Privacy Policy

Who We Are

Govtract is an AI-powered government contracting platform operated by Adriel Hen, doing business as Govtract, based in New York. We help small businesses identify, evaluate, and bid on federal government contracts through tools including a live contract feed, AI-generated capability statements, bid preparation assistance, and document storage.

We are not a government agency. We are an independent software platform and are not affiliated with the U.S. General Services Administration, the Small Business Administration, SAM.gov, or any other federal body. Contract data displayed on our platform is sourced from publicly available government APIs and databases.

Information We Collect

We collect information in two ways: information you provide directly to us, and information collected automatically as you use the platform.

Information you provide:

• Account credentials — your email address and password when you create an account. Passwords are hashed and never stored in plain text.
• Business profile — your business name, state, industry, NAICS code, UEI number, certifications, years in business, employee count, and past contract experience. You provide this to enable contract matching and AI personalization.
• Capability statements — documents you generate using our AI tool, including the inputs you provide and the generated output. These are stored so you can access them later.
• Uploaded documents — files you upload to your Document Vault, such as licenses, insurance certificates, and certifications. These are stored securely in encrypted cloud storage.
• Saved contracts — federal contract listings you bookmark within the platform.
• AI conversation history — your full message history with Govtract AI and the Bid Prep Assistant, stored so you can reference past conversations.
• Waitlist submissions — if you submit your email to be notified about upcoming features, we store that email and the date of submission.
• Payment information — billing is handled entirely by Stripe. We never receive, see, or store your credit card details, bank account numbers, or any financial credentials.

Information collected automatically:

• Usage events — actions you take within the platform such as generating a capability statement, viewing a contract, starting a bid, or sending an AI message. This data helps us understand how the product is used and improve it.
• Feature usage counts — how many times you have used rate-limited features (e.g., AI messages, capability statements) to enforce plan limits.
• Error and performance data — technical errors and performance metrics collected via Sentry to help us identify and fix bugs.
• Session data — authentication tokens managed by Supabase to keep you signed in securely.

How We Use Your Information

• To create and manage your account and authenticate your identity.
• To personalize your experience — your business profile is used to match you to relevant contracts and to personalize AI assistant responses.
• To provide core platform features including the contract feed, capability statement generator, bid prep assistant, AI assistant, and document vault.
• To enforce usage limits associated with your plan (free or Pro).
• To process payments and manage your subscription through Stripe.
• To communicate with you about your account, subscription status, or important changes to the platform.
• To send feature announcements or product updates. You may opt out of marketing communications at any time.
• To monitor for abuse, fraud, or violations of our Terms of Service.
• To improve the platform by analyzing aggregated, anonymized usage patterns.
• To comply with legal obligations, enforce our agreements, and protect the rights and safety of our users and our business.

How We Share Your Information

We do not sell, rent, or trade your personal information to any third party. We share data only to the extent necessary to operate the platform with the following trusted service providers:

• Supabase — database hosting, authentication, and file storage. Your data is stored in Supabase's infrastructure with row-level security policies that restrict access to your own records only.
• Anthropic — the AI models that power the Govtract AI Assistant and Bid Prep Assistant. When you send a message, it is transmitted to Anthropic's API along with your business profile context to generate a response. Anthropic processes this data in accordance with their API usage policies.
• Stripe — payment processing and subscription management. Stripe handles all financial transactions. We receive confirmation of payment status but never the underlying payment details.
• Vercel — application hosting and content delivery. Your requests are routed through Vercel's infrastructure.
• Sentry — error monitoring. If an error occurs in the application, diagnostic information (which may include the page you were on and error context) is sent to Sentry to help us fix the issue. We configure Sentry to minimize the personal data included in error reports.
• SAM.gov API and USASpending.gov API — publicly available government APIs that we query to populate the contract feed and leaderboard. We send search parameters (such as NAICS codes) to these APIs but do not transmit your personal identity.

We may also disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or enforce our Terms of Service.

In the event of a merger, acquisition, or sale of Govtract, your data may be transferred to the acquiring entity. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

Data Storage and Security

Your data is stored on Supabase's infrastructure, which is hosted on AWS. Documents you upload to the Document Vault are stored in Supabase Storage with signed URLs that expire after 60 seconds, meaning they cannot be accessed without a fresh authenticated request.

We implement the following security measures:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Row-level security (RLS) policies on our database so that each user can only access their own records.
• Hashed passwords — we never store passwords in plain text.
• Environment variable management — API keys and secrets are stored as environment variables, never hardcoded.
• Regular security audits of API routes with authentication middleware on all protected endpoints.

No method of transmission over the internet is 100% secure. While we take commercially reasonable measures to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If you suspect unauthorized access to your account, contact us immediately at govtract@gmail.com.

