Introduction
This Privacy Policy explains how Kashyap LLC (“Govance”, “we”, “us”) collects, uses, stores, and protects personal information when you use https://govance.io, https://app.govance.io, and related services. Govance is a US business compliance tracking platform that helps LLCs, corporations, and their advisors track state filing deadlines and receive automated reminders.
By creating an account, subscribing to a paid plan, or using our website or application, you acknowledge that you have read this policy. If you do not agree, please do not use Govance.
This policy applies to visitors to our marketing site, registered users of the Govance dashboard, and anyone who contacts us by email or phone. It does not apply to third-party websites linked from Govance (such as state Secretary of State portals).
Information We Collect
We collect information you provide directly and information generated when you use the service.
Account and profile information
- Email address and full name (required to create an account)
- Password (stored only as a salted hash by Supabase Auth — we never see or store your plain-text password)
- Account preferences and notification settings
Business and compliance information
To generate accurate deadline reminders, you may enter details about each business you track, including:
- Legal business name and entity type (LLC, S-Corp, C-Corp, etc.)
- State of formation and states where you operate or are foreign-qualified
- Formation date and other dates relevant to compliance schedules
- Employer Identification Number (EIN), if you choose to provide it — this field is optional
- Documents you upload to document storage (Pro and Agency plans)
Contact for SMS reminders
If you enable SMS reminders on a paid plan that includes them, we collect your mobile phone number and your consent to receive automated compliance reminder texts. Message frequency varies by your deadlines (typically one to four messages per upcoming deadline).
Billing information
Paid subscriptions are processed by Stripe. Stripe collects your payment card details, billing address, and related payment metadata. Govance receives only a Stripe customer ID, subscription status, plan name, and the last four digits and brand of your card — we never store full card numbers on our servers.
Automatically collected information
- Device type, browser, and operating system
- IP address and approximate location (used for security and country routing on the marketing site)
- Log data: pages viewed, features used, timestamps, and error reports
- Session identifiers required to keep you signed in
How We Use Your Information
We use personal information only for legitimate business purposes related to Govance:
- Providing the service: Calculating compliance deadlines, displaying your dashboard, storing your businesses and documents, and delivering email and SMS reminders before due dates
- Communications: Sending transactional emails (account verification, password reset, deadline reminders, billing receipts, renewal notices) and, if you opt in, product updates
- Payments: Processing subscriptions, managing billing through Stripe, and handling refund requests
- Support: Responding to your questions at hello@govance.io
- Security and fraud prevention: Detecting abuse, protecting accounts, and monitoring for errors
- Product improvement: Understanding how features are used (via aggregated analytics) so we can improve deadline accuracy, reminders, and usability
- Legal compliance: Meeting tax, accounting, and regulatory obligations where applicable
We do not use your business compliance data to sell advertising or to build profiles for unrelated third parties.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Performance of a contract: Processing necessary to create your account, provide compliance tracking, send reminders you requested, and bill your subscription
- Legitimate interests: Securing our platform, preventing fraud, improving the product, and sending service-related communications — balanced against your rights and expectations
- Consent: Where required, such as optional marketing emails and SMS reminders (you may withdraw consent at any time)
- Legal obligation: When we must retain or disclose data to comply with applicable law
Third-Party Service Providers
We use trusted subprocessors to operate Govance. Each provider processes data only on our instructions and for the purposes described in this policy:
- Supabase — database, authentication, and file storage — United States
- Stripe — payment processing and subscription billing — United States
- Resend — transactional email delivery — United States
- Twilio — SMS compliance reminders — United States
- Vercel — application hosting for app.govance.io — United States
- Cloudflare — CDN, DDoS protection, and marketing site hosting — United States
- PostHog — product analytics (in-app usage patterns) — United States
- Sentry — error monitoring and performance diagnostics — United States
- Plausible Analytics — privacy-friendly website analytics on govance.io; does not use cookies and does not collect personal data — European Union
We may update this list as our infrastructure evolves. Material changes to subprocessors will be reflected in an updated version of this policy.
Data Retention
Active accounts: We retain your account, business, and compliance data for as long as your account remains active and you use Govance.
After cancellation: When you close your account or your subscription ends, we retain your data for 90 days so you can reactivate or export information if needed. After 90 days, personal and business data is permanently deleted from our production systems, except where we must retain limited records for legal, tax, or fraud-prevention purposes.
Billing records handled by Stripe may be retained by Stripe according to their own retention policies.
To request deletion before the 90-day period ends, email hello@govance.io from the address associated with your account.
Your Rights (GDPR / CCPA)
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you
- Correction — update inaccurate account or business information in Settings or by contacting us
- Deletion (right to erasure) — request deletion of your account and associated data, subject to legal retention requirements
- Export — download your business and deadline data as CSV from Settings → Export Data
- Opt out of marketing emails — use the unsubscribe link in any marketing email, or email us to opt out
- Opt out of SMS — reply STOP to any Govance text message, or disable SMS in your Reminders settings
- Do Not Sell — Govance does not sell personal information to any third party.
California residents may also have rights under the CCPA/CPRA, including the right to know, delete, and correct personal information, and to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, email hello@govance.io. We will verify your identity and respond within 30 days. You may also lodge a complaint with your local data protection authority if you are in the EEA or UK.
Cookies
Govance uses a minimal cookie footprint:
- Session cookies — required to keep you signed in to app.govance.io
- Country preference cookie (
govance_country) — remembers your selected region on the marketing site so we do not re-prompt on every visit - Dismissal cookie (
country_notice_dismissed) — remembers if you closed the international availability notice
We do not use advertising cookies. We do not use third-party tracking cookies for retargeting. Plausible Analytics on our marketing site is configured without cookies and without collecting personal data.
You can control cookies through your browser settings. Disabling session cookies will prevent you from staying signed in to the dashboard.
Security
We protect your data using industry-standard safeguards, including encryption in transit (TLS 1.3) and encryption at rest (AES-256) for data stored in Supabase. Access to production systems is restricted to authorized personnel. We monitor for suspicious activity and use Sentry to detect application errors quickly.
No method of transmission over the internet is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. Please use a strong, unique password and enable any security features we offer.
Children's Privacy
Govance is designed for adults who operate or advise US businesses. Our service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at hello@govance.io and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect, and we will update the “Last updated” date at the top of this page. Continued use of Govance after the effective date constitutes acceptance of the revised policy.
Contact
For privacy questions, data requests, or concerns about this policy:
Kashyap LLC (operating as Govance)
30 N Gould St, Ste R
Sheridan, WY 82801, USA
Email: hello@govance.io
Phone: +1 307 381 2879
You may also reach our privacy team at privacy@govance.io.