Privacy Policy

Last updated: 6/21/2025

1. Information We Collect

Account Information: Email address, name, and authentication credentials via Firebase Auth.

Company Profile: Company name, CAGE code, DUNS number, capabilities, and certifications you provide.

Contract Search Data: Your search queries, viewed contracts, and saved searches.

AI Conversations: Chat messages and AI-generated responses for contract analysis.

Usage Analytics: Basic usage patterns to improve our service (via Vercel Analytics).

2. How We Use Your Information

  • Provide AI-powered contract search and analysis services
  • Maintain and improve our platform functionality
  • Send important service updates and notifications
  • Ensure security and prevent unauthorized access
  • Comply with legal obligations

3. Data Sharing and Third Parties

We share your data only with essential service providers:

  • OpenAI: For AI-powered contract analysis (data processed per OpenAI's privacy policy)
  • Supabase: For secure database storage and authentication
  • Firebase: For authentication services
  • Stripe: For payment processing (PCI compliant)
  • Vercel: For hosting and analytics

We never sell your personal information to third parties.

4. Data Security

We implement enterprise-grade security measures:

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encrypted database storage
  • Row-level security for complete data isolation
  • Regular security audits and monitoring
  • SOC2 compliance standards (pending certification)

5. Data Retention

We retain your data according to these guidelines:

  • Active Accounts: Data retained while account is active
  • Conversation History: Deleted after 2 years of inactivity
  • Search History: Deleted after 1 year
  • Deleted Accounts: Personal data removed within 30 days
  • Backups: Encrypted backups retained for 90 days

6. Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain data processing activities

To exercise these rights, visit Your Data Rights or contact us.

7. Cookies and Tracking

We use minimal cookies necessary for:

  • Authentication and security
  • Session management
  • Basic analytics (anonymized)

We do not use advertising cookies or sell tracking data.

8. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect data from children.

9. International Data Transfers

Your data may be processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

10. Changes to This Policy

We may update this policy periodically. We'll notify you of significant changes via email or platform notification.

11. Contact Us

For privacy-related questions or concerns:

Email: privacy@deployforward.com

Address: DeployForward, Privacy Office
[Your Business Address]

Data Protection Officer: dpo@deployforward.com