Data Retention

We retain your personal data for as long as your account remains active. Specifically:

• Account and profile data is retained until you request deletion of your account.
• Capability statements and AI conversation history are retained until you delete them or close your account.
• Uploaded documents are retained in storage until you delete them from the Document Vault or close your account.
• Usage event data and aggregated analytics may be retained in anonymized form after account deletion for product improvement purposes.
• Payment and billing records are retained for as long as required by applicable tax and financial regulations, even after account closure.
• Waitlist email submissions are retained until the relevant feature launches or until you request removal.

Upon account deletion, we will remove your personal data from active systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.

Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access — you may request a copy of the personal data we hold about you.
• Correction — you may request that we correct inaccurate or incomplete data. You can update most profile information directly from the Settings or Onboarding pages.
• Deletion — you may request deletion of your account and associated personal data. We will process deletion requests within 30 days.
• Portability — you may request an export of your data in a machine-readable format.
• Opt-out of marketing — you may opt out of promotional communications at any time by contacting us at govtract@gmail.com.
• Restriction — in certain circumstances, you may request that we restrict the processing of your data while a dispute is being resolved.

To exercise any of these rights, email govtract@gmail.com with the subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before fulfilling your request.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Cookies and Tracking

Govtract uses session cookies managed by Supabase to keep you authenticated while you are signed in. These are strictly necessary for the platform to function and cannot be disabled without preventing login.

We do not use advertising cookies, third-party tracking pixels, or behavioral advertising technologies. We do not sell your data to advertisers. We do not display ads on the platform.

We may use privacy-respecting analytics in the future to understand product usage at an aggregate level. We will update this policy if and when we do.

AI and Automated Processing

Govtract uses AI models provided by Anthropic to power the AI Assistant, Bid Prep Assistant, and Capability Statement Generator. When you use these features, your inputs — including your business profile and conversation messages — are sent to Anthropic's API to generate responses.

You should not include in any AI prompt information that you consider strictly confidential or that you would not want transmitted to a third-party API provider. Do not share passwords, social security numbers, banking credentials, or other highly sensitive personal information in AI messages.

AI-generated outputs — including capability statements and bid guidance — are provided for informational purposes only. They do not constitute legal, financial, or professional advice. You are solely responsible for reviewing, editing, and submitting any documents generated by our platform. Govtract does not guarantee the accuracy or completeness of AI-generated content, and we are not liable for outcomes resulting from the use of AI-generated materials in government contract submissions.

Contract compatibility scores and bid recommendations are algorithmic estimates based on your profile data and publicly available contract information. They are not guarantees of eligibility or success.

Third-Party Links and Integrations

The platform may contain links to third-party websites including SAM.gov, USASpending.gov, and external contract listings. These sites are not operated by Govtract and are not subject to this Privacy Policy. We encourage you to review the privacy policies of any third-party sites you visit.

When you click "View on SAM.gov," you are directed to a U.S. government website governed by its own terms and privacy practices. We have no control over and assume no responsibility for the content, privacy policies, or practices of these sites.

Children's Privacy

Govtract is designed for use by adults operating or managing small businesses. We do not knowingly collect or solicit personal information from anyone under the age of 18. If we learn that we have collected personal information from a minor, we will delete that information promptly. If you believe a minor has created an account, please contact us at govtract@gmail.com.

New York Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of law principles. Any disputes arising from this policy shall be resolved in the courts located in Nassau County, New York.

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA). If you are a resident of the European Economic Area, you may have rights under the General Data Protection Regulation (GDPR). To exercise any such rights, contact us at govtract@gmail.com and specify your jurisdiction.

Disclaimer of Warranties

The platform and all content, tools, and AI-generated outputs are provided "as is" and "as available" without warranties of any kind, express or implied. Govtract does not warrant that the platform will be uninterrupted, error-free, or free of harmful components. Contract data is sourced from government APIs and may be incomplete, delayed, or inaccurate. We do not guarantee that any contract listed on our platform is currently open, accurate, or accessible.

Nothing on this platform constitutes legal advice, and we strongly recommend consulting a licensed attorney for matters related to government contracting compliance, certifications, and contract law.

Limitation of Liability

To the fullest extent permitted by applicable law, Govtract and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the platform, including but not limited to: loss of business, lost contracts, errors in AI-generated content, missed deadlines, or data loss. Our total liability for any claim arising under this policy shall not exceed the amount you paid us in the 12 months preceding the claim, or $100 USD, whichever is greater.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will notify you by email and/or by displaying a prominent notice within the application at least 7 days before the changes take effect.

Your continued use of Govtract after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you should discontinue use and may request deletion of your account.

The "last updated" date at the top of this policy reflects the most recent revision. We encourage you to review this page periodically.

Contact Us

For any privacy-related questions, requests, or concerns, contact us at: