Govex

Privacy Policy

How Govex collects, uses, and protects your information.

Last updated: 2026-03-12

Information We Collect

We collect the following categories of information when you use Govex:

Account Information: When you sign in through Microsoft Entra ID, we receive your name, email address, and unique user identifier. We do not collect or store your Microsoft password.

Tenant Data: When you connect an Azure tenant, we sync device information, user directory data, Windows Update policy status, and Autopilot enrollment data from the Microsoft Graph API. This data is stored in our PostgreSQL database and associated with your tenant.

Usage Analytics: We collect basic usage data such as pages visited, features used, and session duration to improve the platform. We do not use third-party tracking scripts or sell usage data.

How We Use Information

We use the information we collect to:

  • Provide and maintain the Govex reporting dashboard
  • Synchronize device, user, and policy data from your connected Azure tenants
  • Authenticate your identity and manage your session
  • Improve platform performance, reliability, and user experience
  • Communicate with you about service updates or issues affecting your account

We do not sell, rent, or share your personal information or tenant data with third parties for marketing purposes.

Data Storage and Security

All data is stored in PostgreSQL databases with encryption at rest. Sensitive values such as Azure client secrets are encrypted using AES-256-GCM before storage. All network communication uses TLS encryption in transit.

Server-side sessions are stored in the database with a 24-hour time-to-live and are invalidated on logout. We use read-only Microsoft Graph API permissions and never request write access to your Intune environment.

Access to production systems is restricted to authorized personnel only.

Third-Party Services

Govex integrates with the following third-party services:

  • Microsoft Graph API: Used to sync device, user, and policy data from your connected Azure tenants. Data is transmitted over HTTPS and subject to Microsoft's privacy policies.
  • Microsoft Entra ID (Azure AD): Used for authentication via OpenID Connect. We receive only the identity claims necessary to create and manage your account.

We do not use third-party advertising networks or sell data to data brokers.

Data Retention

Tenant data is retained for the duration of your active subscription. When you disconnect a tenant or cancel your account, associated data is deleted within 30 days.

Session data is automatically purged after 24 hours. Usage analytics are retained in aggregate form and do not contain personally identifiable information after 90 days.

Your Rights

You have the right to:

  • Access the personal and tenant data we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Withdraw consent for data processing at any time by disconnecting your tenants and closing your account

To exercise any of these rights, contact us at support@govex.app.

Contact Information

If you have questions about this privacy policy or how we handle your data, please contact us at:

Email: support@govex.app