Legal

Privacy Policy.

Last updated: 1 February 2026

In plain language

We collect only the data we need to provide you with Governa's services. We do not sell your data. We do not use your tenant data for AI training. Your organisation controls its data, and you can export or delete it at any time.

1. Data Controller

Governa ("we", "us", "our") is the data controller for personal data collected through our website (www.governa.co.ke) and the data processor for tenant data stored in the Governa platform (app.governa.co.ke). Our registered address is in Nairobi, Kenya.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, organisation name, role when you create an account
  • Usage data: How you interact with the platform, features used, pages visited
  • Tenant data: Decisions, actions, meetings, documents, and other content created by your organisation within the platform
  • Contact data: Name, email, message content when you contact us
  • Technical data: IP address, browser type, device information for security and performance

3. How We Use Your Data

  • To provide and maintain the Governa platform
  • To communicate with you about your account, support requests, and service updates
  • To improve our services based on anonymised, aggregate usage patterns
  • To comply with legal obligations
  • To detect and prevent fraud and security incidents

4. Tenant Data Isolation

Tenant data is isolated per organisation using schema-per-tenant database architecture. Your organisation's data is never accessible to other tenants. AI features operate within your tenant boundary — your data is never used to train models for other organisations.

5. Data Sharing

We do not sell personal data. We share data only with: (a) infrastructure providers necessary to operate the service (AWS, under DPA), (b) AI processing partners (Anthropic, under DPA), (c) payment processors (Stripe, M-Pesa), and (d) when required by law.

6. Data Retention

Account data is retained for the duration of your subscription plus 90 days. Tenant data is retained per your organisation's retention policy and can be exported or deleted at any time by your tenant administrator.

7. Your Rights

Under the Kenya Data Protection Act 2019 and GDPR (where applicable), you have the right to: access your personal data, rectify inaccurate data, request deletion, restrict processing, data portability, and object to processing. Contact privacy@governa.co.ke to exercise these rights.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including AES-256 encryption at rest, TLS 1.3 in transit, per-tenant encryption keys, and regular security audits. See our Security page for details.

9. Contact

For privacy-related questions or to exercise your data rights, contact our Data Protection Officer at privacy@governa.co.ke.