Privacy Policy

Govenda Privacy Policy 

Effective as of April X, 2036 

What’s Changed: This update replaces outdated Privacy Shield references with our current Data Privacy Framework (DPF) certifications, including updated dispute resolution mechanisms and binding arbitration disclosures. It clarifies that data uploaded by enterprise customers is governed by their service agreement rather than this public policy. We have also added new sections describing your rights to opt out of third-party disclosures, cross-border data transfers, consent withdrawal, and updated controller contact information. 

Introduction 

This privacy policy discloses the privacy practices of BoardBookit, Inc., d/b/a Govenda (“Govenda,” “we,” “our” or “us”), which owns and operates various sites on the World Wide Web, including without limitation Govenda.com, (collectively, the “Govenda Websites”). Your access to and use of the Govenda Websites and all the services provided via the Govenda Websites and mobile applications (collectively, the “Govenda Services”) are subject to Govenda’s Terms of Use and all applicable laws. 

We will use your personal data only for the purposes and in the manner set forth below, which describes the steps we take to ensure our processing of your personal data is in compliance with the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any implementing legislation (Data Protection Legislation). 

Please note that our processing of information uploaded to the Govenda Services on behalf of our enterprise customers is governed by the terms of our agreement with the enterprise customer, rather than by this Privacy Policy. If you would like to understand how your data may be handled by one of our enterprise customers, please contact that customer directly. 

What Information is Collected 

Information You Give Us 

When you sign up for Govenda Services, communicate with our customer service team, or send us an email, we may ask for information including your name, email address, billing address, and company name. 

We also collect personal information such as an email address, phone number and a name of any end users you authorize to log into and utilize Govenda Services in connection with your account. 

Information We Collect Automatically 

Govenda automatically collects information about your interactions with Govenda Services. We may get information about how and when you use Govenda Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. By using Govenda Services, you are giving Govenda permission to use and store such information consistent with this privacy policy. 

No Information from Children Under Age 18 

This website and the Govenda Services are not intended for children and we do not knowingly collect data relating to children. If you are under the age of 18, please do not attempt to register with us at this Website or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 18, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 18, please contact us at [email protected]. 

Data Integrity and Quality 

Govenda maintains accurate, complete, and relevant personal information for the purposes identified in this notice. 

Data Privacy Framework 

BoardBookit, Inc., d/b/a Govenda, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Govenda has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this policy and the EU-U.S. DPF Principles or Swiss-U.S. DPF Principles (collectively, the Principles), the Principles will take precedence. To learn more about the Data Privacy Framework, please visit https://www.dataprivacyframework.gov. You may view our self-certification on the Data Privacy Framework List. 

Govenda is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We also may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requests. 

Individuals in applicable jurisdictions may request to access their personal data, and to limit use and disclosure of this information, in accordance with the DPF Principles. To make such a request, please contact us at [email protected]. If your request involves personal information contained in data that we process on behalf of an enterprise customer, please direct your request to that enterprise customer. 

Govenda is responsible for personal information that it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. Govenda complies with the DPF Principles for all such onward transfers of personal information, including the onward transfer liability provisions. 

Individuals with inquiries or complaints regarding our compliance with the DPF Principles should first contact us at [email protected]. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit our U.S.-based third-party dispute resolution provider at https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. JAMS’ services are provided at no cost to you. 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Govenda also commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the ICO and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to any unresolved complaints concerning our handling of human resources data in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship. 

For complaints regarding DPF compliance that are not resolved by any of the other DPF mechanisms, you may have the possibility, under certain conditions, to invoke binding arbitration before a Data Privacy Framework Panel. 

INTERNATIONAL VISITORS  

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, including the U.S., which may have data protection rules that differ from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.   

If you choose to use Services from the European Union, United Kingdom, or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the U.S. for storage and processing 

 

Cookies 

Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly. 

Information Collected by Third Parties 

This website uses Google Analytics to help analyze how users use the Govenda Websites and Govenda Services. Google Analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of use the Govenda Websites and Govenda Services to prepare reports on its activities and share them with other Google services. 

