Legal
Privacy Policy
Effective July 9, 2026 · Last updated July 9, 2026
GovFiles is operated by BYOQ LLC, a Wyoming limited liability company (“BYOQ,” “we,” “us”). This policy explains what we collect, why, and what control you have over it. It covers govfiles.dev, our API, our documentation, and the GovFiles dashboard (together, the “Service”).
This policy covers two things: the account data we hold about you, our customer (sections 1–6), and the public business-registry records that make up the GovFiles dataset (section 7).
Scope. The Service is offered to users in the United States and this policy is written to US federal and state privacy law. We do not target the Service to the EEA, the UK, or Switzerland, and we do not offer GDPR-specific mechanisms.
1. Account information we collect
When you create a GovFiles account, we collect:
- Your email address — identifies your account and is where we send sign-in codes and billing notices.
- Optional profile details — your name, company, and intended use case, if you choose to provide them during onboarding.
- Federated sign-in identifiers — only if you choose to sign in with Google. We receive your email and basic profile information; we never receive your Google password.
- Account settings — such as your organization name, billing email, and alert preferences.
GovFiles accounts are passwordless: you sign in with a one-time code sent to your email, or with Google. We do not store a password for you.
API keys. API keys are stored in hashed form. We cannot recover a lost key — we can only revoke it and issue a new one.
2. Usage and API logs
We keep records of requests made to the Service so that we can meter billing, provide you with usage analytics, investigate problems, and prevent abuse. These records include the account and key that made the request, the endpoint called, the parameters supplied, the response status, the number of rows returned, and timing information.
3. Payments
Payments are processed by our payment provider, Stripe. Card details are entered directly on Stripe-hosted pages. BYOQ never receives, transmits, or stores your card number, expiry date, or security code.
We retain the billing records associated with your account — customer and transaction identifiers, amounts, credit quantities, purchase status, and links to your Stripe-hosted receipts — together with a ledger of the credits you buy and consume.
4. Cookies and analytics
Essential cookies. Signing in sets short-lived, secure, httpOnly
session cookies. They are strictly necessary — the dashboard cannot keep you signed in without
them. Your light/dark theme preference is stored locally in your browser.
Analytics. Our public marketing pages use a privacy-conscious product-analytics provider to count page views and interactions. Analytics are not loaded in the authenticated dashboard or in the API.
We serve no advertising, run no ad-network pixels, and do not track you across other websites. We do not engage in cross-context behavioral advertising.
5. How we use account information
- To operate the Service, authenticate you, and serve your requests
- To meter usage and bill you accurately
- To send you sign-in codes, receipts, balance alerts, and material service notices
- To debug, monitor reliability, and prevent abuse
- To comply with law and enforce our Terms of Service
We do not sell your account information, and we do not share it with third parties for their own marketing.
6. Your rights over your account data
Depending on your state of residence — California, Colorado, Connecticut, Virginia, Texas, and a growing number of others — you may have the right to access, correct, delete, or obtain a portable copy of the personal information we hold about you, and the right not to be discriminated against for exercising those rights.
Email hello [at] govfiles [dot] dev from your account email address and we will action the request. We aim to respond within 45 days. Closing your account removes your profile and settings; we retain billing records where tax and accounting law requires, and aggregate usage figures that no longer identify you.
7. The GovFiles dataset
The GovFiles dataset consists of business-entity filings replicated from the authoritative company registry of each of the 50 US states. These are public government records. They include company details and, as filed, the names and roles of the officers, directors, and registered agents associated with each entity.
The data comes directly from the state registry. We do not enrich it, buy it from data brokers, infer it, or combine it with consumer data. If a record is in GovFiles, the state published it.
US state privacy statutes carve public records out of the definition of personal information: under the California Consumer Privacy Act, for example, “personal information” expressly excludes information lawfully made available from federal, state, or local government records (Cal. Civ. Code § 1798.140(v)(2)). The registry data in GovFiles falls within that exclusion, and we license it on that basis.
Corrections
GovFiles mirrors the state registry, so the registry is where a record is authoritative. If GovFiles disagrees with the state’s record, email hello [at] govfiles [dot] dev with the entity name and state and we will correct it. If the state’s record is itself wrong, it must be corrected at the state; we will re-sync once it is. If you have a safety concern about information that appears in a filing, contact us and we will work with you on it.
8. Who we share information with
We rely on a small number of service providers to run GovFiles, each receiving only what it needs to perform its function: cloud hosting and database infrastructure, content delivery, payment processing (Stripe), transactional email delivery, optional federated sign-in, product analytics, and data warehousing for the registry dataset. A current list of our service providers is available on request.
We may also disclose information if compelled by valid legal process, to protect our rights or someone’s safety, or to a successor in a merger or acquisition — in which case this policy continues to govern the transferred data until you are told otherwise.
9. Retention
We keep your account profile and settings for as long as your account is open. We retain usage and request logs for as long as necessary to meter billing, provide analytics, secure the Service, and meet our legal obligations. Billing records are kept as long as tax and accounting law requires. Sign-in codes are short-lived and single-use. Encrypted backups are retained on a rolling basis, so a deleted record may persist in a backup for a limited period after deletion.
10. Security
Data is encrypted in transit and at rest. Credentials are held in a managed secrets store rather than
in code. API keys are stored only as hashes. Session cookies are httpOnly and
Secure. Access to production systems is limited to personnel who need it.
No system is perfectly secure, and we do not claim otherwise. If you believe you have found a vulnerability, please report it to hello [at] govfiles [dot] dev before disclosing it publicly. We will not pursue legal action against good-faith security research that respects user privacy and avoids service degradation.
11. Children
GovFiles is a business tool, is not directed to children, and is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has given us information, contact us and we will delete it.
12. Changes to this policy
We will update the “last updated” date above when this policy changes. For material changes that reduce your rights, we will email account holders at least 14 days before the change takes effect.
13. Contact
BYOQ LLC (Wyoming) · hello [at] govfiles [dot] dev
Privacy requests, removal requests, and security reports all reach us at that address. Please put “Privacy” or “Removal” in the subject line so we route it correctly.