Personal Data we collect
“Personal Data” includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your full name and email address. It may also include financial information, including your credit card information. This data is considered “identifying information”, as it can personally identify you.
We only request Personal Data when you interact with our services-like signing up for an account, making use of our platform features, paying for access, or subscribing to our blog. We only use collected Personal Data in the context of providing or improving these services.
How we collect information
We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details. We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.Registration
We may ask for Personal Data, such as your:Name
Email
Payment information
Contact information for invoicing
This data is considered “identifying information”, as it can personally identify you.
We do not store your credit card information on our system. We use industry leader Stripe for our payment processing. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
We only request this information when you interact with our services-like signing up for an account, making use of our platform features, paying for access, or subscribing to our blog. We only use collected Personal Data in the context of providing or improving these services.Business Data
Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
Use of Information
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We also use this information to gain insights into demographics, product and service popularity, and the effectiveness of our marketing activity. We do not disclose the specifics of this information publicly, but may share aggregated and anonymised versions of this information, for example, in website and customer usage trend reports.
We primarily use your Personal Data for the purposes of granting you access to engage with certain areas of our site, to charge you for your subscription, and to notify you of any changes to your account and service.
We may use your Personal Data to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.
AI-Powered Compliance Analysis
When you upload creative content (images, PDFs, videos, or URLs) to GoVisually, we may use artificial intelligence and machine learning technologies to provide compliance checking features, including:
Analyzing content for potential issues with advertising regulations, industry standards, and brand guidelines
Comparing file versions to identify changes that may affect regulatory compliance
Generating automated recommendations for addressing potential compliance issues
Important clarifications:
We do NOT use your proprietary content to train our AI models
Our compliance analysis uses pre-trained models and industry standard databases
Your content is NOT shared with third parties for AI model training purposes
AI-generated recommendations are for informational purposes only and do not constitute legal, regulatory, or professional advice
You remain solely responsible for ensuring your content complies with all applicable laws and regulations
We retain uploaded content only as long as necessary to provide our services to you.
Data Processing and Storage
Data Processing and Storage Our platform infrastructure is hosted on Amazon Web Services (AWS) in United States data centers (US West region). We use MongoDB Atlas for database services, also hosted in US data centers. All customer data—including uploaded files, project information, and user data—is stored exclusively within the United States. We use top-tier data centers that maintain several industry-recognized certifications, including SOC-1 Type II and PCI compliance.
We only retain Personal Data and business data for as long as necessary to provide a service, or to improve our services in future. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.
If you request your Personal Data to be deleted, or where your Personal Data becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.
Third-Party access to Information
We use third-party services for:
Analytics tracking
User authentication
Advertising and promotion
Content marketing
Email marketing
Payment processing
These services may access our data solely for the purpose of performing specific tasks on our behalf. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of our data for any other purpose. We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply Personal Data to third parties. We do not sell or rent your Personal Data to marketers or third parties.
Use of Third-Party Services
In addition to other third-party service providers, we use the following third-party service providers with respect to data processing relating to your use of our services:
Complete Subprocessor List
In addition to the services described above, we use several other third-party infrastructure and service providers to operate our platform:
Amazon Web Services (AWS) - Cloud infrastructure, data storage, and hosting
MongoDB - Database services
Imgix - Image optimization and delivery
Render - Application hosting and deployment
Cloudflare - Content delivery network (CDN) and security
Stripe - Payment processing
Intercom - Customer support, messaging, and analytics
Postmark - Transactional email delivery
We will notify customers of any material changes to our subprocessor list.
Limits of our Policy
This privacy policy covers you only if:
(a) you are a visitor to our website;
(b) you are a customer or you register to use our services (for example, by creating an account); or
(c) we have received your Personal Data in connection with our marketing activities.
We are the controller of your Personal Data to the extent that the above applies to you.
For clarity, this privacy policy does not apply to any data collected by our customers even if it’s processed through our services. With respect to data collected by our customers, the customer is the controller and we are a processor. We may process the data collected by our customers sent to us only in accordance with the instructions of our customers.
Our customers, not us, choose the type of data collected by our customers in using our services, and it is processed, transferred and stored through our customers use of our services. We may process the data collected by our customers only according to the instructions of our customers and our legal obligations with respect to the data collected is set forth in the agreement between us and our customers. The collection of data by our customers through our services is governed by our customers’ privacy policies, and if you have provided data to a customer then you should review the customer’s privacy policy to learn more about the customer’s data handling practices.
While we recognize that an individual has the right to access, delete and amend the data collected about that individual, we do not have a relationship with a person providing data to a customer but rather only with our customers. If you have provided data to a customer in using our services and you would like to access, amend or delete your data, then you need to contact the customer directly and we will respond within a reasonable period of time to any such request by our customer.
We only retain the data collected by our customers that we process on behalf of our customers for as long as necessary to provide our services to our customers or as required to comply with legal obligations, resolve disputes and enforce any agreement.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Transfer of your Personal Data
Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. For example, some of the data servers used by us and our service providers are located in Australia and the United States.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
GDPR Privacy
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
(a) Consent: You have given your consent for processing Personal Data for one or more specific purposes.
