Privacy Policy

When you register, we collect your name, email address, and password. When you complete your company profile, we collect business identifiers including your legal name, EIN (Employer Identification Number), UEI (Unique Entity Identifier), CAGE code, DUNS number, entity type, business address, phone number, website, founding year, employee count, annual revenue, NAICS codes, certifications (SDVOSB, WOSB, 8(a), HUBZone), and FDA registration status.

To operate the platform, we collect and process SAM.gov opportunity data (including solicitation numbers, agency names, set-aside types, NAICS and PSC codes, contract values, and response deadlines), proposal content you create or import (including RFP text, technical approaches, pricing volumes, and compliance matrices), contract records (award amounts, performance periods, contracting officer details, and CPARS ratings), and purchase order records (PO numbers, delivery dates, fulfillment status, and invoice information).

We collect product information you enter into your catalog, including product names, descriptions, manufacturer part numbers, NSN (National Stock Numbers), FSC/PSC codes, GSA pricing, FDA clearance status, ISO certifications, and inventory levels.

We automatically collect browser type, operating system, IP address, pages visited, features used, session duration, error logs, and interactions with AI-generated content and recommendations. This data is used to improve platform performance and reliability.

If you contact us by email or through the platform, we retain the content of those communications and your contact details to respond to your inquiries and improve support.

We use your data to authenticate you, operate your account, run compliance tracking, score and rank SAM.gov opportunities against your catalog and certifications, generate AI-assisted proposal drafts, track contract performance, monitor order fulfillment risk, and deliver configured notifications (daily digest, compliance alerts, order risk alerts, and proposal updates).

To power AI features, your company profile, product catalog, and contracting data may be included in prompts sent to AI model providers. See Section 6 for details on AI data handling.

We use aggregated, de-identified usage data to understand how the platform is used, prioritize features, fix bugs, and improve AI recommendations. We do not use individual company contracting data to train shared AI models.

We process data as necessary to comply with applicable laws, respond to lawful requests from government authorities, enforce our Terms of Service, and protect the rights, property, or safety of GovEtract, our users, or the public.

We share data with trusted service providers who assist in operating the platform under confidentiality obligations. These include:

• Supabase — Cloud database and authentication infrastructure (United States)
• Vercel — Application hosting and edge compute (United States)
• Anthropic — AI model provider for Claude (United States) — used for proposal drafting, opportunity scoring, and compliance summarization
• OpenAI — AI model provider (United States, optional fallback)
• Resend — Transactional email delivery (United States)

Each provider processes data only as instructed by us and under applicable data processing agreements.

We may disclose your information when required by law, court order, or government request, or when we believe disclosure is necessary to prevent fraud, protect safety, or enforce our agreements.

If GovEtract is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you via email or platform notice before your data becomes subject to a different privacy policy.

We do not sell, rent, or trade your personal information or business data to any third party for their marketing or commercial purposes. This includes not sharing your contracting data with competitors or government contractor databases.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we limit how we process your data in certain circumstances.

To exercise these rights, contact privacy@govetract.com. We will respond to verified requests within 30 days.

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: The categories of personal information we collect, the purposes for collection, and the third parties with whom we share it.
• Right to Delete: Deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may submit a request to confirm this at privacy@govetract.com.
• Right to Correct: Correction of inaccurate personal information.
• Right to Limit Sensitive Data Use: We process sensitive business identifiers (EIN, UEI, CAGE) only as necessary to provide the service.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

If you are located in the European Economic Area or United Kingdom, we process your data under the following legal bases:

• Contract performance: Processing necessary to deliver the platform services you have subscribed to.
• Legitimate interests: Platform security, fraud prevention, and improving our service.
• Legal obligation: Compliance with applicable laws.
• Consent: Where we rely on consent (e.g., marketing communications), you may withdraw it at any time.

EEA/UK residents have the right to lodge a complaint with their local supervisory authority. For data transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

For EU/UK data processing inquiries, contact privacy@govetract.com. See our Data Processing Agreement for enterprise customers requiring a formal DPA.