Find Google’s privacy policy here. 

Govenda Services may be linked to or provided through other third party websites. We use those third parties to provide a variety of services to us, including, without limitation, hosting the Services, providing technical support, processing and storing your information, updating your customer information records in our database (including both physical address and email address verification), and sending or coordinating the sending of marketing communications on our behalf. 

How We Use Your Info 

Govenda may collect and use your personal information for the following purposes: 

• To fulfill a contract, or take steps linked to a contract:  

• • To register new companies and accounts and provision of services to you 

• • To provide software as a service (applies to anyone that uses Govenda Services) 

• • To provide product technical support 

• • To provide user training 
    providing you with services described on the Sites; 
    verifying your identity when you sign in to any of our Sites; 

• • To create invoices and process payments; 

• • To manage our relationship with you, including the delivery of notifications regarding necessary board material; and 

• • To send emails that may include company news, updates, related product or service information, etc. 

• Where this is necessary for purposes which are in our legitimate interests. These interests include:  

• • Operating the Sites; 

• • Updating you with operational news and information about our Sites and Govenda Services e.g. to notify you about changes to our Sites, website disruptions or security updates; 

• • Carrying out technical analysis to determine how to improve the Sites and services we provide; 

• • Monitoring activity on the Sites; 

• • Managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Sites or asking for your feedback or 

• • Whether you want to participate in a survey; 

• • Managing our legal and operational affairs; 

• • Improving our products and services; 

• • Providing general administrative and performance functions and activities; and 

• • Processing your job application to Govenda. 

• Where you give us consent:  

• • Providing you with marketing information about products and services which we feel may interest you; and 

• • Customizing our services and websites – where this involves the use of cookies or similar technologies – in order to provide a more personalized experience.  

• • When our processing is based on your consent, you may withdraw your consent at any time by contacting us at [email protected]. Withdrawal of consent will not affect the lawfulness of any processing based on your consent before its withdrawal. 

Your Choices Regarding Use and Disclosure of Personal Data 

Govenda offers you the following choices with respect to personal data received from the EU, UK, or Switzerland under the DPF: 

Opt-Out for Third-Party Disclosures. You may opt out of having your personal data disclosed to a third party (other than a service provider acting as our agent) by contacting us at [email protected]. 

Opt-Out for New Purposes. If we wish to use your personal data for a purpose that is materially different from the purpose for which it was originally collected or that you subsequently authorized, we will provide you with an opportunity to opt out of such use. To opt out, contact us at [email protected]. 

Opt-In for Sensitive Data. We will obtain your affirmative express consent (opt-in) before processing any sensitive personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation) for purposes other than those for which you originally provided it or subsequently authorized. 

Marketing Communications. You may opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in any marketing email or by contacting us at [email protected]. 

How We Keep Your Personal Information Secure 

We store personal information on secure servers that are managed by us and our service providers in the US. Personal information that we store or transmit is protected by security and access controls, including username and password authentication and data encryption. In addition, Govenda is SOC 2 compliant. 

When We Share Your Personal Information 

We may disclose your personal data to third parties who provide a service to us, including: 

• Providers of cloud based CRM software in relation to customer account maintenance and billing; 

• Providers of cloud based marketing software in relation to prospective customer information management; 

• Providers of cloud based customer support software; 

• Providers who collect information on our behalf, including as necessary to operate features of the Website, such as customer activity data; 

• Providers of cloud based accounting software in relation to management of accounting. 

• Third party service providers that help us operate and manage our Govenda services.  

How Long Do We Store Your Data 

We store your personal data during the time that you are a customer or end user of Govenda for purposes of providing you with our services. Per our contractual agreement, Govenda agrees to maintain customer data that has not been deleted by the customer or by any auto-purge jobs for the life of the subscription. Thirty (30) days after a customer subscription term has ended, Govenda will drop their database from the production system. Two weeks after this time, all backups will be purged from the database backup system.  

If you have never been a customer or registered end-user of Govenda, but have consented to receive marketing inquiries or other information, we may store your data until requested by you to delete the data. 