(b) Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
(c) Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which we are subject.
(d) Vital interests: Processing Personal Data is necessary in order to protect your vital interests or of another natural person.
(e) Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
(f) Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by us.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
If you have any questions about this section or would like to sign a DPA (Data Processing Agreement) with us, please contact us at support@govisually.com.Your Rights under the GDPR
We undertake to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.
You have the right under this Privacy Policy, and by law if you are within the EU, to:
(a) Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the Personal Data we hold about you.(b) Request correction of the Personal Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about You corrected.
(c) Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
(d) Request erasure of your Personal Data. You have the right to ask us to delete or remove Personal Data when there is no good reason for us to continue processing it.
(e) Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(f) Withdraw your consent. You have the right to withdraw your consent on using your Personal Data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services.
Exercising of Your GDPR Data Protection Rights
You may exercise your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (“EEA”), please contact your local data protection authority in the EEA.California and US State Privacy Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Residents of Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws have similar rights.
Your Rights
(a) Right to know what Personal Data we collect, use, and disclose about you
(b) Right to request deletion of your Personal Data
(c) Right to correct inaccurate Personal Data
(d) Right to opt-out of the "sale" or "sharing" of Personal Data for cross-context behavioral advertising
(e) Right to limit use and disclosure of sensitive Personal Data
(f) Right to non-discrimination for exercising your privacy rights
We Do Not Sell or Share Your Personal Data
We do not sell your Personal Data to third parties. We do not share your Personal Data for cross-context behavioral advertising purposes.
How to Exercise Your Rights
To exercise any of these rights, please contact us at via chat support. We will verify your identity and respond within 45 days as required by law.
You may designate an authorized agent to make requests on your behalf. We will require written proof of the agent's authorizati
Cookies
We use cookies, web beacons and other tracking technologies to collect certain information about your equipment, browsing actions, and patterns. Below we describe what are cookies and web beacons, why we use cookies and web beacons, the types of cookies and web beacons that we use as well as what you can do in order to manage and delete cookies and web beacons.
What are cookies and web beacons?
(a) Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their websites. A cookie contains a unique number, which is used to recognize your computer or mobile device when you return to our website. Cookies can remain on your computer or mobile device for different periods of time. The cookies can be either “persistent” cookies or “session” cookies. Persistent cookies are stored by a web browser and remain valid until a set expiration date. Session cookies only exist while your internet browser is open and are automatically deleted once you close your browser.
(b) Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) are small electronic files contained on pages of websites that permit companies to count users who have visited certain webpages on a website and are used for other related website statistics (e.g., recording the popularity of certain website content and verifying system and server integrity).
What do we use cookies and web beacons for?
We use a variety of cookies, web beacons and other tracking technologies for different purposes. Specifically, we use cookies and web beacons to enhance the experience of our visitors to our website (for example, by remembering your preferences and letting you navigate between pages efficiently) and to better understand how our website is used. Cookies may tell us, for example, whether you have visited our website before or whether you are a new visitor.
What types of cookies and web beacons are used by us?
We use both first-party and third-party cookies and web beacons. First-party cookies and web beacons are cookies and web beacons that are served directly by us to your computer or mobile device. Third-party cookies and web beacons are served by a third-party service provider on behalf of us. Third-party cookies are most commonly used for advertising and analytics purposes.
There are four categories of cookies and web beacons used by us. Specifically, we use essential, performance, functionality and advertising cookies and web beacons
.(a) Essential cookies, web beacons and other tracking technologies are necessary for the operation of our website. These tracking technologies enable you to move around on our website and use our website’s features. You may not opt-out of these types of cookies because they are required to operate our website.
(b) Performance cookies, web beacons and other tracking technologies collect information about how you have used our website. We use performance cookies, web beacons and other tracking technologies to improve the user experience with our website.
(c) Functionality cookies, web beacons and other tracking technologies allow us to remember how you are logged into our website, when you logged in or out and the actions you have taken while you have been logged into our website.
(d) Advertising cookies, web beacons and other tracking technologies are used by our third-party service providers to deliver advertising to you on other third-party websites as well as help measure the effectiveness of our advertising campaigns. We also use these types of cookies to analyse our website visits and ad conversions from third-party websites.
What are your choices about cookies?
It is your choice as to whether or not to accept cookies. Most browsers allow you to configure the browser settings so that cookies from websites cannot be placed on your computer or mobile device. If you choose not to accept cookies, then you may be able to continue browsing our website but we may not be able to provide you with certain features. If you would like further information about cookies and how to manage and delete them, please visit www.allaboutcookies.org or www.youronlinechoices.eu.
Changes to this Policy
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you are a registered user on https://govisually.com, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and Personal Data.
Your Rights and Responsibilities
As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any Personal Data about you, and to request this information be deleted. You may amend your account information at any time, using the tools provided in your account control panel.
You are entitled to restrict or object to our use of your data, while retaining the right to use your Personal Data for your own purposes. You have the right to opt-out of data about you being used in decisions based solely on automated processing.
Feel free to contact us if you have any concerns or questions about how we handle your data and Personal Data.
This policy is effective as of 27th Jan 2026.
