Legal
Privacy Policy.
Last updated: July 11, 2026
What we collect
When you join a Governance Lab simulation we collect the simulation code, the display name and professional role you enter, and the governance decisions you make during the session. We generate a private participant token to sign your governance receipt. We do not require an account and we do not collect email addresses on the simulation-entry form.
No PHI, ever
Governance Lab is a simulation platform. It is not intended to receive, and must not be used to submit, Protected Health Information (PHI), patient identifiers, or any other confidential clinical or organizational information. Do not enter PHI into any field. If information is entered in error, contact us at the contact page so we can purge it.
How we use it
Participant identifiers and decisions are used to run the simulation, generate your executive Governance Receipt, and produce aggregated, de-identified insights for the hosting organization. We do not sell participant information and we do not use it for behavioral advertising.
How we protect it
Data is transmitted over TLS and stored with encryption at rest. Access is limited to Governance Lab personnel who require it to operate the platform. Retention is scoped to the life of the simulation engagement plus a reasonable audit window; organizations may request earlier deletion of their session data.
Cookies & analytics
Governance Lab uses only the minimal storage required to hold your participant token during a live session. We do not run third-party advertising trackers.
Your choices
You may request deletion of a participant record or organizational session data at any time by contacting us. Where applicable law (e.g., GDPR, CCPA) grants additional rights, we honor them.
Contact
Questions about this policy? Reach the Governance Lab team.