Your Rights if You are a User or Visitor in the European Economic Area 

Govenda is committed to ensuring that you have control and visibility to your personal data. Below is a summary of your rights and additional commitments from Govenda. You may exercise your rights by contacting us at [email protected]. 

Right of Access 

You can request a copy of the personal data we hold about you. 

Right to be Forgotten 

You have the right to request that your personal data be deleted in certain circumstances including: 

• The personal data are no longer needed for the purpose for which they were collected; 

• You withdraw your consent (where the processing was based on consent); 

• You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below); 

• The personal data have been unlawfully processed; or 

• To comply with a legal obligation. 

However, this right does not apply where, for example, the processing is necessary: 

• To comply with a legal obligation; or 

• For the establishment, exercise or defense of legal claims. 

Contact [email protected] to exercise this right.  

About 

Your Choices 

Our site does not respond to Do Not Track signals in your browser. 

You may be able to block cookies via your browser settings, but this may prevent access to certain features of the website. 

By using Govenda Services, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes. 

Monitoring and Enforcement 

Govenda monitors compliance with its privacy policies and procedures and has procedures in place to address privacy related complaints and disputes from employees, customers and vendors. Any questions or concerns should be directed to the information provided in the Contact Us section of this policy. 

Changes 

Govenda has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our site, revise the updated date at the bottom of this page and send you an email. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications. 

Contact Us 

BoardBookit, Inc., d/b/a Govenda, located at 900 Parish Street, Suite 102, Pittsburgh, PA 15220, is the controller responsible for the collection, use, and disclosure of information under this Privacy Policy. If you have any questions, comments, requests, or concerns about our processing activities, please email us at [email protected].  

You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details under https://edpb.europa.eu/about-edpb/about-edpb/members_en 

Cookie Policy 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 

The table below explains the cookies we use and why. 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 

The table below explains the cookies we use and why. 

  

Service	Cookies	Description & Privacy Policy
Govenda Applications	1.themeSetting  2. lastaccessed_adminXXXX  3.  lastaccessed_clientXXXX  4. token  5. sessionUserName  6. .ASPXAUTH  7. Username	1.  ID for remembering browser theme setting for light/dark mode  2.  The XXXX in the title represents the users id. The cookie itself stores a company id they most recently accessed. This is for remembering most recently viewed company — this cookie is unique to the admin website.  3.  The XXXX in the title represents the users id. The cookie itself stores a company id the most recently accessed. This is for remembering most recently viewed company — this cookie is unique to client website.   4.  Tires the current signed in users session token.   5.  Stores the currently signed in user email.   6.  A session ID used by Microsoft related to authenticated user sessions on our API.   7  These cookies are set when you check the “remember me” option and remembers your email address so you do not have to retype it every time you log in.
Google Analytics	_ga	Google Analytics is used to collect information about how visitors use Govenda Services. This cookie is used to distinguish users but is anonymous.   http://www.google.com/policies/privacy/
Microsoft	MUID   MR   SECHUID   SRCHD	We use Microsoft Bing Tracking to market our services.  https://privacy.microsoft.com/en-us/privacystatement
G2 Crowd	_cf_bm	Govenda advertises on G2Crowd and tracks the actions those users take on the Govenda site.  https://www.g2.com/static/privacy
X (formerly Twitter)	guest_id   ga   twitter_sess   guest_id_marketing   guest_id_ads   personalization_id	Govenda advertises on X and tracks the actions those users take on the Govenda site.  https://x.com/en/privacy
Zoominfo	visitorId	ZoomInfo is used to enrich information about users to the Govenda site.  https://www.zoominfo.com/about-zoominfo/privacy-policy
Linkedin	lang   lms_analytics  lms_ads   aam_uuid   s_cc   gpv_pn   li_sugr   liap   guid   s_ppv   s_pit   s_ips	Govenda advertises on Linkedin and tracks the actions those users take on the Govenda site.   https://www.linkedin.com/legal/privacy-policy
Doubleclick.net	DSID   IDE	DoubleClick is a Google advertising service used for ad targeting and measurement  https://policies.google.com/privacy
Facebook	sb   Presence   c_user   date   dpr	Govenda advertises on Facebook and tracks the actions those users take on the Govenda site.   https://m.facebook.com/privacy/explanation/
Hubspot	fbp   gci_au   hssrc   hubspotutk   cf_bm   hstc	Hubspot is used to send emails to customers and prospects.  https://legal.hubspot.com/privacy-policy

  

Google Integration Permissions and Access 

Govenda’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. 

