PLAIN ENGLISH ANSWERS
Questions our clients ask us
If you're evaluating GovCheck AI — whether you're a defense contractor, healthcare system, IT firm, law firm, or research institution — here are the security questions your leadership will ask, answered directly.
01
Will any AI model be trained on what we send through this tool?
No. Documents you upload are used only to generate your compliance report — nothing else. We process your documents through Anthropic's Claude API under a zero data retention policy for API customers. Anthropic does not store or train on your inputs. Your documents are never used to improve any AI model, including ours.
02
Could one client's matter ever appear in another client's output?
No. Every compliance check is completely isolated. Your documents are processed independently and never stored in a shared context or used to inform another user's results. Each analysis starts fresh with zero connection to any other account. What you upload stays in your account only.
03
How do you measure your hallucination rate, and is the methodology public?
We require the AI to cite exact regulatory clause numbers for every finding — FAR 52.204-21, DFARS 252.204-7012, HIPAA 45 CFR 164.312, and so on. Every finding cites the exact regulatory clause it references — so verification takes seconds, not hours. We build citation requirements into every report precisely so you can trust and confirm each output. Think of GovCheck AI as your compliance expert doing the heavy lifting — you bring the professional judgment for the final sign-off.
04
What can my non-attorney staff do without attorney sign-off?
GovCheck AI is a compliance screening tool — not a legal advice tool. Non-attorney staff can safely use it to:
- Run initial compliance scans on incoming contracts and SOWs
- Generate preliminary gap reports for attorney review
- Flag documents that need priority attention
- Track regulatory changes across 25 federal frameworks
05
Who at your company can technically read what we send?
We'll be direct. GovCheck AI is founder-led. Documents you upload are transmitted securely via HTTPS to our encrypted cloud infrastructure, processed through our AI layer under a zero data retention policy, and the resulting compliance reports are stored in our secure database for 90 days so you can access, download, and share them from your dashboard. As founder, Mark Gipson has administrative access only. We do not review user documents and have no business reason to do so. We are working toward SOC 2 Type I certification in Q3 2026, which will formalize access controls, least-privilege policies, and audit logging across all systems.
06
Are you certified, or aligned with certifications? (Different things.)
Good distinction. Currently: aligned, not certified. Our infrastructure runs on enterprise-grade platforms that collectively maintain SOC 2 Type II certification, PCI DSS Level 1 compliance, and zero data retention policies across hosting, database, CDN, and payment processing layers. Our AI processing layer specifically operates under a zero data retention policy — your inputs are never stored or used for model training. GovCheck AI itself is actively pursuing SOC 2 Type I certification, targeted Q3 2026.
07
What's the audit trail when something goes wrong?
Every compliance check is logged with timestamp, user ID, document metadata, frameworks analyzed, and the full findings report generated. If a specific output is questioned we can retrieve the exact report. We do not store original documents after processing — only the report output. All reports are exportable as PDFs from your dashboard at any time. Enhanced audit logging is part of our SOC 2 preparation roadmap.
08
What happens to our data if you go out of business?
In the event GovCheck AI ceases operations we commit to:
- 90 days advance notice to all active subscribers
- Full export of all compliance reports in your account
- Secure deletion of all account data within 30 days of closure
INFRASTRUCTURE
Built on enterprise-grade infrastructure
Every layer of GovCheck AI — hosting, database, CDN, payments, and AI processing — runs on independently certified enterprise platforms.
🤖
AI Processing
Zero data retention policy — your documents are never stored or used for training
Zero Retention
☁️
Cloud Hosting
Enterprise-grade global edge hosting and deployment infrastructure
SOC 2 Type II
🗄️
Database
Encrypted database with row-level security and access controls
SOC 2 Type II
🌐
Network Security
Enterprise CDN with DDoS protection and DNS security
SOC 2 Certified
💳
Payments
We never store card data — all payments processed by certified provider
PCI DSS Level 1
OUR COMMITMENTS
What we promise
These aren't terms of service boilerplate. These are operational commitments we hold ourselves to every day.
No AI training on your data
Your documents are never used to train any AI model. Not ours. Not Anthropic's. Ever.
Documents deleted after processing
We store your compliance reports — not your original documents. They're deleted after analysis.
Complete account isolation
Your data never touches another account. No shared context, no cross-user analysis. Ever.
Your data is always exportable
Every report you generate is exportable as a PDF from your dashboard at any time.
90-day notice if we shut down
If GovCheck AI ever closes, we commit to 90 days notice and full data export before closure.
TLS 1.3 encryption in transit
All data transmitted to and from GovCheck AI is encrypted using TLS 1.3 at all times.
Still have questions?
Reach out directly. We respond to every security inquiry personally — no support ticket, no chatbot.