Privacy Policy

Last updated: March 11, 2026

1. What We Collect

We collect only what's needed to deliver your contract digest:

  • Account information: Email address and password (hashed, never stored in plain text).
  • Business preferences: NAICS codes, set-aside preferences, target states, company name, and digest delivery settings.
  • Usage data: Page views, feature usage, and email open rates, collected via PostHog analytics.
  • Payment information: Processed and stored by Stripe. We never see or store your full card number.
  • Trial status: New accounts receive a 14-day Pro trial. We track trial start and expiration dates to manage feature access.

2. How We Use Your Data

  • Match government contract opportunities to your profile.
  • Send daily or weekly digest emails based on your preferences.
  • Process subscription payments.
  • Improve the Service based on aggregated usage patterns.
  • Communicate service updates or changes that affect your account.

3. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication. Your account data is stored in Supabase's cloud infrastructure.
  • Stripe: Payment processing for Pro subscriptions. Subject to Stripe's Privacy Policy.
  • Resend: Email delivery for digest emails and transactional messages.
  • PostHog: Product analytics to understand how the Service is used. Data is anonymized and aggregated.
  • Vercel: Application hosting.
  • Groq: AI analysis provider. Solicitation text and NAICS codes are sent to Groq's API for bid analysis and opportunity summaries. Subject to Groq's Privacy Policy.

4. AI-Powered Features

GovConToday uses artificial intelligence to power several features including bid analysis, fit scoring, solicitation Q&A, and proposal outlines. Here is how we handle AI processing:

  • AI Provider: We use Llama 3.1 (via Groq) for AI-powered analysis.
  • What data is sent: Only public solicitation text from SAM.gov federal records is sent to the AI provider for analysis. No personal user data, company information, or account details are sent.
  • Data retention by AI provider: AI outputs are generated per-request. Groq does not store input prompts or output responses.
  • No training on your data: Your data is not used to train AI models.

5. Cookies and Tracking

We use essential cookies for authentication (keeping you signed in). PostHog uses a first-party cookie to track anonymous usage analytics. With your consent, we also use Google Ads conversion tracking to measure the effectiveness of our advertising. Google Ads cookies are only loaded after you accept our cookie consent banner. We do not sell your data to advertisers.

6. Data Retention

  • Account and preference data is retained for the life of your account.
  • Digest send history is retained for 90 days, then archived.
  • Upon account deletion, all personal data is permanently removed within 30 days.

7. Your Rights

You have the right to:

  • Access, update, or delete your personal data at any time from your dashboard.
  • Export your profile and preference data.
  • Opt out of analytics tracking.
  • Request a copy of all data we hold about you.

To exercise any of these rights, email support@govcontoday.com.

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and role-based access controls. Payment data is handled entirely by Stripe and never touches our servers.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email. The "last updated" date at the top reflects the most recent revision.

Contact

Privacy questions? Email us at support@govcontoday.com.