Privacy Policy.

1. Who we are

This Site is operated by Gove RNAI Technologies Inc., a Canadian corporation, and/or GovernAI Inc., a Delaware corporation, as applicable (“GovernAI,” “we,” “us”). Gove RNAI Technologies Inc. is the Canadian company behind the original GovernAI project; GovernAI Inc. supports U.S. operations, commercial readiness, and related services. We are accountable for personal information under our control and have designated a Privacy Officer responsible for our compliance with this policy and applicable privacy law. Contact: [email protected], subject line “Privacy request — Attn: Privacy Officer”.

GovernAI is operated by independent private companies and is not affiliated with, endorsed by, or authorized by any government or government entity.

2. Scope

This policy applies to personal information we collect through governai.ca and governai.online, our apps when released, and our communications with you. It is designed to satisfy Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act (PIPA), Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), and applicable U.S. state privacy laws including the California Consumer Privacy Act as amended (CCPA/CPRA).

3. Information we collect

• Information you provide voluntarily — such as your name, email address, phone number, and the contents of messages you send us (e.g., through our contact form or by email).
• Information collected automatically — such as IP address, browser type, device information, pages visited, and general browsing patterns, collected through cookies and similar technologies (see Cookies).
• Information from third parties — if you interact with us on social-media platforms, we may receive information those platforms make available, subject to their privacy policies.

We practise data minimisation: we collect only what is necessary for the purposes described below.

4. How we use information

• to operate, maintain, secure, and improve the Site and our products;
• to respond to your inquiries and requests;
• to send you updates or promotional material, only with your consent, which you may withdraw at any time;
• to comply with legal obligations and enforce our Terms of Use; and
• to detect, prevent, and address fraud, abuse, or security issues.

We do not use personal information for automated decision-making that produces legal or similarly significant effects about you. If that ever changes, we will inform you as required by law (including Quebec Law 25’s automated-decision transparency requirements) before doing so.

5. Consent & legal bases

In Canada, we collect, use, and disclose personal information with your consent (express or implied, as appropriate to the sensitivity of the information), or as otherwise permitted or required by law. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice; we will explain the consequences of withdrawal when you ask. For visitors from other jurisdictions, we rely on equivalent bases: your consent, performance of a contract, our legitimate interests in operating and securing the Site, and compliance with legal obligations.

6. Cookies

We use a consent-first approach. Essential cookies (needed for the Site to function and to remember your cookie choice) are always active. Optional cookies are used only if you opt in through our cookie banner — consistent with Quebec Law 25’s requirements for tracking technologies.

You can change your choice at any time via “Cookie Preferences” in the footer, and through your browser settings.

7. How we share information

We do not sell personal information, and we do not “share” it for cross-context behavioural advertising (as those terms are defined in the CCPA/CPRA). We disclose personal information only:

• to service providers (e.g., hosting and email providers) who process it on our behalf under contractual confidentiality and security obligations;
• where required by law, regulation, legal process, or enforceable governmental request, in either Canada or the United States;
• to protect the rights, property, or safety of GovernAI, our users, or the public; or
• in connection with a business transaction (merger, acquisition, financing, or sale of assets), in which case the recipient will be bound to handle it consistently with this policy and applicable law.

8. Cross-border transfers

We operate through Canadian and U.S. entities, and some of our service providers operate in Canada, the United States, or other jurisdictions. Your personal information may therefore be transferred to, stored, and processed outside your province, state, or country, where it may be accessible to courts, law enforcement, and national-security authorities under local law. Where required (including for Quebec residents under Law 25), we assess such transfers to ensure the information receives adequate protection, and we use contractual safeguards with our providers.

9. Retention

We retain personal information only as long as necessary for the purposes described in this policy or as required by law, then securely delete or anonymise it. Inquiry correspondence is generally retained for up to 24 months after resolution.

10. Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold — including encryption in transit, access controls, and vendor due diligence. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and the appropriate regulators (including the Office of the Privacy Commissioner of Canada and, where applicable, Quebec’s CAI and U.S. state authorities) as required by law.

11. Your rights — Canada

Subject to limited exceptions in applicable law, you have the right to:

• Access the personal information we hold about you and learn how it has been used and disclosed;
• Correct inaccurate or incomplete information;
• Withdraw consent to our use of your information;
• Deletion / de-indexing — Quebec residents may request that we cease disseminating their information or de-index it where dissemination breaches the law or a court order (Law 25);
• Data portability — Quebec residents may request computerised personal information in a structured, commonly used technological format;
• Complain — contact our Privacy Officer first; you may also complain to the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner for British Columbia, or, in Quebec, the Commission d’accès à l’information.

We respond to access requests within 30 days as required by PIPEDA, or explain why an extension or refusal applies.

12. Your rights — U.S. states

If you reside in California or another U.S. state with a comprehensive privacy law (e.g., Virginia, Colorado, Connecticut, Texas), you may have the right to:

• Know / access the categories and specific pieces of personal information we have collected about you, and the categories of sources, purposes, and recipients;
• Delete personal information we collected from you;
• Correct inaccurate personal information;
• Opt out of the sale or sharing of personal information and of targeted advertising — note: we do not sell or share personal information and we do not serve targeted advertising;
• Limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA;
• Non-discrimination — we will never discriminate against you for exercising your rights.

To exercise these rights, email [email protected] with subject “Privacy request”. We will verify your request using the information you provide and respond within 45 days (extendable once by 45 days where permitted). You may use an authorized agent; we will require proof of authorization. We do not charge a fee for rights requests except as permitted by law for manifestly unfounded or excessive requests.

13. Children’s privacy

The Site is not directed to children. We do not knowingly collect personal information from children under 13 (consistent with the U.S. COPPA), and in Quebec we do not knowingly collect personal information from minors under 14 without parental or guardian consent. If you believe a child has provided us personal information, contact us and we will delete it.

14. Email & anti-spam (CASL / CAN-SPAM)

We send commercial electronic messages only with consent as required by Canada’s Anti-Spam Legislation (CASL), and every message identifies us and includes a working unsubscribe mechanism, honoured within 10 business days (CASL) and in any event within the timelines of the U.S. CAN-SPAM Act. Transactional or service messages (e.g., replies to your inquiry) are not marketing and may be sent without marketing consent.

15. Do Not Track & Global Privacy Control

Because we do not track visitors across third-party sites or sell or share personal information, there is nothing for a Do Not Track or Global Privacy Control (GPC) signal to opt you out of; we treat GPC signals as a valid opt-out of sale/sharing to the extent one could ever apply.

16. Changes

We may update this policy from time to time. The current version will always be posted here with its effective date; material changes will be flagged prominently on the Site and, where required by law, notified or re-consented.

17. Contact & complaints

Privacy Officer
GovernAI
Gove RNAI Technologies Inc. — Canada
GovernAI Inc. — Delaware, U.S.
Email: [email protected] (subject “Privacy request — Attn: Privacy Officer”)

We will investigate every complaint and respond within the timelines required by applicable law. If you are not satisfied with our response, you may escalate to the regulators listed in Section 11 (Canada) or your state Attorney General / privacy authority (U.S.).