During initial integration, Govenda will request permission from a user to have access to email, calendar, profile for profile picture, and tasks. Users may grant or revoke permissions to any or all services at any time. Core usage of Govenda is not contingent on granting access to a Google Account. 
 
Once permissions are granted, an access token is saved to the database for continuous access to the user’s account. This access token is used to update the user’s selected Google account services even if the user is not logged into Govenda. 

Profile Access 

If access is granted to the Google profile, Govenda will get the user’s profile picture, and save the link to the database. This link will then be used to download and save the image to Govenda’s file system if using the profile picture is enabled. 

Mail Permissions 

If access is granted to GMail, Govenda has access to create labels (folders), and filter rules to move any future emails from Govenda to that label. It also has access to see all folders that the user has, to select where emails sent by Govenda are placed. 

Calendar Permissions 

For Calendar permissions, Govenda has access to create and delete calendar events, create new calendars and see all calendars that a user has. Additionally, Govenda can view free/busy information on their main and integrated calendar by granting access to a service account to view that information. This service account may be used when a Govenda Admin user wishes to view availability of meeting attendees while scheduling a new meeting. 

Google calendar event ids are stored in Govenda’s database and are used for updates and deletes that may happen, and are created when the user is scheduled in a meeting. Govenda also has access to view all calendar names to assist the user with configuration of the Govenda Calendar integration. 

Tasks Permissions 

Govenda has access to create task lists, and tasks themselves. Govenda also stores the Google task list ids, and task ids for status updates, deletes, and updates that may happen on the Govenda system to synchronize related Google Tasks and Govenda Tasks. Tasks and task groups created by Govenda relate to individual meetings, votes and other reminders set by Govenda Admin users and assigned to the integration user. 

Other than free/busy information, Google data is not shared between users in the Govenda system. 

Microsoft Integration Permissions and Access 

During initial integration, Govenda will request permission from a user to have access to email, calendar, profile for profile picture, and tasks. Users may grant or revoke permissions to any or all services at any time. Core usage of Govenda is not contingent on granting access to a Microsoft Account. 

Once permissions are granted, an access token is saved to the database for continuous access to the user’s account. This access token is used to update the user’s selected Microsoft account services even if the user is not logged into Govenda. 

Profile Access 

If access is granted to the Microsoft profile, Govenda will get the user’s profile picture, and save the link to the database. This link will then be used to download and save the image to Govenda’s file system if using the profile picture is enabled. 

Mail Permissions 

If access is granted to Outlook, Govenda has access to create folders, and filter rules to move any future emails from Govenda to that folder. It also has access to see all folders that the user has, to select where emails sent by Govenda are placed. 

Calendar Permissions 

For Calendar permissions, Govenda has access to create and delete calendar events, create new calendars and see all calendars that a user has. Additionally, Govenda can view free/busy information on their main and integrated calendar by granting access to a service account to view that information. This service account may be used when a Govenda Admin user wishes to view availability of meeting attendees while scheduling a new meeting. 

Microsoft calendar event ids are stored in Govenda’s database and are used for updates and deletes that may happen, and are created when the user is scheduled in a meeting. Govenda also has access to view all calendar names to assist the user with configuration of the Govenda Calendar integration. 

Tasks (To-do) Permissions 

Govenda has access to create task lists, and tasks themselves. Govenda also stores the Microsoft task list ids, and task ids for status updates, deletes, and updates that may happen on the Govenda system to synchronize related Microsoft Tasks and Govenda Tasks. Tasks and task groups created by Govenda relate to individual meetings, votes and other reminders set by Govenda Admin users and assigned to the integration user. 

Other than free/busy information, Microsoft data is not shared between users in the Govenda system.