Privacy Policy — How We Protect Your Information

We may collect personal information that you voluntarily provide to us when you:

• Submit an inquiry through our website
• Request a demo or classification
• Subscribe to updates or newsletters
• Communicate with our team

Personal information may include:

• Name
• Job title
• Government entity
• Email address
• Phone number
• Country

When you visit our website, we may automatically collect:

• IP address
• Browser type
• Operating system
• Referring URLs
• Pages visited
• Time spent on pages

We do not sell, trade, or otherwise transfer your personal information to outside parties.

We may share information only in the following circumstances:

Service Providers

With third-party service providers who assist us in operating our website, conducting our business, or serving you. These providers are bound by confidentiality agreements.

Legal Requirements

When required by law, regulation, or legal process. To protect the rights, property, or safety of GOVERN G5, our clients, or others.

Business Transfers

In connection with a merger, acquisition, or sale of assets. You will be notified of any change in ownership.

We implement appropriate technical and organizational measures to protect your personal information:

Encryption at Rest

AES-256-GCM with customer-controlled encryption keys

Encryption in Transit

TLS 1.3 for all data communications

Access Control

Role-based access control with multi-factor authentication and zero-trust architecture

Monitoring

Continuous security monitoring with 24/7 SOC and real-time threat detection

Auditing

Regular security audits, penetration testing, and complete audit trail for all access decisions

Post-Quantum Ready

CRYSTALS-Kyber-768 and CRYSTALS-Dilithium3 cryptography available for future-proofing

Protected by S3-SENTINEL™ — the sovereign security system with 99.9999% uptime and zero security incidents in 15+ years. 7-Layer Defense-in-Depth architecture spanning perimeter, network, identity, application, data, operations, and secure sharing layers.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

Inquiry Data

Retained for 3 years after last communication

Customer Data

Retained for duration of engagement plus 7 years

Website Analytics

Retained for 2 years

Security Logs

Retained for 1 year

You may request deletion of your personal information by contacting us. We will delete your data unless we have a legal obligation to retain it.

Depending on your jurisdiction, you may have the following rights:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Request limitation of how we use your data

Right to Data Portability

Request transfer of your data to another organization

Right to Object

Object to processing of your personal data

To exercise any of these rights, contact us at:

We will respond to your request within 30 days.

GOVERN G5 is committed to data sovereignty. For our government clients, all citizen data remains within their national jurisdiction.

For website visitors and inquiry submissions:

• Data may be processed in countries where our service providers operate
• We ensure appropriate safeguards are in place for international transfers
• Compliance with GDPR Chapter V requirements for EU data subjects

Our website uses minimal cookies:

Essential Cookies

Required for website functionality. Cannot be disabled. Do not track personal information.

Analytics Cookies

We use privacy-respecting analytics. No cross-site tracking. No sharing with third parties.

You can disable cookies in your browser settings, but some website features may not function properly.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any website you visit.

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on our website
• Updating the "Last Updated" date
• Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

If you have questions or concerns about this Privacy Policy or our data practices:

Data Protection Officer: For EU data subjects, our Data Protection Officer can be reached at:

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.

EU Data Subjects: Contact your national data protection authority:

• List of EU data protection authorities: https://edpb.europa.eu/about-edpb/board/members_en

Other Jurisdictions: Contact your local privacy regulator.

Under GDPR, we process your personal data based on:

Consent

When you provide explicit consent for specific purposes

Contract

When processing is necessary to perform a contract with you

Legitimate Interests

When we have a legitimate interest that is not overridden by your rights

Legal Obligation

When processing is required by law

We do not use automated decision-making or profiling that produces legal effects concerning you.