Privacy Policy — GovConFlow

1. Information We Collect

GovConFlow is operated by CIWOLAR, a company incorporated in the Netherlands (Sean Macbridestraat 88, 1102 JW Amsterdam). This policy describes how we collect, use, and protect your personal data.

Account Information: When you sign up, we collect your email address, password (hashed), and business profile information (NAICS codes, set-aside certifications, annual revenue range, state).

Usage Data: We collect anonymized product analytics (pages visited, features used, contracts saved) through PostHog to improve the product. We do not sell this data.

Payment Data: Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank details, or other payment credentials on our servers.

2. How We Use Your Information

We use your information to:

Match you with relevant federal contract opportunities based on your business profile
Calculate personalized Bid Scores
Generate AI-assisted proposal drafts
Send email notifications about matching opportunities, market shifts, and account updates
Improve the product through anonymized usage analytics
Process subscription payments through Stripe

3. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) policies ensuring users can only access their own data. All data is encrypted in transit (HTTPS/TLS) and at rest. We use Supabase Auth for secure session management.

4. Third-Party Services

We share limited data with the following third parties, solely to operate the Service:

Supabase — Database hosting and authentication
Stripe — Payment processing
Resend — Transactional email delivery
PostHog — Anonymized product analytics
Vercel — Application hosting
OpenAI / Anthropic — AI-powered proposal generation. Your past performance data and solicitation content are sent to these providers solely for generating proposal drafts. This data is not stored by these providers beyond the API request and is not used to train their models.

We do not sell, rent, or trade your personal information to any third party.

5. Government Data

Contract data displayed in GovConFlow is sourced from publicly available federal databases (SAM.gov, USASpending.gov). This data is public domain and is not subject to this Privacy Policy.

6. Email Communications

We send transactional and engagement emails (weekly digests, contract alerts, account updates). You can manage your email preferences in your account settings, or unsubscribe from all non-essential emails using the link in any email footer.

7. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, your personal data is permanently removed within 30 days. Anonymized usage analytics may be retained indefinitely.

8. Your Rights

You may request a copy of your personal data, correction of inaccuracies, or deletion of your account at any time by contacting support@govconflow.com. We will respond to requests within 30 days.

9. Cookies

We use essential cookies for authentication and session management. PostHog uses first-party cookies for anonymized analytics. We do not use third-party advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions, contact us at support@govconflow.com.