Privacy Policy
Last updated: 2026-05-05. This page summarizes how GovAI handles personal and organizational data.
This is a summary policy. For the complete legal text, contact [email protected].
What we collect
- Account information — name, work email, role, agency or organization, and authentication identifiers from our identity provider.
- Procurement content — RFPs, vendor profiles, bids, contracts, compliance reviews, and supporting documents you upload.
- Operational telemetry — request logs, error reports, and audit events used for security, debugging, and compliance.
How we use it
Data is used solely to deliver the GovAI service: drafting and matching RFPs, running compliance checks, executing contracts and escrow flows, and supporting your authorized administrators. We do not sell personal data and we do not train shared models on your tenant content.
Retention & data subject rights
Procurement records are retained per FAR 4.805 and applicable agency policy. Upon authenticated request via the Settings page, users can export their personal data and request anonymization, subject to legal-hold and retention requirements.
Security
Data is encrypted in transit and at rest. Access is role-based, tenant-scoped, and audited. See our security overview for the controls and compliance posture.
Contact
Questions about this policy: [email protected].