Privacy Policy
Last updated: April 16, 2026
1. Who We Are
Agonist Development AB ("we", "us") operates governancer.com. Registered in Sweden. Contact: privacy@governancer.com
2. What Data We Collect
| Data | Purpose | Legal Basis (GDPR) | Retention |
|---|---|---|---|
| Email address | Send risk report, account login | Consent (quiz opt-in) | Until account deletion |
| Quiz answers | Calculate compliance risk score | Consent | Until account deletion |
| Company name (optional) | Personalize reports | Legitimate interest | Until account deletion |
| Payment data | Process subscriptions | Contract | Per Stripe retention policy |
| Usage analytics | Improve service | Consent (cookie banner) | Per PostHog retention |
3. Sub-Processors
| Service | Data | Location |
|---|---|---|
| Cloudflare (Pages, D1, R2) | All platform data | EU (Frankfurt) |
| Stripe | Payment data | EU + US (SCC) |
| Resend | Email addresses | US (SCC) |
| PostHog | Analytics | EU (Frankfurt) |
4. Your Rights (GDPR Articles 15-22)
You have the right to: access your data, correct inaccurate data, delete your data ("right to be forgotten"), export your data (data portability), object to processing, and withdraw consent at any time.
To exercise any right: email privacy@governancer.com. We respond within 30 days.
4a. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights. In Sweden: Integritetsskyddsmyndigheten (IMY). You may also contact the supervisory authority in your EU country of residence.
4b. Automated Decision-Making
Our risk assessment quiz uses automated scoring to calculate your compliance risk level. This is NOT a legally-binding decision — it is an informational assessment. You have the right to:
- Request human review of any automated decision
- Express your point of view on the assessment
- Contest the result — email privacy@governancer.com
The quiz does not make decisions that produce legal effects (GDPR Art. 22). Results are advisory only.
4c. Data Protection Contact
We have not appointed a formal Data Protection Officer (DPO) as we do not meet the criteria in GDPR Art. 37. For all data protection inquiries, contact privacy@governancer.com.
5. Cookies
We use essential cookies (session, A/B test variant) and optional analytics cookies (PostHog). You can reject analytics cookies via the cookie banner. Essential cookies cannot be disabled.
6. Data Security
All data encrypted in transit (TLS 1.3) and at rest. Access restricted to authorized personnel. We conduct regular security reviews.
7. Changes
We may update this policy. Changes posted here with updated date. Material changes notified by email.
8. Contact
Agonist Development AB
Email: privacy@governancer.com