Security & Trust

Our approach

Gouverniq is a governance platform. Security is not a feature we added — it is a principle we design around. We apply the same rigor to our own data handling that we expect our customers to apply to their AI systems: minimal collection, restricted access, documented decisions, and honest communication about what we do and do not do.

Data minimization

We collect only what is necessary to respond to a demo request: work email, company name, role, and an optional message. We do not require a phone number, company size, revenue range, or any other qualifying information. The less we collect, the less there is to protect or misuse.

Access controls

Demo request data is received by email and accessible only to the Gouverniq founding team. There is no CRM, no marketing automation platform, and no sales tool that receives this data. Access is restricted by design.

Infrastructure

This website and its API routes are hosted on Vercel. Relevant infrastructure properties:

• —All traffic is encrypted in transit via HTTPS/TLS. HTTP requests are automatically redirected to HTTPS.
• —Vercel provides DDoS mitigation and edge-level protection on all requests.
• —API routes run as isolated serverless functions. There is no persistent server process with access to accumulated request data.
• —No database is attached to this website. Form submissions are delivered by email and are not written to any persistent data store on our infrastructure.

Email delivery

Demo request notifications are delivered via Resend, a transactional email provider. Resend processes the contact information in order to deliver the notification. We use sending-access-only API keys; Resend cannot receive or read emails on our behalf.

Auditability as a product principle

Gouverniq is built to help organizations create auditable records of their AI governance decisions. We apply the same principle to our own operations: significant decisions are documented, access to data is logged, and we can account for how information is handled.

Customer production data

During a sales demo, we do not process, access, or require any customer production data. The demo session covers the platform's capabilities using representative scenarios. Any integration of Gouverniq with your production systems would be covered by a separate data processing agreement.

Certifications

We are an early-stage company designing with these frameworks in mind and intend to pursue formal certification as the product matures. We will not claim certifications we do not hold. Framework names referenced on our website indicate product alignment, not compliance status.

If your organization requires a specific compliance posture before evaluation, please reach out — we can discuss your requirements directly.

Responsible disclosure

If you discover a security vulnerability in this website or platform, please report it to us before disclosing it publicly. We will acknowledge your report promptly and work to address it.

Contact

Security questions, vulnerability reports, or compliance inquiries: founder@gouverniq.com