What we collect
- Account data: name, email, organisation, role, country of operation.
- Usage data: which workspaces you open, which briefings you generate. Aggregated and pseudonymised for product improvement.
- Submitted content: prompts, uploaded budget documents, scenarios. Encrypted at rest.
What we do not collect or do
- We do not train foundation models on your prompts or uploaded documents.
- We do not sell personal data to third parties.
- We do not embed third-party advertising trackers.
Legal bases (GDPR / UK GDPR)
Contract performance, legitimate interest in service security, and consent for optional analytics.
Data residency
Enterprise customers can elect EU, UK, US, or self-hosted residency. Default residency is the region of the contracting entity.
Sub-processors and sharing
We share data only with sub-processors strictly necessary to deliver the service (hosting, payments, transactional email). A current sub-processor list is available on request to hello@govwhizz.com.
Retention
Account data is retained for the lifetime of the account plus 90 days. You may delete your account at any time from Settings → Account.
Your rights
Access, rectification, erasure, portability, restriction, and objection. To exercise any right, write to hello@govwhizz.com or use the contact form. We respond within 30 days.
International transfers
Where data is transferred outside your home jurisdiction, transfers are governed by Standard Contractual Clauses (SCCs) or an equivalent legal mechanism.
Children
Gov Whizz is not directed at children under 16 and we do not knowingly collect their data.
Security
Encryption in transit (TLS 1.3) and at rest (AES-256). Role-based access control, audit logging, and annual third-party penetration testing.
Cookies
We use only strictly necessary and functional cookies. No advertising cookies. Full details in our cookie notice (in-app).
Changes
Material changes are notified at least 30 days in advance via in-app banner and email.