Privacy Policy

Last Updated: September 8, 2025
Effective Date: September 8, 2025

Introduction

GovReady AI ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered government resume conversion platform.

Information We Collect

Information You Provide to Us

Account Information

  • Organization name and details
  • User names and email addresses
  • Billing information (processed securely through our payment processor)
  • Contact information for account management

Service-Related Information

  • Government contract information, including labor categories and requirements
  • Original resumes uploaded for conversion
  • Converted resumes generated by our platform
  • Custom templates and conversion preferences

Automatically Collected Information

  • Usage data and analytics about how you interact with our platform
  • Performance metrics and error logs for debugging purposes
  • Session information for authentication and security

What We Don't Collect

  • We do not use tracking cookies on our marketing pages
  • We do not collect information from visitors who don't create accounts
  • We do not collect personal information beyond what's necessary for service operation

How We Use Your Information

We use your information solely to:

  • Provide and operate the GovReady AI platform
  • Process resume conversions according to your specifications
  • Manage your account and billing
  • Improve our services through performance monitoring
  • Provide customer support
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

Data Storage and Security

Where Your Data is Stored

  • Primary Database: Supabase (encrypted at rest)
  • Application Hosting: Vercel (frontend) and DigitalOcean App Platform (API)
  • Caching: Upstash Redis (temporary data only)
  • Email Services: Resend (for transactional emails)
  • Monitoring: Logfire (performance metrics and debugging logs)

Security Measures

  • All data is encrypted at rest in our databases
  • Row Level Security (RLS) ensures data segregation between organizations
  • SSL/TLS encryption for all data in transit
  • Regular security updates and monitoring
  • Access controls and authentication requirements

Third-Party Security

We leverage the security infrastructure of our trusted service providers:

  • Supabase: SOC 2 Type II certified, encrypted backups, and enterprise-grade security
  • DigitalOcean: ISO 27001 certified data centers with physical and network security
  • Vercel: SOC 2 compliant with automatic SSL and DDoS protection

Data Sharing and Disclosure

We do NOT sell, trade, or otherwise transfer your information to third parties.

We may share your information only in these limited circumstances:

  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • If required by law, subpoena, or other legal process
  • To protect our rights, property, or safety, or that of our users
  • With your explicit consent

Data Retention

We retain your information for as long as:

  • Your account remains active
  • As necessary to provide our services
  • As required for legal, accounting, or reporting requirements

Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law.

Your Rights and Controls

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your information
  • Export your data in a portable format
  • Opt-out of marketing communications

To exercise these rights, contact us at privacy@gittie.com

Organization Data Segregation

Each organization's data is:

  • Completely isolated from other organizations
  • Protected by row-level security policies
  • Only accessible to authorized users within your organization
  • Never commingled with data from other customers

Compliance

We are committed to compliance with:

  • Applicable U.S. federal and state privacy laws
  • Government contracting data protection requirements
  • Industry best practices for SaaS platforms

Children's Privacy

GovReady AI is intended for business use only. We do not knowingly collect information from individuals under 18 years of age.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the platform. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Information

For privacy-related questions or concerns, please contact Gittielabs, LLC:

Company: Gittielabs, LLC
Address: Wilmington, DE

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA). To exercise these rights, please contact us using the information above.

International Users

GovReady AI is operated in the United States. If you access our services from outside the U.S., you consent to the transfer and processing of your information in the U.S.

By using GovReady AI, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.