
• Billing Information: Payment card details, billing address, and transaction history (processed securely through third-party payment processors)
• Communication Data: Information from your communications with us including support inquiries, demo requests, and feedback
• Training and Certification Data: Course completion records, assessment results, and certification credentials for GAICC training programs

3.2 Information Collected Automatically

When you use our platform, we automatically collect certain information:

• Usage Data: Features accessed, time spent on platform, actions performed, and interaction patterns
• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance user experience and analyze platform usage
• Log Data: Server logs including access times, pages viewed, error reports, and system diagnostics

3.3 Information from Third Parties

We may receive information about you from:

• Single Sign-On (SSO) providers if you use SAML/OIDC authentication
• Business partners and referral sources
• Public sources and databases for business verification purposes

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Delivery

• Providing access to the Govern365.ai platform and its features
• Processing AI system registrations, risk assessments, and compliance workflows
• Generating compliance reports, audit evidence, and board-level dashboards
• Managing user accounts, authentication, and access permissions

4.2 Communication

• Responding to inquiries, support requests, and feedback
• Sending service-related notifications, updates, and security alerts
• Providing training materials, certification updates, and educational resources
4.3 Platform Improvement
• Analyzing usage patterns to enhance platform functionality and user experience
• Developing new features, tools, and compliance frameworks
• Conducting research and analysis to improve AI governance best practices

4.4 Security and Compliance

• Protecting against fraud, unauthorized access, and security threats
• Complying with legal obligations and regulatory requirements
• Enforcing our Terms and Conditions and protecting our legal rights

4.5 Marketing and Business Development

• Sending promotional communications about new features, updates, and training programs (with your consent where required)
• Conducting surveys and collecting feedback to understand user needs
• Creating anonymized case studies and success stories (with explicit permission)

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide services under our Terms and Conditions
• Legitimate Interests: Improving our platform, preventing fraud, and ensuring security
• Consent: Marketing communications and optional data processing activities
• Legal Obligation: Compliance with applicable laws and regulations

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

6.1 Service Providers

Third-party vendors who provide essential services:

• Cloud hosting and infrastructure providers
• Payment processors and billing services
• Email and communication platforms
• Analytics and monitoring tools
• Customer support and help desk platforms
6.2 Business Partners
• GAICC for training and certification programs
• Authorized resellers and implementation partners (with your consent)

6.3 Legal and Compliance

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms and Conditions
• Protect our rights, property, or safety, or that of our users
• Detect, prevent, or address fraud, security, or technical issues

6.4 Business Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Policy.

7. Data Storage and Security

7.1 Data Location

Your data is stored on secure cloud infrastructure. For customers with specific data residency requirements, we offer regional deployment options including Australia, New Zealand, United States, and Europe.

7.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication (MFA) and SSO support
• Role-based access control (RBAC) with granular permissions
• Regular security audits and penetration testing
• Automated backup and disaster recovery procedures
• Security monitoring and incident response protocols
• Employee training on data protection and security best practices

7.3 Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

• Account data: Duration of active subscription plus 90 days
• AI system data: Duration of active subscription, with option to export before account closure
• Billing records: 7 years for tax and accounting purposes
• Training and certification records: Maintained indefinitely as credentials are permanent
• Support communications: 3 years

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

• Request a copy of your personal information
• Export your AI system data in machine-readable formats (JSON, CSV)

8.2 Correction and Updates

• Update your account information through platform settings
• Request correction of inaccurate or incomplete data

8.3 Deletion (Right to be Forgotten)

• Request deletion of your personal information, subject to legal retention requirements
• Close your account at any time through platform settings or by contacting support

8.4 Restriction and Objection

• Restrict or object to certain processing activities
• Opt-out of marketing communications at any time

8.5 Withdraw Consent

• Withdraw consent for optional data processing activities

8.6 Lodge a Complaint

File a complaint with your local data protection authority if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the information in Section 14.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Required for platform functionality, authentication, and security
• Performance Cookies: Help us understand how users interact with the platform
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Google Tag Manager for usage analytics (GTM-N63G57D8)

9.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality. Most browsers allow you to refuse cookies or delete existing cookies.

10. International Data Transfers

As a global platform with operations in Australia, New Zealand, and the United States, your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for transfers from the EEA
• Data Processing Agreements (DPAs) with all service providers
• Regional data residency options for Enterprise customers
• Compliance with applicable cross-border data transfer regulations

11. Children's Privacy

Govern365.ai is a business-to-business (B2B) platform designed for professional use. Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

12. Third-Party Links and Services

Our platform may contain links to third-party websites, tools, or services including:

• GAICC training and certification programs
• Regulatory authority websites and documentation
• Integration partners and third-party tools

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a notice on our platform
• Sending an email to your registered address
• Updating the “Last Updated” date at the top of this policy

Your continued use of our services after such modifications constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our services.

14. Contact Information

For privacy-related inquiries, contact:

Govern365.ai https://govern365.ai/

Email: support(at)govern365(dot)ai
Address: 3900 Westerre Pkwy, Richmond, VA 23233, USA

15. Region-Specific Provisions

15.1 European Economic Area (EEA), UK, and Switzerland

Under GDPR, you have additional rights including:

• Right to lodge a complaint with your supervisory authority
• Right to object to processing based on legitimate interests
• Right not to be subject to automated decision-making (we do not engage in profiling or automated decision-making)

15.2 California (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

15.3 Australia

Under the Australian Privacy Act 1988, you have rights to access and correct your personal information. You may also make a complaint to the Office of the Australian Information Commissioner (OAIC).

15.4 New Zealand

Under the Privacy Act 2020, you have rights concerning your personal information including access, correction, and the ability to complain to the Privacy Commissioner.

16. Acknowledgment

By using Govern365.ai, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our practices, please do not use our services.