Here at Govly, we understand that before we can start arming you with actionable market and competitive insights, you must first entrust us with your data. As such, we consider privacy and security to be core to our platform, and protecting the confidentiality and integrity of your data is one of our foremost priorities. The following is a brief overview of our approach to safeguarding data and supporting privacy requirements.

Compliance

Govly’s security and privacy program is based on and aligned with industry-standard frameworks. Govly has achieved and maintains SOC 2 Type I compliance and is in process of achieving SOC 2 Type II by the end of Q1 2025. SOC 2 Type I compliance is a rigorous auditing process that covers important operations across the organization related to infrastructure, HR operations and policies, device management, incident response, vulnerability management, and third-party risk management.

The Data in Scope

Govly collects and aggregates publicly available data to generate our market, business, and competitive analyses and insights. We do not collect, nor require, any sensitive data to deliver these services. Govly only requires login credentials from the personnel that you authorize to access our service. This includes email and name. In addition to that, your authorized users have the ability to add their comments to intra-app workspaces, specific to your company. Your personal data is yours; Govly does not sell or rent any customer information or any information you enter into our Intelligence platform. For additional details, please refer to our Security Center.

Data Center Security

Govly’s production systems are hosted on AWS cloud services in the USA, replicated across multiple intra-region Availability Zones for data durability. AWS maintains state-of-the-art physical, environmental and utility controls, and operates in alignment with leading standards and certifications including ISO27001, ISO27017, SSAE-18 SOC-1, SOC-2, Fed Ramp Moderate.

Production System Security and Hardening

Govly’s production systems are deployed with sufficient compute/storage capacity and scalability to tolerate multiple system failures. They are deployed on elastically scalable compute infrastructure to ensure optimal performance and resilience. All systems are segregated using Virtual Private Cloud (VPC), security groups, and explicit Access Control Lists (ACLs) to control all system-to-system connectivity and access to the data. Servers are deployed using standard base-images configured to meet industry hardening best practices, and our development life cycle follows secure coding best practices including code check-in, code review, and testing through staging and deployment. All backend access to production systems is strictly controlled, and requires multi-factor authentication. Systems are regularly updated with relevant security updates and patches. Govly performs regular vulnerability scanning and penetration tests, and threat detection tools are used to continuously monitor for malicious activity and unauthorized behavior.

Network and Data Encryption

When you visit the Govly website, or use Govly’s portal, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. Additionally, our database stores your data, which is encrypted at rest using AES-256 encryption.

Product Security

Your administrators control all user access and privileges for your Govly organization’s account. Admin-managed Account Requests or default role settings for whitelisted domains. Additionally, Govly supports SAML-based Single-Sign-On (SSO) to further secure access and improve your user’s experience.