Privacy Policy — GovLadder

1. Who We Are

GovLadder ("we", "us", "our") operates the GovLadder platform at app.govladder.com. This policy explains how we collect, use, and protect your information.

2. Information We Collect

Information you provide:

Account information: name, email address, password
Business profile: business name, industry (NAICS code), employee count, revenue, years in operation
Location: state, county, city
Ownership information: ownership demographics used for certification eligibility matching
Uploaded documents: certificates you upload to track certification status

Information collected automatically:

Usage data: pages visited, features used, session duration
Device information: browser type, operating system
IP address

3. How We Use Your Information

To match your business profile to government certification programs
To provide personalized certification guidance and tracking
To process payments and manage your subscription
To send transactional emails (account confirmations, renewal reminders)
To improve the Service and fix bugs
To comply with legal obligations

4. AI Processing

When you use AI-powered features (explanations, step guidance, document analysis), your certification and profile data is sent to Anthropic's Claude API to generate responses. We do not send your data to other AI providers. Anthropic's privacy policy applies to data processed through their API.

5. How We Share Your Information

We do not sell your personal information. We share data only with:

Supabase — database and authentication infrastructure
Stripe — payment processing (we never see your full card number)
Anthropic — AI features (only when you actively use an AI feature)
Legal authorities — if required by law or to protect our rights

6. Data Storage and Security

Your data is stored in Supabase (hosted on AWS). We use industry-standard security measures including encrypted connections (TLS), row-level security policies, and regular security reviews. No system is perfectly secure — please use a strong, unique password for your account.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where required by law (e.g., billing records, which are retained for 7 years).

8. Your Rights

Depending on your location, you may have the right to:

Access the personal information we hold about you
Correct inaccurate data
Delete your account and associated data
Export your data in a portable format
Opt out of marketing emails (unsubscribe link in each email)

To exercise these rights, email support@govladder.com.

9. Cookies

We use cookies for authentication (Supabase session cookies) and to remember your preferences. We do not use third-party advertising cookies. You can disable cookies in your browser but this will prevent you from logging in.

10. Children's Privacy

GovLadder is not intended for users under 18. We do not knowingly collect personal information from minors. If we learn we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use after changes constitutes acceptance.

12. Contact

Questions about privacy? Contact us at support@govladder.com.