Privacy Policy

1. Introduction

INVIGOV, a product of INVIGOV LLC, a Texas limited liability company and wholly-owned subsidiary of Soventi Holdings Inc., a Delaware corporation, ("we," "us," or "our"), operates the invigov.com platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to the practices described in this Policy.

2. Information We Collect

2.1 Personal Information

When you register for an account or use the Service, we may collect:

• Name and email address
• Business name and workspace information
• Federal registration identifiers — EIN, CAGE code, and UEI number
• NAICS codes and business classification data
• FAR/DFARS representations and certifications responses

2.2 Banking Information for EFT Authorization

For users completing a SAM.gov registration workflow, we collect banking information — including routing number and account number — solely for the purpose of generating the EFT Authorization Letter required by the U.S. General Services Administration. This information is:

• Encrypted at rest using AES-256-GCM encryption
• Used exclusively for SAM.gov registration purposes
• Never used for payment processing, billing, or any secondary purpose
• Never shared with any third party other than as required for SAM.gov submission

2.3 Automatically Collected Information

When you use the Service, certain information is collected automatically:

• IP address and browser type
• Usage data and access timestamps
• Device information
• Session data and page interaction events collected via cookies or similar tracking technologies (see Section 10)

3. Data Security

We implement the following security measures to protect your data:

• AES-256-GCM encryption for sensitive fields including EIN, routing numbers, and account numbers
• Bcrypt password hashing for account credentials
• JWT-based authentication with short-lived access tokens
• Stripe PCI-compliant payment processing — we never store your credit card information
• Signed URLs with expiration for all document downloads
• Cloudflare R2 encrypted document storage with access-controlled retrieval

No security system is impenetrable. While we maintain industry-standard protections, we cannot guarantee absolute security of your data.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain the Service, including the SAM.gov registration workflow
• To generate required compliance documents (PDF format)
• To send compliance deadline notifications and renewal reminders
• To process payments through Stripe
• To maintain audit logs for compliance and security purposes
• To respond to your inquiries and provide customer support
• To monitor and improve platform performance and reliability

5. Data Sharing

We do not sell your personal information. We do not share your data with advertisers or data brokers. We may share data only with the following service providers, strictly for the purposes described:

• Stripe — payment processing (PCI-compliant; governed by Stripe's Privacy Policy)
• Cloudflare — document storage via Cloudflare R2 (encrypted at rest)
• Resend — transactional email delivery (renewal alerts, account notifications)
• Sentry — application error monitoring (configured to minimize personal data capture; error logs are reviewed solely for platform stability purposes)

We may also disclose your information if required by applicable law, legal process, or governmental request, or to protect the rights, property, or safety of INVIGOV, our users, or the public.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Generated compliance documents are stored securely in Cloudflare R2 for the duration of your account.

You may request deletion of your account and all associated data by contacting support@invigov.com. We will process your request within 30 days. Deletion includes removal of your personal information from our active database and queued removal from Cloudflare R2 document storage. Certain audit log data may be retained for a limited period where required by law or legitimate business necessity.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete information
• Deletion — request deletion of your personal information (subject to legal retention requirements)
• Portability — request your data in a structured, machine-readable format
• Objection — object to certain processing activities
• Withdrawal of consent — withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, contact us at support@invigov.com. We will respond within 30 days.

8. California and International Users

8.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@invigov.com.

8.2 International Users (GDPR)

INVIGOV is currently operated for users in the United States. If you are accessing the Service from outside the United States — including from the European Union, Nigeria, or the UAE — please be aware that your information may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. As our service expands internationally, we will update this Policy to address applicable international data protection requirements, including the EU General Data Protection Regulation (GDPR) where relevant.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected such information, please contact us at support@invigov.com.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain session state, authenticate users, and monitor platform performance. The types of cookies we use include:

• Essential cookies — required for authentication, session management, and platform functionality. These cannot be disabled without affecting your ability to use the Service.
• Analytics cookies — used to understand how users interact with the platform for the purpose of improving performance and reliability. No personally identifiable information is shared with analytics providers.

You may configure your browser to refuse cookies, but this may affect certain platform features.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, notify registered users by email. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@invigov.com
• Platform: invigov.com/contact