Got AI Policy
GAIP · Canada AI Policy Registry

Privacy Policy

Last updated: April 22, 2026

GAIP (Got AI Policy) is a public registry of AI governance policies across Canadian municipalities and organizations, maintained by CivicPlay.ai. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using gaip.lovable.app (the “Site”), you agree to this policy.

1. Information we collect

Account information. If you create a free GAIP account, we collect the email address and password you provide. Passwords are stored in hashed form by our authentication provider; we never see or store them in plain text.

Profile information (optional). On your settings page you can add a full name, organization, role/title, and a short bio. These fields are optional and are stored only against your own account. Profile data is private to you and is not displayed publicly anywhere on the Site.

Account-linked data. When you use account features, we store:

  • Your shortlist (slugs and display names of organizations you favorite).
  • Your saved filters (the filter and sort state you choose to save, plus a name). If you choose to publish a saved filter, we generate an unguessable share token that anyone with the link can use to view the filter; you can disable sharing at any time, which invalidates the link.
  • Export logs (timestamp and row count of each CSV export, used to enforce monthly quotas).
  • Referral data: each account is assigned a unique referral code. If you sign up via another user's referral link, we record which account referred you so we can show that user a referral count. We do not share referred users' identities or emails with the referrer — only an aggregate count.
  • Optional onboarding preferences such as provinces of interest, stored locally in your browser.

Technical data. Like most websites, our hosting provider may log basic request information (IP address, user agent, timestamps) for security and reliability. We do not use third-party advertising trackers.

Public registry data. The directory contains information about public organizations and links to publicly available evidence. It is not personal data about you.

2. How we use information

  • To authenticate you and keep you signed in.
  • To provide account features: profile, dashboard, shortlists, saved filters, public filter sharing, referral links, and CSV export with quota enforcement (currently 10 rows per export and 3 exports per calendar month).
  • To operate, secure, and improve the Site.
  • To respond to your inquiries or submissions.

We do not sell your personal information, and we do not use it for advertising.

3. Sharing and visibility

Profile data is private. Your name, organization, role, and bio are visible only to you in your settings.

Shared filters are public to anyone with the link. If you choose to publish a saved filter, anyone holding the share URL can view its name and the filter criteria you saved (e.g. provinces, statuses, search text). The link does not expose your email, profile, or other saved filters. You can revoke sharing at any time from the saved filters page, which invalidates the link.

Referrals. When someone signs up using your referral link, we record the connection so we can show you a count of referrals. We do not share who they are with you, and we do not share your identity with them beyond the link itself.

4. Service providers

We rely on a small number of trusted infrastructure providers to operate the Site, including hosting, authentication, and database services. These providers process data on our behalf under their own security and privacy commitments. Your account data is stored in a managed database and protected by row-level security so that you can only read or modify your own records.

5. Cookies and local storage

We use cookies and browser local storage strictly to keep you signed in and to remember non-sensitive UI preferences (for example, onboarding choices). We do not use third-party advertising or cross-site tracking cookies.

6. Data retention

We retain your account information and account-linked data for as long as your account is active. You can delete your shortlist items and saved filters at any time from the relevant pages. To request full account deletion, contact us using the email below.

7. Your choices and rights

Depending on where you live (including under Canadian privacy laws such as PIPEDA and Quebec's Law 25), you may have the right to access, correct, or delete the personal information we hold about you, and to withdraw consent. To exercise these rights, email us at the address below. We will respond within a reasonable time.

8. Security

We use industry-standard safeguards including encrypted connections (HTTPS), hashed passwords, and row-level access controls. No system is perfectly secure; please use a strong, unique password for your GAIP account.

9. Children

GAIP is intended for a general professional audience and is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy as the Site evolves. Material changes will be reflected by updating the “Last updated” date at the top of this page.

11. Contact

Questions or requests about this policy? Contact CivicPlay.ai via civicplay.ai.

See also our Terms of Use.